The more you connect to the internet, the greater the risk you attract criminal elements – particularly if you fall under two categories: successful online business or unprotected online business practice.
According to Check Point Research, cyberattacks in Asia-Pacific jumped 168% in 2021 compared to May 2020. Also, between April and May 2021 alone, the increase was 53%.
Table 1: Percentage difference in number of cyberattacks in May compared to previous months in 2021 by country
| Country | Growth in May 2021 | Average weekly attacks in May |
| Japan | 40% | 558 |
| Singapore | 30% | 792 |
| Indonesia | 25% | 3,311 |
| Malaysia | 22% | 986 |
| Taiwan | 17% | 2,523 |
| Australia | 15% | 452 |
| New Zealand | 13% | 606 |
| Philippines | 12% | 1,438 |
| Hong Kong | 7% | 590 |
| Thailand | 8% | 1,589 |
| South Korea | 5% | 589 |
| India | 1% | 1,749 |
The two most dominant forms of cyberattacks so far are Remote Access Trojan (RAT) and malware. Omiai, Japan’s most popular dating app, experienced a server hack that exposed the data of over 1.7 million people. The data of 180 million customers, 13TB’s worth, of pizza chain Domino’s in India have been found on the Darknet following a cyberattack following an attack in March 2021.
Malicious software or malware comes in many shapes and forms (of attack). The more destructive are built to steal, sabotage or conduct espionage. Historically phishing and DDoS attacks were popular channels of attack. SQL injection growth tends to follow the rise in the use of websites by businesses. However, in 2020, as businesses accelerated their shift to the cloud – both to engage customers and to continue operating remotely – ransomware attacks spiked.
Favourite tools of attackers in Asia
Paul Jackson, regional managing director and APAC cyber risk practice head at Kroll, says ransomware events were the main driver in the rise of cyber incidents in the region between 2020-2021. “Mostly we’ve seen Ryuk, Sodinokibi, and Mimikatz malware variants across the Asia Pacific region,” he called out.
Aaron Bugal, global solutions engineer at Sophos, concurred and cited Revil/Sodinokibi, Avaddon and Conti continuing as popular providers of these payloads. “Ransomware as a Service is on the rise, and all the cybercriminal gangs who use ransomware to extort payment from their victims are also stealing information in hopes of coercing you to pay,” he added.
Malware hotspots in APAC
According to Jackson, the greatest concentration of cases has been in Singapore, Hong Kong, and Australia. “However, in general, we are seeing a seeing a rise across all jurisdictions and all industry verticals,” he opined.
Bugal agreed to add that any location and anyone can be a victim of these attacks, merely being present on the internet is enough to draw the automated attention of these groups who are actively looking for gateway vulnerabilities and shortcomings in cybersecurity hygiene to exploit and gain a foothold within networks.
“When looking at the breakdown of verticals that fall victim to attacks, retailers, healthcare and education seem to be sectors largely impacted by cybercriminals. No one is exempt even if they claim to not touch certain industries, be prepared that they will,” he cautioned.
Trending in 2021-2022
Bugal said ransomware is often used as a means for victims to take notice of the real threat to businesses.
He described the process: There is a sharp rising trend in the theft of intellectual property that happens during the initial stages of the breach. Extortion through the encryption of data is declining as some organisations have realised the importance of business continuity and incident response planning and the ability to restore backups.
Jackson concurred and added that once inside threat actors deploy further tools to maintain a foothold and conduct reconnaissance to identify critical systems, data storage locations, and backups. Critical data is then exfiltrated and backups are destroyed prior to ransomware encryption execution.
“Crucially, threat actors will not only demand payment for restoration of the encrypted computer systems and data, but will also demand additional extortion payments in order ‘not’ to publicly release any sensitive information they have stolen during the attack,” he elaborated.
For Bugal, it is the theft of highly sensitive data, intellectual property and even customers’ personally identifiable information (PII) that is being held over the victim to further blackmail and extort them. “Cybercriminals are now turning to data theft as a primary objective to ensure their ransom demands are met, otherwise they will resort to selling and/or releasing this data on the open internet,” he added.
Sanjay Aurora, Darktrace’s APAC managing director, observed that the attack lifecycle is also getting faster. He described some ransomware attacks that take less than 2 days from initial intrusion to entire organisations being encrypted, and that data being stolen. These attacks will also hit when we are least prepared - such as over the weekend, or in the middle of the night.
Labelling it as a rise in ‘big game hunting’, Aurora lamented the inevitable – all businesses who can afford to pay a ransom will be targeted, including smaller, less prepared businesses and even critical national infrastructure. He says its just a matter of time.
“As attacks ramp up in speed, stealth and sophistication, we may see even hackers incorporate AI as part of their arsenal. To prepare for this eventuality, defenders must respond in kind. By leaning on technologies like AI that can act on behalf of humans, at machine speed, organisations can give themselves the resilience necessary to take the advantage – mitigating attacks before they have time to cause a crisis,” he concluded.
