Businesses, governments in SEA top target for APT attacks


19 November 2015

Network security company FireEye and Singapore Telecommunications (Singtel) have released a new report on advanced cyber attacks against organisations in Southeast Asia.

According to the report, organisations observed in the region faced a 45 per cent higher risk of facing a targeted cyber attack in the first half of the year than the global average. However, in the prior six-month period, they faced only a 7 per cent higher risk, the report revealed.

It also added that across the region, 29 per cent of observed organisations were targeted with advanced cyber attacks in the first half of 2015. According to the report, Thailand and the Philippines were hardest hit, with 40 per cent and 39 per cent of observed organisations exposed to these attacks, respectively.

The report said that more than one-third of malware detections associated with advanced persistent threat (APT) groups originated within the entertainment, media and hospitality industries. By targeting media organisations, threat groups can gain access to news before it is published and potentially identify undisclosed sources, it added.

FireEye also noted that there are at least 13 APT groups targeting national government organisations and at least four APT groups targeting regional or state governments around the world.

Earlier in April 2015, the company released a report documenting an advanced persistent threat group referred to as APT30 which conducted a cyber espionage operation against businesses, governments and journalists in Southeast Asia for ten years. According to the report, this group’s malware, called Lecna, comprised 7 per cent of all detections at FireEye customers in Southeast Asia in the first half of 2015.

“Espionage isn’t new but it is increasingly conducted online, and Southeast Asia is a hot spot,” said Eric Hoh, president for Asia Pacific Japan at FireEye. “Geopolitics can drive cyber attacks. As Southeast Asia becomes a larger economic player on the world stage and tensions flare in the South China Sea, organisations should be prepared for targeted attacks.”

The report emphasises the frequency and sophistication of cyber attacks against all types of industries and enterprises in the region, said William Woo, Managing Director, Enterprise Data and Managed Services at Singtel.

“The risk of attack, faced by regional enterprises, is higher than the global average." Therefore, these enterprises must make it a priority to reinforce their cyber defences, he said. "Even though APT attacks can be discovered within a shorter timeframe than before, which is currently after 205 days, this still leaves enterprises wide open to malicious activity within their breached environment."

"To avoid such a situation, it is imperative for enterprises to adopt preemptive measures, such as our cyber defence managed services, to safeguard their assets and customers, in order to protect their reputations," he added.