Advanced scams, data breaches, crypto and NFT attacks imminent in Southeast Asia: Kaspersky
HCM CITY — More data breaches by unidentified attackers, increasing advanced scams, and more attacks on cryptocurrency businesses and the non-fungible token industry are among the top trends to look for in 2022 in Southeast Asia, according to global cybersecurity firm Kaspersky.
The region, like the rest of the world, is gearing up for a year of recovery after two years of COVID-19 with companies and individuals ready to return to normalcy, and authorities putting in place policies for returning to office, school and travel.
But as seen last year, cybercriminals can target a variety of industries like airlines, hospitals, banks, telecom, and e-commerce, universities, government websites and even social media giants through sophisticated means.
Experts from Kaspersky’s Global Research and Analysis Team (GReAT) spelled out major trends to look out for this year to give organisations and individuals a compass to navigate the shifting cyberthreat landscape and secure the recovery phase.
They said the pandemic coincided with the rise of targeted ransomware attacks focusing on the most valuable targets as well as interruption-sensitive businesses.
With strong international cooperation and multiple task forces to trace ransomware gangs, Kaspersky experts believe the number of such attacks will decrease in 2022.
But advanced scams and social engineering may be on the rise this year, they said.
The number of scam reports keeps increasing year after year. The attackers resort to non-technology focused attacks, exploiting human vulnerabilities, involving all sorts of scams via SMS, automated phone calls, popular messengers, social networks, and so on.
In Thailand nearly 40,000 people were scammed with their bank accounts and credit cards showing inexplicable transactions.
Scammers also used fake bank websites to steal banking details of Malaysians last year and impersonated top e-commerce platforms in Việt Nam to trick users into sending money.
Vitaly Kamluk, director of GReATfor Asia Pacific, said, “This trend is fuelled by automation of some services, such as automatic dialling and automatic initial message delivery with expected follow-up action that triggers manual human-driven scam operation.
“We believe this trend will develop further in future, including production of victim-tailored documents, images, deep fake videos, and voice synthesis.
“It is possible that there will be a shift back from computer-assisted crime schemes (scams) to pure cybercrime based on complete compromise of digital assets (user accounts, smartphones, personal computers). It is likely we will see the first attempts at such technically advanced scams in 2022.”
The experts also predicted more data breaches by unidentified attackers.
Kamluk said: “In recent years we observed that in many cases of data breaches the victims were neither able to identify the attackers nor find out how they got compromised. Although it has always been a challenge to identify the attacker and the source of the breach, the percentage of such cases has increased significantly in the past two years to over 75 per cent according to our research.”
Kaspersky experts said it is not only a symptom of the serious challenges that cyber defenders face, but also a motivational factor and a signal for other passive cybercriminals to rush into data theft and illegal trading.
“As a result, we shall see more databases, internal communications and personal details stolen from various companies and traded on the black market.”
The company also expects a larger wave of cryptocurrency and NFT (non-fungible token) industry attacks this year.
By observing cutting edge attackers with large human resources such as Lazarus group and its sub-group, BlueNoroff, Kaspersky researchers concluded that “we shall expect an even more significant wave of attacks on cryptocurrency businesses.”
Even the growing industry of NFT will be targeted by cybercriminals due to the fact that countries in Southeast Asia are leading in terms of NFT ownership, they said.
“From direct attacks on employees of cryptocurrency start-ups and exchanges through sophisticated social engineering, software exploits, and even fake suppliers to mass attacks via supply chain software or its components (such as third-party code libraries), we will see an increase in such cases.
“Additionally, we should see more incidents of NFT property theft in the coming years. Being a totally new area, there will be an initial surge in such attacks since there will be a shortage of skilled police investigators.”
These attacks would not only have an effect on the global cryptocurrency markets but also the share prices of individual companies, which would also be monetised by the attackers via stock market illegal insights trading. — VNS