Saturday, April 1

Southeast Asia sees increased phishing attempts on SMBs — Kaspersky


Phishing is a form of cybercrime based on social engineering techniques that involves stealing confidential data from a person’s computer and subsequently using the data for other purposes – from stealing the target’s money to reselling their data. — Bernama photo

KUCHING: Global cybersecurity company Kaspersky unmasks the continued phishing campaigns against small and medium businesses (SMBs) in Southeast Asia.

In a press statement, it said, despite this segment bearing the brunt of the still on-going pandemic, its Anti-Phishing Technology has blocked a total of 2,890,825 attempts aimed at SMBs in the region last year, a 20 per cent increase compared with 2,402,569 attempts to visit fraudulent urls detected in 2019.

Phishing is a form of cybercrime based on social engineering techniques that involves stealing confidential data from a person’s computer and subsequently using the data for other purposes – from stealing the target’s money to reselling their data.

Phishing messages usually take the form of fake notifications from banks, providers, e-pay systems and other organisations, phishing also can take form of an almost 100 per cent perfect replica of a trusted website, to which the victim would be lured through phishing messages to later leave their personal data.

In terms of per country cases of phishing targeting companies with 50 to 250 employees, Indonesia registered the most incidents in 2020, followed by Thailand, and Vietnam. Each of them logged over half a million attempts. Malaysian, Filipino, and Singaporean SMBs were not spared, with these nations charting a combined 795,052 attempts to visit phishing websites from January to December last year.

It noted that SMBs in all six countries in the region have also witnessed an increased phishing attempts foiled by Kaspersky year-on-year, an expected aftermath of the segment’s urgent drive to digitalise amidst the pandemic.

“While they serve as the bedrock of our regional economy, SMBs are low-hanging fruits for cybercriminals.

“These malicious actors are aware that owners are focused on keeping their cash flow more than their cybersecurity, at least for now.

“Social engineering attacks such as phishing is also the easiest way in. Combining our current stressed minds with the right buzzwords like Covid-19, and now the vaccines, we expect to see this threat being used more to steal money and data from this already battered segment,” said Kaspersky Southeast Asia general manager Yeo Siang Tiong.

Last year’s top 10 countries in terms of phishing attempts against SMBs are Brazil, Russia, USA, France, Italy, Mexico, Germany, Colombia, Spain, and India.

On a worldwide scale, online phishers exploited the Covid-19 theme, invited victims to non-existent video conferences and insisted that their targets register with “new corporate services”.

Given that the fight against the pandemic is not over yet, Kaspersky predicts that the main trends of 2020 will stay relevant into the near future.

An important trend which businesses in Southeast Asia, a region famous for being highly active on social media, should note about is the phishing links and mails being shared via online networking platforms.

Kaspersky experts have observed that scammers who were spreading their chain mail via social networks and instant messaging applications began to favor the latter in 2020.

“It is true that governments and financial organisations are combining efforts to offer lifeboats for SMBs via grants and offers, but we have to accept that cybercriminals will spare no one,” Yeo added.

As such, Kaspersky recommends the following steps to limit the impact of cybercrimes.

It said, organisations should teach employees about the basics of cybersecurity. For example, not opening or storing files from unknown emails or websites as they could be harmful to the whole company, or to not use any personal details in their passwords. In order to ensure passwords are strong, staff shouldn’t use their name, birthday, street address and other personal information.

It also advised companies to regularly remind staff of how to deal with sensitive data and enforce the use of legitimate software, downloaded from official sources.

Aside from that, it recommended companies to make backups of essential data and regularly update IT equipment and applications to avoid unpatched vulnerabilities that could cause a breach, configure Wi-Fi encryption or use a VPN if connecting to Wi-Fi networks that don’t belong to you.

It said companies should use corporate services for e-mail, messaging, and all other work, and stick to corporate resources when exchanging documents and other information.

“Those cloud drives, but configured for business, are generally far more reliable than the free user versions,” it said.

More importantly, it pointed out that companies should protect devices with an antivirus solution.

“It is vital that you install a reliable security solution on all devices that handle corporate data,” it added.