The rhythm of life among Southeast Asians was shaken by the sudden, sweeping changes last year. Despite the gloomy outlook, policies across SEA successfully compelled both the public and business sectors to shift gears quickly, step up their use of technology and go online for literally everything. Security experts from Kaspersky’s Global Research and Analysis Team (GReAT) gives us a lowdown on how cybercriminals took advantage of this year’s disruptive event and what the cybersecurity threat landscape appears to look like in 2021 in the region.
Just like the rest of the world, people in SEA have been forced to stay indoors, but the pandemic didn’t stop them from moving about, albeit digitally. A recent report showed that 40 million Internet users in Southeast Asia came online for the first time this year, many of which were from non-city areas in Malaysia, Indonesia, and the Philippines.
Southeast Asians, among the world’s most active Internet users, have always been digital but the adoption wasn’t as pervasive as when COVID-19 hit. Now with 400 million netizens that are nearly 70% of the region’s population, people and businesses are now practically doing everything online that even those who were previously digitally-averse had to jump in the online world.
This is where it gets critical because apart from old-time Internet users who, until now are still being educated on cyber hygiene, here comes the newbies who count among the most vulnerable to cyber threats.
A quick recap of Kaspersky’s monitoring throughout 2020 showed that the top cyberattacks in SEA were cryptomining, phishing scams, targeted ransomware, and DDoS (distributed denial of service). Not one of these attacks are new but these have been proven effective techniques as cybercriminals only need to tap into the weakest link --- the human factor.
In 2020, the region was struck with massive cyber attacks resulting to exposure of confidential data:
● Over 310,000 credit card details issued by top banks in Indonesia, Malaysia, the Philippines, Singapore, Thailand, and Vietnam, were involved in a data breach in March.
● In the same month, personal information of 91 million users of Indonesia’s largest ecommerce platform were leaked.
● In Thailand, 8.3 billion subscribers of the country’s largest mobile network were exposed in May.
● A Singapore-based online grocery platform suffered a data breach affecting 1.1 million accounts in October.
Cybercriminals also capitalized on people’s fear of COVID-19 and used healthcare as a bait for different attacks targeting medical equipment in countries where digital transformation has just begun. A government database with personal data of 230,000 COVD-19 test takers in Indonesia was breached in May. Meanwhile in Thailand, a hospital confirmed four years’ worth of patient records were affected by an attack in September.
“2020 however has seen an unparalleled adoption of technology, and an increase in attack surface that is ripe for potentially more successful breaches. Those who have been quick to come on board this transformation must also be just as vigilant to protect themselves. As always, social engineering remains to be one of the most effective attack vectors and just as much as technology, a strong focus on education and awareness is needed more than ever,” says Muhammad Umair, Security Researcher for Global Research and Analysis Team (GReAT) Asia Pacific at Kaspersky.
“We do not see anything changing so soon. People in our region will remain social and will always look for ways to be productive using technology. In the business world, we see that remote work will be practiced in most sectors even after the pandemic subsides. Now is the time to reflect on the lessons of 2020 and we recommend companies start creating a security strategy if there’s none, or revising the existing one to effectively adapt to the changing environment and protect the workforce,” says Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.
Kaspersky researchers list down key areas to watch out for in 2021 in SEA. Let’s take a look:
Under the new norm, the majority of sectors in the region have been increasingly going through a digital transformation in a race for survival. Schools are switching to remote learning, SMBs that never had online presence have started to build online store fronts, restaurants that never offered home delivery are left with no choice but to change their whole business model.
2020 has witnessed a drastic increase in the use of online payment services and transactions, as well as a growing number of potential victims have come online. We have already witnessed an increased number of phishing attacks on such victims in the first half of 2020 and this trend is expected to continue through 2021.
There were ample lures going around with a COVID-19 theme this year, and as the availability of vaccines draws closer, we might see similar lures incorporating vaccination themes as well.
Similarly, perimeter security is going to be one significant area of concern throughout 2021 as people continue to work from home, connecting to their corporate networks via VPNs.
The increased focus on remote working and reliance on VPNs opens up another potential attack vector: the harvesting of user credentials through real-world social engineering approaches such as voice phishing or “vishing” to obtain access to corporate VPNs. Another possibility is for attackers to accomplish their espionage goals without deploying malware in the victim’s environment.
Malaysia has recently stated that it will conduct re-elections once the pandemic has been overcome. Which if it follows through, should come to fruition some time in 2021. Vietnam is also planning to conduct its general elections in 2021, while the Philippines is scheduled to hold its national elections in 2022.
As highlighted earlier, COVID-19 pushed a large number of users to come online for the first time across the region. Malaysia reportedly has the highest social media penetration rate, followed only by Singapore and Thailand. It also has the second highest penetration rate of smartphones after Singapore.
In short, the whole region is quite ripe for potential disinformation campaigns, and Kaspersky researchers will undoubtedly see such tactics being increasingly employed by the various stakeholders as each country draws near to their elections in 2021 and onwards.
These stakeholders can potentially be both internal and external. More than that, due to an increased user base for social media and mobile devices, such campaigns are likely to see a much larger effect on opinions than was ever seen previously.
Indonesia had its general elections in 2019, and just this year we saw a breach where private information of voters were leaked online by a group of hackers. Just as some of these other countries are gearing up to collect updated information on voters during their upcoming elections, it is certainly not far-fetched that similar intrusion attempts might be made here as well.
2019 saw the introduction of 5G networks and this year, Kaspersky researchers saw a widespread adoption of 5G technology in mobile devices with hardware vendors like Apple updating their complete lineup to be 5G compatible.
Telecom operators in Southeast Asia have been trying to keep up with this technological evolution as well. Thailand, for one, specifically seems to have ramped up this adoption. This has been in part fueled by a need to support solutions like telemedicine to decrease contact following COVID-19 restrictions. This is only going to speed up in 2021, with other countries in the region following suit.
The way 5G has been designed is such that more of its operational functionality has been switched to software rather than hardware. This opens up various avenues for potential attack surfaces (the number of possible vulnerable points in a computer system where an attacker can get through), as generally software is considered more accessible and arguably easier to discover vulnerabilities for. It may only be a matter of time when researchers start to find potential software based flaws, and threat actors will definitely not be much behind, if not ahead.
The healthcare field as a cyber threat target is a worldwide trend. In previous forecasts, Kaspersky experts have projected an increase in attacks on medical equipment in countries where digital transformation in healthcare is burgeoning. In 2020, interest in medical research surged among cybercriminals specializing in targeted attacks, spurred by the development of the much anticipated COVID-19 vaccine and its potential significance for the global community.
All across the SEA region, there has been an increased push towards remote health monitoring solutions and online health consultations, motivated by the goal of reducing contact. This means an ever increasing number of patient data is coming online as well as the increase in attack surface throughout the health sector. According to Kaspersky researchers, this trend will continue through 2021. The new year may also see more attack attempts targeted towards this sector as new regulatory restrictions, new treatments and an increase in the number of potential victims continue to attract attention.
Kaspersky has been observing a reduction in ransomware attacks across the region recently. However, the cybersecurity company has been noticing ransomware threats becoming more dangerous, sophisticated, and targeted. The amount of money being demanded by ransomware groups has increased significantly.
A ransomware-related death, the first ever recorded, was witnessed in Germany this year where a patient had to be redirected to another hospital because of an ongoing cyber attack but ended up passing away before reaching the medical center.
While the ransom amounts being demanded are likely to continue to increase, we expect to see an increase in ransomware attacks, due to the sheer number of increased potential targets across the region and thus a reversal of the current trend in 2021.
More and more companies are incorporating clouds in their business models due to the convenience and scalability they offer. However, this is a relatively new attack surface which is increasing as more businesses come onboard. There might be a heightened number of breaches on such infrastructure if companies make rookie mistakes and do not deploy proper security measures and solutions which can often be the case for newer adopters.
Industrial Control Systems (ICS)
In the current year, Southeast Asia has been one of the worst hit regions in terms of ICS attacks as per several ratings. We are however seeing more focus from governments to curb such events.
Malaysia has dedicated RM1.8 Billion for its national cyber security strategy 2020-2024. Indonesia’s National Cyber Encryption Agency (BSSN) also seems to be actively improving its cyber resilience strategy by partnerships with countries such as Australia since last year.
Similarly, the Philippines has also adopted a strategy where it is partnering with the private sector for a more effective cyber defense. We might see the fruits of such initiatives come into play in 2021, with the aforementioned trend seeing a reversal.