As the Asia Pacific (APAC) region races ahead in its digital transformation, global cybersecurity company Kaspersky cautions businesses and individuals to prepare for an escalating wave of cyber threats throughout 2024. The surge is expected to be fueled by the rapid pace of digitalization in the region, combined with geopolitical tensions.
Kaspersky’s Global Research and Analysis Team (GReAT) has outlined key predictions for the APAC cyber threat landscape in the coming year. Phishing attacks, scams, data breaches, and geopolitically-motivated cyberattacks are anticipated to remain persistent threats targeting organizations and individuals across the region.
“Asia Pacific’s digital economy continues to grow exponentially and is expected to keep its momentum in the next five years. With digitalization efforts including adoption of technologies like digital payments, Super Apps, IoT, smart cities, and now generative Artificial Intelligence (AI), cybersecurity will be key to ensuring the resilience of the region’s overall defenses against potentially damaging cyberattacks. “When it comes to sophisticated Advanced Persistent Threats (APTs), we have seen that cyber espionage remains to be the main objective of Asian groups. We expect this trend to continue in 2024 due to the existing geopolitical tensions in the region,” according to Vitaly Kamluk, Head of Research Center for Asia Pacific, Global Research and Analysis Team (GReAT) at Kaspersky.
In a detailed report, Kaspersky highlights specific cyber threat trends in key APAC countries:
Southeast Asia (SEA): A UN report sheds light on the recruitment of hundreds of thousands of individuals from SEA for online scam operations. These operations encompass various scams, from romance-investment schemes to crypto fraud and money laundering. Criminals lure unsuspecting individuals through seemingly legitimate job advertisements, posing as programmers, marketers, or human resource specialists. The lack of regulations safeguarding users’ online rights exacerbates the challenge.
Singapore: In 2023, Singapore faced notable cybersecurity incidents, including a major data breach and financial service outages. DBS, one of the country’s largest banks, experienced a disruptive operational failure due to a data center outage, resulting in 2.5 million failed transactions. In addition, Distributed Denial-of-Service (DDoS) attacks caused web service outages in public hospitals and polyclinics. Politically motivated defacement attacks on several websites further underscored the need for enhanced cybersecurity measures.
South Korea: As South Korea gears up for a significant general election in 2024, cybersecurity threats are expected to intensify. Threat actors traditionally exploit major political events to launch cyberattacks, using sophisticated social engineering techniques. Alleged state-sponsored actors have targeted South Korea in recent years, exploiting vulnerabilities in the country’s IT infrastructure.
China: While the Chinese government’s efforts against telecom fraud have seen success, phishing attacks on Chinese citizens remain a concern. Kaspersky researchers have detected unidentified groups launching QR code phishing attacks targeting personal credit card information. Advanced Persistent Threat (APT) attacks on high-profile targets within China are on the rise, with spyware tools capable of full control over network devices.
India: India faces an array of low-skill, high-scale scams, and fraud cases, including illegal digital loan apps, income tax refund services, real estate fraud, investment scams, and job fraud. The popularity of micro-loan apps has given rise to new schemes involving unexpectedly inflated premiums and personal threats. With India’s push towards smart cities, IoT vulnerabilities pose serious security challenges.
For organizations in the APAC region, Kaspersky recommends proactive measures to safeguard against these emerging threats in 2024:
- Keep software updated to prevent exploitation of vulnerabilities.
- Enforce strong passwords and implement multi-factor authentication.
- Deploy proven endpoint security solutions with behavior-based detection.
- Utilize dedicated sets for effective endpoint protection, threat detection, and response.
- Stay informed with the latest Threat Intelligence information on threat actor tactics, techniques, and procedures (TTPs).