Ransomware Gangs Pummel Southeast Asia

Successful ransomware attacks against organizations in Asia continue at peak levels in 2024 following a wave of high-profile data breaches last year.

A spate of major ransomware attacks in Southeast Asia in the first half of this year was just the beginning.
Companies and government agencies in Southeast Asia — especially Thailand, Japan, South Korea, Singapore, Taiwan, and Indonesia — have experienced a significant increase in attacks, outpacing the rate of ransomware growth in European nations, according to telemetry data from Trend Micro. Major incidents such as the June ransomware attack by a
gang known as Brain Cipher
that
disrupted more than 160 Indonesian government agencies
, are likely to multiply as the economies in the region grow.
Many companies and organizations in Asia are rushing to digitize their infrastructure, but often at the sacrifice of security, says Ryan Flores, senior manager of forward-looking threat research at Trend Micro.
There is a lot of digitization initiatives happening in the region, with governments supporting and encouraging the adoption of online services and payments, he says. Because of the rush to infrastructure and services, security is most often relegated to a lower-level priority, as priority number one is to get the service or platform to market as soon as possible.
Already, companies and organizations in the Asia-Pacific region have suffered serious cyberattacks, confirming
signs that threat groups
have focused on the region. In March, a major brokerage in Vietnam had to
shut down securities trading for eight days
, following a ransomware attack that encrypted critical data. The same month, Japanese officials called out North Korean hackers for
polluting the Python Package Index (PyPI)
with malicious code capable of dropping ransomware on victims computers.
While more than three-quarters of ransomware attacks continue to target organizations in North America and Europe, the share of successful cyberattacks that impact other regions — especially Asia — has spiked. In 2023, the number of publicly reported ransomware attacks grew 85% in Asia, according to data from cybersecurity information services firm Comparitech.
Other threat trackers show similar trends: India and Singapore are both in the top six most-targeted countries tracked by cybersecurity firm Sophos, according to the firms
State of Ransomware 2024 report
.
Ransomware groups are targeting the most critical and vulnerable industrial sectors in the Asia-Pacific region. The manufacturing sector saw a significant increase in attacks, with 21 confirmed ransomware events in 2023, followed by 16 for the government sector and 11 in healthcare, according to data compiled from public reports by Comparitech.
One major factor is that many countries do not have a breach notification law in place, leading to a significant underreporting of breaches and less focus on cybersecurity in Asia. The popularity of cryptocurrency in many Asian countries also has resulted in a greater likelihood of companies paying ransoms, says Rebecca Moody, head of data research at Comparitech.
In a lot of cases, the only time you find out if [an attack has] been confirmed or not is because of system disruptions or websites going down ... whereas ... if they managed to get the systems back online and nobodys none the wiser ... then they can kind of skirt over it, she says.
Ransomware, along with cybercriminal fraud, is endemic in the Asia-Pacific region. North Korean groups
use ransomware, cryptojacking attacks
, and other schemes to siphon cash from the global economy, as well as conduct espionage. Large fraud centers in Cambodia, Laos, and Myanmar — essentially forced-labor camps —
run by criminal syndicates
from China and other Asia nations conduct massive industrial-scale romance scams and pig butchering to generate tens of billions of dollars a year in revenue.
In the end, however, the increase in ransomware attacks is likely less about specific targeting and more about the increase in potential victims, as companies implement digital transformations but fail to update their security as quickly, Trend Micros Flores says. The relative immaturity of the regions cybersecurity ecosystem, along with increasing regional tensions, are more likely behind the rise in attacks rather than specific targeting.
Ransomware groups and cybercriminals in general are opportunistic, so I dont think they are really focused on one region over another, he says. What they focus on instead are big payouts with minimal effort, so if there are infrastructure that are vulnerable, open, or misconfigured, those are easy targets for them and it does not matter if that is in Asia, Europe, or Africa.
National governments in the Asia-Pacific region have already started to update their regulations to improve security. In May, Singapore updated it Cybersecurity Act to account for
its critical infrastructure
sectors reliance on third parties who use cloud services, while Malaysia passed legislation in April that requires
cybersecurity service providers
to be licensed to do business in the country, although the details still need to be ironed out.
Companies in those regions should focus on covering their bases and implement foundational defenses, says Matt Hull, global head for strategic threat intelligence for the NCC Group, a cybersecurity consultancy.
Organizations must prioritize regular patch management to close known vulnerabilities, enforce strong password policies to prevent easy exploitation, and implement multifactor authentication (MFA) to add an additional layer of security beyond passwords, he says. Additionally, it’ essential to establish robust detection and monitoring systems that can swiftly identify and respond to potential threats.

Last News
▸ Protecting the end system from cyber threats ◂ Discovered: 26/12/2024 Category: security	▸ Tackling The TDoS Threat. ◂ Discovered: 26/12/2024 Category: security	▸ Ruby On Rails Under Attack ◂ Discovered: 26/12/2024 Category: security

**Cyber Security Categories**
Google Dorks Database	Exploits Vulnerability	Exploit Shellcodes

CVE List

Tools/Apps

News/Aarticles

Phishing Database

Deepfake Detection

Trends/Statistics & Live Infos

Tags:
Ransomware Gangs Pummel Southeast Asia