State-Sponsored Actors Focus Attacks on Asia

Southeast Asia is the most actively attacked region, accordingly to Cyber Security firm, Group-IB. Their annual Hi-Tech Crime Trends Report 2018 advises, “In just one year, 21 state-sponsored groups were detected in this area, which is more than in the United States and Europe.” Although, not only state-sponsored groups are focusing their attention on this region and criminal organisations such as Cobalt have been observed.

On Monday 12th October, Group-IB hosted their first CyberCrimeCon within Singapore. At the conference they discussed criminal trends and spoke passionately of combating cybercrime and APT actors such as The Lazarus Group. The security company advises such threats will continue to attack and steal funds, leveraging banking solutions such as SWIFT. It is anticipated The Lazarus Group will experiment with attacks on card processing and will focus on Asia and the Pacific region.

Such threats are not uncommon, as recent months has proven numerous substantial thefts via ATMs have occurred. These attacks have consumed policing and financial resources within the US and Europe where funds were extracted; but the real victims and targets are financial institutes and their customers within Asia. The report notes “attacks on banks via SWIFT has tripled” impacting “Hong Kong, Ukraine, Turkey, Nepal, Taiwan, Russia, Mexico, India, Bulgaria and Chile.”

The report draws out Asian case studies, such as the ONI Ransomware which impacted Japanese banks in 2017 and the South Korean Olympics.

South Korea has been subjected to numerous attacks, in particular several towards cryptocurrency exchanges over the last two years many of which are attributed to The Lazarus Group. In addition, Australia was noted as the second most subjected country to banking trojans by genre, tied only with the UK for which has ~3x the population.

While many security firms struggle to gain a foothold in Australia, it is apparent Australia is subjected to continuous attacks. Given Group-IB’s observations, it is clear why they are moving their Headquarters to Singapore in order to work closer with the victims and have pledged to invest up to $30 million until 2022.

The region is vast and politically active, with governments battling over geographical control, embargoes and much more. Many countries in the region are keen to adopt technology but this advancement comes at a price, especially without time to adjust.

It is observed that many countries provide online banking with lesser controls than those mandated in the EU. The rapid increase of access to technology without educating its population of the dangers has impacted many and further highlight the difficult task facing government CERTs.

In addition, policing services struggle against cybercrime that are no longer inhibited by geographical borders and instead use this to their advantage. While state politics continue to play against one another, organisations such as Interpol are severely constrained, especially when their President is alleged to be caught up in an alleged anti-corruption crack down.