Asia-Pacific has led digital transformation and technological innovation for many years. The threat of malware is more prevalent than ever. Organizations must adopt robust strategies to protect their networks and systems.
Malware, which includes malicious software like viruses, ransomware, and spyware, poses a serious threat to sensitive data in the APAC region. A successful malware attack may result in financial losses, damaged reputations, and compromised customer confidence.
APAC is at risk of malware attacks
Cybercriminals are constantly evolving and using sophisticated tactics to attack organizations in APAC. Therefore, APAC organizations must implement comprehensive strategies, including preventive, detective, and response measures.
IBM Security’s X-Force Threat Intelligence Index for 2023 shows that Asia-Pacific was most targeted in 2022. This is the second consecutive year the region has topped the charts. The region accounts for 31 percent (a five-percent increase over 2021) of all global incidents.
IBM Security discovered that Japan accounted for 91 percent of all APAC attacks. The Philippines accounted for five percent of attacks in the region, while Australia, India, and Vietnam each accounted for 1.5 percent.
Backdoor Attacks were the most popular method of attack for cybercriminals in APAC. They occurred in 31 percent of cases throughout the region. Ransomware ranked second with 13 percent. Malicious documents (mallocs), which accounted for 10 percent, occupied the third place.
The impact of malware on brand reputation was the most significant, at 22 percent. Data theft ranked third at 19 percent.
APAC malware attacks
In February 2023, cyber security company Symantec discovered a malware campaign that targeted entities in Asia’s medical and shipping sectors.
The attackers, named by Symantec as ‘Hydrochasma,’ used various phishing lures documents tailored to the victims’ organizations. Email subject lines were carefully designed to be relevant to the target.
The Hydrochasma campaign began in October 2022. The malware used by the attackers included commonly used tools like Meterpreter Sysinternals Procdump, BrowserGhost, and Cobalt Strike.
Symantec notes that the absence of customized malware in the campaign was notable, as “publicly-available tools can make an attack stealthier while also making it more difficult to attribute.”
APAC organizations fight back against malware
Some APAC organizations have taken decisive actions in response to such threats and attacks.
In autumn 2022, Singapore Telecommunications suffered a double blow when two cyber-attacks attacked its Australian subsidiary Optus within weeks. This compromised data of millions of customers, former employees, and clients.
Singtel’s CEO Yuen Kuan Moon responded by immediately setting aside A$140m for the problem.
He told CNBC that funds would be used for an independent external review, to provide credit monitoring services to affected customers, and to replace identification documents when necessary.
The CEO said, “We work with federal and state governments to address concerns and learn from them. We then share these learnings with business and the public in order to improve cyber-awareness.”
Cybersecurity recruitment and training in APAC
Cyber security is a priority for other APAC organizations. Rakuten, a Japanese tech giant, is focused on developing future cybersecurity professionals.
Under the guidance of Yoshinari Fujimoto, CISO advisor and general manager of Rakuten Group’s cyber security defense division, the company partnered with the Tokyo Institute of Technology. This resulted in an annual cyber attack and defense program based upon practical cyber security expertise from a real-world security team.
Rakuten’s cyber security department offers an internship program that allows students to explore career options in cyber security. According to the (ISC2)2 cyber security workforce study, APAC’s demand for cyber professionals is rising. The report revealed that 71% of APAC respondents expect their cyber security staff to increase next year.
APAC organizations are also preparing their staff to deal with malware threats and prepare themselves for future breaches. In a Statista study conducted in Asia-Pacific in 2022, 68 percent of respondents chose regular training as their primary measure to combat cyber incidents. Meanwhile, 52 percent of participants purchased cyber insurance as an immediate response.
Protection against malware in APAC
Meanwhile, several tech giants have taken significant steps to assist APAC companies in addressing the need for increased cyber security.
IBM will open a new command center for cyber security in India by 2022 to help Asia Pacific organizations improve their cyber resilience.
Microsoft released several new products in the past year to improve security for hybrid work environments throughout APAC.