23 November 2014

Asia Pacific to see more cyberattacks in 2015

An annual prediction report from cybersecurity leader Trend Micro reveals that retail and financial institutions outside of the US will be increasingly targeted by cybercriminals in 2015.

Trend Micro Security Predictions for 2015 and Beyond: The Invisible Becomes Visible says that in 2015 there will be a rise of targeted attack campaigns across the Asia Pacific (APAC) region. Such attacks focus their efforts on infiltrating a specific organisation. 

Noteworthy cases in the US and China show that targeted attacks have become the preferred means of intelligence gathering for cybercriminals. The motivations behind these campaigns include obtaining financial information, personal data, top secret classified government data, and intellectual property (IP) such as industry blueprints. 

Trend Micro threat defense experts have already noted attacks against organisations in Vietnam and India, and recently in Malaysia and Indonesia. Attacks in other APAC countries can be expected. In particular, social media will increasingly be abused as infection vectors. Social media can be used to carry suspect links, and also as a reference to personalise the content used to dupe a user into visiting a malicious site or downloading malware.

“What we are seeing today is not a huge surprise. Cybercriminals have increased their velocity and the brutal measures they use to steal information,” said Dhanya Thakkar, Managing Director, Asia Pacific, Trend Micro. “Following the success of targeted attacks from Chinese and Russian cybercriminals, many attackers from other countries will regard cyberattacks as a more practical method to grab a foothold in an organisation.”

Trend Micro Security Predictions for 2015 and Beyond: The Invisible Becomes Visible makes several predictions for 2015:

Targeted attacks will become as prevalent as cybercrime.
A security threat could focus on getting 'command and control' access, such as issuing a command to the hard disk to destroy itself, criminal purposes, hacktivism, espionage, or just destruction. 

David Siah, Singapore Country Manager, Trend Micro likened network protection to Mentos, a popular candy with a hard exterior and a chewy interior. While enterprises invest in hardening the external perimeter, the network inside is still 'soft'. "If someone wants to get in, he will get in, and can do anything within the castle walls," he said. 

Attacks will target Android
The increased adoption of mobile devices will also increase the risk for mobile users. Android—the top mobile platform in APAC, making up an average of 71% of total impressions—has a fragmentation problem. This means the mobile device user has to rely on the device provider to protect the software.

Cybercriminals can take advantage of this fragmentation problem by developing exploits for existing device vulnerabilities that have not yet been patched. This can be done easily using exploit kits similar to the infamous Blackhole Exploit Kit.

Trend Micro also found that companies still believe that they are unlikely to be targeted, or that trusted environments are safe. A survey by Trend Micro found that 35% of companies in APAC are sure they have escaped attacks, whereas more than a quarter (26%) actually said they do not know. The remainder either suspect, or know that they suffered breaches.

The reality is that more malicious detections were detected and blocked in Singapore over Q314 than in Q214. Siah said that in Q3, than 7 million attempts were made by Singapore-based users to access malicious websites, with 611,000 attempts trying to get to malicious URLs hosted in the country.

Siah highlighted that common malware like WORM_DOWNAD.AD, codenamed 'Conficker', are still making it to the top 10 in Singapore, implying that Singapore users are not updating their systems regularly, or using an operating system that is no longer supported by Microsoft, such as Windows XP. 

A vulnerability termed CVE-2012-0158 is a favourite means of attack, followed by CVE-2010-0188. The first was discovered in 2012, and the second in 2010, Siah added, showing that victims have not patched their systems against them since 2012 and 2010 respectively. 

Microsoft Office accounts for 53% of targeted attacks, and another 46% are through Adobe Reader. "We live so much with documents today. If there is an attachment I might just click on it, it could present itself as a legitimate document that talks about my work, or a report about the industry that I'm very interested in," noted Siah. 

While lax user practices help the online cybercriminal community, and well-known malware like Zeus is offered free to the community, it may seem like updating systems regularly will be enough protection; but Siah said such updates depend on bugs to be publicly announced by others, after which 'signatures' can be created to detect them. This leaves a window of opportunity in between the announcement of the bug and the availability of the patch for cybercriminals to target users. 

In addition, known vulnerabilities are just the tip of the iceberg. Existing bugs like Shellshock were only announced after decades, while malware can mutate to the point where they are essentially signatureless. "Traditional cybersecurity defences cannot detect such signatureless threats," Siah warned. "Exploiting a vulnerability will be as easy as creating an app."

It is a global problem, even if targeted attacks used to be associated only with countries like US or Russia, Siah further said. Trend Micro is aware of gangs in Brazil and China, and while the cybercriminals may base their operations in one country, they could be connected by the Internet to anywhere else in the world. 

Siah shared that Trend Micro sensors have found that attacks in APAC range across Taiwan, Japan, Indonesia, mainland China, Malaysia, the Philippines and Bangladesh, with Singapore being a relatively minor target. "If a US company has a Taiwan subsidiary, the attackers could go to the subsidiary and once they have gained control of the Taiwan servers they could then jump internally from country to country till they reach the main HQ," Siah pointed out. 

Users should expect that at least one of their accounts, whether on web services or online portals, will be compromised. The prevalence of social media usage in APAC – with about 970 million active social media users – will make users in the region viable targets. Given the predicted increase of attacks next year, cybercriminals will have more opportunities to steal user credentials. As a result, Trend Micro advises users to be more diligent when it comes to password use and online security.

Click here for the full report.