PHUKET, Thailand: In 2022, more than half (61.1 per cent) of the malicious spam emails detected in the Asia Pacific (APAC) region, targeted email users from Vietnam, Malaysia, Japan, Indonesia, and Taiwan, a study by Kaspersky showed.
According to Kaspersky Global Research and Analysis Team (GReAT) Asia Pacific senior security researcher Noushin Shabab, APAC accounts for one-fourth the total malicious emails detected in 2022.
And as at August 2022, Kaspersky Mail Antivirus detected over two million malicious spam emails in Malaysia, accounting for 13.6 per cent of the overall malicious spam emails detected in APAC.
Shabab cited three main factors which cause the bulk of spam emails targeting APAC; its population, the high adoption of e-services, and the pandemic lockdowns.
“The APAC region has almost 60 per cent of the world’s population and this means that there are more potential victims for scammers here compared to other parts of the world.
“The extensive use of online services such as online shopping and other online platforms for day-to-day activities here also makes individuals more susceptible to falling victim to scams.
“There is also the lingering pandemic aftermath which led to lockdowns and work-from-home set up in the region where people took their work computers home. Home networks are usually less protected from cyberattacks,” Shabab shared during Kaspersky’s Eigth Asia Pacific (APAC) Cyber Security Weekend.
“We have countries in our region that are very technologically advanced. People use a lot of digital devices and services for many activities in their lives. Doing business on their messaging apps or doing online shopping.
“This means that people are using their digital devices, making them more susceptible to receiving malicious emails because they receive a lot more emails everyday,” she added.
Malicious spam is not a technologically complex attack, but when done with sophisticated social engineering techniques, it poses a severe threat to individuals and enterprises alike.
These junk mails are sent out in mass quantities by spammers and cybercriminals who are looking to either make money from the small percentage of recipients that actually respond to the message, run phishing scams – in order to obtain passwords, credit card numbers, bank account details and more, and spread malicious code onto recipients’ computers.
“Since 2018, the number of malicious spam mails detected by our solutions has seen a gradual decline after its peak in 2019. This, however, does not equate to our mailboxes being cleaner and safer. Our constant monitoring of the current and new Advanced Persistent Threats (APTs) operating in Asia Pacific showed that majority of these notorious threat actors use targeted phishing called spearphishing to crack into an organisation’s systems,” revealed Shabab.
The most recent example of an APT targeting key entities in APAC through sophisticated malicious mails is the ‘Sidewinder’ threat. Since October 2021, the Sidewinder threat actor has been using new malicious JS code with recently created C2 server domains. The attacker, also known as Rattlesnake or T-APT4, targets victims with spear-phishing emails containing malicious RTF and OOXML files.
Known for targeting military, defense and law enforcement agencies, foreign affairs, IT, and aviation entities in Central and South Asia, Sidewinder is considered one of the most prolific threat actors monitored in the APAC region. Kaspersky experts also recently found spearphishing documents which appears to be aimed at future targets in Singapore.
Kaspersky experts have detected over a thousand spearphishing attacks by this APT actor since October 2020.
“There are many more well-oiled APT groups like Sidewinder who are constantly upgrading their tools and tactics to target high-profile victims in APAC through believable spam and phishing emails. The implication for enterprises and government organisations here is that a single malicious email when clicked can crumble your most sophisticated defenses, and usually, APTs like Sidewinder just need one door to open, one machine to infect, and then it can hide and stay undetected for long,” Shabab added.
APTs target any sensitive data. The major danger of APT attacks is that even when they are discovered and the immediate threat appears to be gone, the hackers may have left multiple backdoors open that allow them to return when they choose.
Employees across all ranks need to be aware of the threats, such as the possibility of bogus emails landing in their inboxes. Besides education, technology that focuses on email security is necessary.
To be able to search for potential spear-phishing signs without diminishing the company’s actual security, Kaspersky suggests private and public companies to install protective antiphishing solutions on mail servers as well as on employee workstations.
Enterprises should also utilise an advanced security software that can detect sophisticated APT attacks.
For governments, Shabab suggested defining better spam regulations to curb spam risks. “Fewer spam emails from legitimate organisations means people are less used to receiving unexpected emails every day and are more vigilant when they are being targeted with malicious spear phishing emails,” she pointed out.