The Asia Pacific region faces all kinds of sophisticated cyberattacks such as QSnatch, home network threats, finance-related phishing scams and attacks. In the circle of vulnerability are not just business organizations but also home networks.
According to a report bycloud company Akamai Technologies, Inc., 10-16% of organizations globally encounter command and control (C2) traffic in their network in any given quarter, indicating the possibility of an attack or breach in progress. In APAC, Akamai observed about 15% of affected devices reaching out to Initial Access Brokers (IABs) domains. These are cyber-criminal gangs who sell unauthorized access to breached networks to other cyber criminals, such as ransomware groups.
Read more: Multi-cloud management: Navigating complexity for seamless operations
According to Akamai’s data, between 10% and 16% of organizations globally encounter command and control (C2) traffic in their network in any given quarter. The presence of C2 traffic indicates the possibility of an attack in progress, or a breach, and threats range from information stealing botnets to Initial Access Brokers (IABs) who sell unauthorized access to breached networks to other cyber criminals.
As Asia Pacific continues to accelerate its evolution as a global hub for economic and digital transformation, it is thus no surprise that attackers continue to explore any way to attack enterprises for financial gain
Reuben Koh, Director of Security Technology and Strategy, APJ at Akamai
Reuben Koh, Director of Security Technology and Strategy, APJ at Akamai, says, “As Asia Pacific continues to accelerate its evolution as a global hub for economic and digital transformation, it is thus no surprise that attackers continue to explore any way to attack enterprises for financial gain. Akamai’s latest findings not only highlight the most prevalent attacks in each region, but also that multi-stage attacks have become a staple of the modern cyber landscape in our region.
“Threat actors are finding increased success when they work together or when they can combine various tools in a single attack. A C2 infrastructure is pivotal in the success of these attacks as they can be used for communication as well as to facilitate downloading a payload and the next-stage malware to move the attack onward,”
“It is crucial that organizations stay ahead of bad actors because of the detrimental impact that multi-stage attacks can have on their businesses. More than the immediate impacts of direct financial loss, and loss of customer confidence and trust, there is also the long-term costs to recover compromised infrastructure, such as legal, reimbursement and clean-up costs”.
QSnatch
According to the report, QSnatch has become the largest APAC botnet threat. This malware that specifically targets QNAP, a type of network attached storage (NAS) device used for backups or file storage by businesses, was by far the largest botnet threat in enterprise environments in APAC in 2022. Almost 60% of affected devices in APAC were infected with QSnatch, making this region second only to North America in terms of devices with QSnatch infections globally.
Highest Home Network Threats
Also, APAC suffers the highest home network threats globally. Already, an FBI report says that 40% of the devices on the market are unprotected. While attackers often have their sights on enterprises because it presents a bigger payoff when they successfully breach their networks, home users are often an easier and quicker target as their networks are not as secure as a corporate environment. Attackers are seeking to abuse not only traditional devices like computers, but also mobile phones and Internet of Things devices.
Read more: Data Privacy Day: Thou shalt not steal user data
According to Akamai’s data, APAC had the highest number of queries flagged in relation to the home network threats in the second half of 2022. The region had twice the number as compared to North America – the second most region with flagged queries.
In APAC, more than 350 million queries related to Pykspa were observed, a threat that spreads through Skype by sending malicious links to the affected users’ contacts. Its backdoor capabilities allow an attacker to connect to a remote system and execute arbitrary commands such as download files, terminate processes, and propagate through various means, including mapped drives and network shares.
Finance-Related Phishing Scams & Attacks
Phishing campaigns are also actively targeting financial brands in APAC to lure in unsuspecting consumer phishing victims. Akamai’s research found that over 40% of all phishing campaigns were focused on financial services customers, resulting in close to 70% of all victims suffering from finance-related phishing scams and attacks. This clearly indicates that attacks against financial services and their customers were highly effective in 2022.
It is unsurprising that we are seeing the rise of such attacks in our region, with Asia Pacific accounting for over 1.2 billion people accessing mobile internet services today, and with IoT spending forecasted to reach $436 billion in 2026. The continuing increase in mobile and smart device use and adoption in the region is likely to foreshadow the increase in such attacks, which requires home users to be on high alert to avoid falling victim to cyberattacks
“Beyond the personal consequences that home users face of potentially losing all their data when their networks are compromised, there are far more insidious consequences if their devices become part of a massive botnet with attackers mobilizing zombie devices to perform cybercriminal activities without the user’s knowledge, like spamming and even launching DDoS attacks against organizations,” said Koh.
“It is unsurprising that we are seeing the rise of such attacks in our region, with Asia Pacific accounting for over 1.2 billion people accessing mobile internet services today, and with IoT spending forecasted to reach $436 billion in 2026. The continuing increase in mobile and smart device use and adoption in the region is likely to foreshadow the increase in such attacks, which requires home users to be on high alert to avoid falling victim to cyberattacks,” he continued.
Advice to Business & Home Users
Following analysis of the DNS landscape, Akamai shares the following guidance to business and home users:
Remain proactive in ensuring optimal cyber hygiene practices for all your digital assets and users:
- Organizations should start by attaining visibility of all software and hardware assets and mapping out all critical vulnerabilities across every step of the organization’s data journey and the controls required to do so, such as DDoS protection, malware attacks and scrapping as well as lateral movement and exfiltration.
- Best practices include keeping all systems and software up to date, implementing Anti-Malware and Multi-factor Authentication and enforcing least privileged access for users and devices at all times. For larger organizations or those requiring more complex requirements, engage a specialist provider for help, but remain proactive in monitoring performance and for anomalous events concurrently.
Foster good security practices from home:
- Home owners should take proactive steps in securing all their devices by ensuring software updates are done regularly, installing Anti-Malware software and by using WPA2 AES or WPA3 encryption for their home WIFI networks. They should also be on high alert for any potential suspicious websites, downloads and messages via email or text message.
As the threat landscape widens to not just business organizations, but also home networks, it’s time to become savvier about all the devices we use at home and how to protect them.
