VNS – More data breaches by unidentified attackers, increasing advanced scams, and more attacks on cryptocurrency businesses and the non-fungible token industry are among the top trends to look for in 2022 in Southeast Asia, according to global cybersecurity firm Kaspersky.
The region, like the rest of the world, is gearing up for a year of recovery after two years of COVID-19 with companies and individuals ready to return to normalcy, and authorities putting in place policies for returning to office, school and travel.
But as seen last year, cybercriminals can target a variety of industries like airlines, hospitals, banks, telecom, and e-commerce, universities, government websites and even social media giants through sophisticated means.
Experts from Kaspersky’s Global Research and Analysis Team (GReAT) spelled out major trends to look out for this year to give organisations and individuals a compass to navigate the shifting cyberthreat landscape and secure the recovery phase.
They said the pandemic coincided with the rise of targetted ransomware attacks focussing on the most valuable targets as well as interruption-sensitive businesses.
With strong international cooperation and multiple task forces to trace ransomware gangs, Kaspersky experts believe the number of such attacks will decrease in 2022.
But advanced scams and social engineering may be on the rise this year, they said. The number of scam reports keeps increasing year after year. The attackers resort to non-technology focussed attacks, exploiting human vulnerabilities, involving all sorts of scams via SMS, automated phone calls, popular messengers, social networks, and so on.
In Thailand nearly 40,000 people were scammed with their bank accounts and credit cards showing inexplicable transactions.
Scammers also used fake bank websites to steal banking details of Malaysians last year and impersonated top e-commerce platforms in Vietnam to trick users into sending money.
Director of GReATfor Asia Pacific Vitaly Kamluk said, “This trend is fuelled by automation of some services, such as automatic dialling and automatic initial message delivery with expected follow-up action that triggers manual human-driven scam operation.
“We believe this trend will develop further in future, including production of victim-tailored documents, images, deep fake videos, and voice synthesis.
“It is possible that there will be a shift back from computer-assisted crime schemes (scams) to pure cybercrime based on complete compromise of digital assets (user accounts, smartphones, personal computers). It is likely we will see the first attempts at such technically advanced scams in 2022.”
The experts also predicted more data breaches by unidentified attackers.
Kamluk said, “In recent years we observed that in many cases of data breaches the victims were neither able to identify the attackers nor find out how they got compromised. Although it has always been a challenge to identify the attacker and the source of the breach, the per centage of such cases has increased significantly in the past two years to over 75 per cent according to our research.”
Kaspersky experts said it is not only a symptom of the serious challenges that cyber defenders face, but also a motivational factor and a signal for other passive cybercriminals to rush into data theft and illegal trading.
“As a result, we shall see more databases, internal communications and personal details stolen from various companies and traded on the black market.”
The company also expects a larger wave of cryptocurrency and NFT (non-fungible token) industry attacks this year. By observing cutting edge attackers with large human resources such as Lazarus group and its sub-group, BlueNoroff, Kaspersky researchers concluded that “we shall expect an even more significant wave of attacks on cryptocurrency businesses.”
