PHUKET: What would the world be like without cybersecurity? According to Kaspersky Global Research & Analysis Team (GReAT) for the Asia Pacific (APAC)'s director, Vitaly Kamluk, a world without cybersecurity means giving a platform for criminals to utilise our data as there are no encryption, privacy, secrecy, access control, or integrity validation.
"Without cybersecurity, thieves will know your income, savings amount, the property you own, and travel plans. Your banking cards and account credentials from online services are also exposed to malicious users too," he said.
Speaking at Kaspersky's annual APAC Cyber Security Weekend recently, Kamluk said users need to mitigate the risk by leveraging existing securities we have today and understand how it monetises, how it helps our business, etc. Everything that goes out to the internet is no longer yours, so be careful with what you share.
"Today, cybersecurity is often an invisible part of our life which we take for granted, but we owe it almost everything we have achieved as a civilisation," he added.
Meanwhile, Kaspersky Asia Pacific's director and Global Sales and Network's vice president, Chris Connel said the importance of cybersecurity is parallel to our use and dependence on the internet which will only continue to increase in the coming years.
"We have seen, unfortunately so frequently, the possible aftermath when businesses, critical infrastructure, and even personal cybersecurity is overlooked. We hope that this increased awareness will translate to concrete actions for users, companies, and governments alike," he said.
PROTECTING APAC'S ANDROID AND IOS DEVICES
With APAC's adoption of mobile banking, Kaspersky warns of attacks on Android and iOS devices from Anubis Trojan.
During the event, Kaspersky's senior malware researcher for GReAT, Suguru Ishimaru unmasked the latest malware targeting iOS and Android users which are Anubis and Roaming Mantis.
Normally, mobile banking Trojans steal money from mobile users' bank accounts by disguising them as legitimate apps to entice users to install malware. And Anubis is one of them.
"Anubis is known for compromising hundreds of bank customers per campaign, proving that it's among the most active malware targeting Android users. Our recent findings show that cybercriminals have started implementing ransom functionalities. If this modification is successful, other malicious groups will copy the technique of stealing data and holding devices hostage. I expect to see more attacks in APAC due to cybercriminals' strong financial motivation'" he said.
Anubis is done by legitimate-looking and high-ranking malicious apps on Google Play, Smishing (phishing messages via SMS), Bian malware (another mobile banking trojan), and the takeover can steal personal information and identity, access private messages and login credentials, record sound, request GPS, disable play protect, lock the device's screen, etc.
Another threat is Roaming Mantis which targets Android devices and spreads malware via DNS (initially) and now smishing.
But its recent interest is in iOS users and they "smish" with short description messages and a URL to a landing page.
By opening the landing page, iOS users will be redirected to a phishing page like the official Apple website while the Wroba malware is downloaded on Android devices.
Once the victims put their credentials to the phishing website, it will proceed to the two-factor authentication (2FA) phishing website. Attackers will know of this.
SPAM EMAILS
Kaspersky's GReAT senior security researcher, Noushin Shabab discussed the spam threat in APAC on 'What if emails do not get opened?'
Malicious spam often poses a severe threat to individuals and enterprises alike.
Numerous mails sent out by spammers and cybercriminals usually aim to make money from small recipients, run phishing scams, spread malicious code onto recipients; computers, and more.
Shabab mentioned the factors of spam emails in APAC are its population, high e-services adoption, and the pandemic lockdowns.
"Since 2018, the number of malicious spam mails detected by our solutions has seen a gradual decline after its peak in 2019. This, however, does not equate to our mailboxes being cleaner and safer. Our constant monitoring of the current and new Advanced Persistent Threats (APTs) operating in the Asia Pacific showed that the majority of these notorious threat actors use targeted phishing called spearphishing to crack into an organisation's systems," revealed Shabab.
Meanwhile, an APT namely 'Sidewinder' has been using JS code with C2 server domains.
Known as Rattlesnake or T-APT4, it targets using spear-phishing emails containing RTF and OOXML files. They normally target military, defence, and law enforcement agencies, foreign affairs, IT, and aviation entities in Central and South Asia.
Also, they tend to have a sheer number, high frequency and persistence in their attacks, and a large collection of encrypted and malicious components in their operations.
Kaspersky suggests private and public companies install protective antiphishing solutions on mail servers and employee workstations while enterprises can utilise advanced security software for detecting APT attacks.
Shabab suggests governments define better spam regulations to curb the risks.
KIMSUKY APT ATTACKS
An active cyberespionage campaign titled 'Kimsuky' continues to show tactics to victimise North Korea-related entities.
Also known as Thallium, Black Banshee, and Velvel Chollima, it has been updating its tools and making it harder for security researchers and auto-analysis systems to acquire payloads.
Kaspersky GReAT's lead security researcher, Seongsu Park revealed that the group configured multi-stage command and control servers (C2) with various hosting services globally.
"From less than 100 C2 servers in 2019, Kimsuky now has 603 malicious command centres as of July this year which suggests that the threat actor is posed to launch more attacks, possibly beyond the Korean peninsula. Its history suggests that government agencies, diplomatic entities, media, and even cryptocurrency businesses in APAC should be on high alert against this stealthy threat," Park said.
In early 2022, Kaspersky's experts found another wave of attacks targeting journalists, diplomats and academic entities in South Korea.
The 'GoldDragon' cluster sends a spearching email of macro-embedded Word documents with each having different decoy contents related to geopolitical issues in the Korean peninsula.
Kimsuky also utilises the verification process and Kaspersky experts saw to this in topics like the "2022 Asian Leadership Conference" agenda, and an Australian diplomat's curriculum vitae.
To protect systems and networks from Kumsuky's tactics and techniques, Kaspersky suggests:
Full-context-based defence is the key
*Hit-and-run style defence never works
*Security teams and experts need to understand the full context of threats; it is advisable to have services that provide in-depth and real-time reports and analysis like Kaspersky Threat Intelligence Portal
*Diversify defence points
Cooperation with other industry
*Each sector has different sets of strengths and expertise
*Cooperation is essential to understand the multi-dimension of cyber threats in turn allowing better strategies against them