Threat actors target Southeast Asian tech providers in hunt for scale

Threat actors target Southeast Asian tech providers in hunt for scale

Technology service providers were attractive targets for threat actors in 2020, with many organisations engaging their services during the pandemic to ensure business continuity.

Credit: Dreamstime

Moreover, threat actors also targeted manufacturing companies to steal trade secrets, including industrial design and operational knowledge, as well as source materials and suppliers.  

This type of information is particularly valuable as it can significantly undermine victims’ competitive edge while boosting the capabilities of their competitors, Ensign noted. 

Threat actors also intensified social engineering attacks last year, seeking to exploit remote working arrangements in the banking and finance sector. 

Remote work winds up threat activity 

Ensign’s findings revealed there was a greater increase in threat activities in the banking and finance sector due to the widespread adoption of remote working arrangements. 

As Singapore went into lockdown during the pandemic in 2020 there was increased usage of online banking services. This led threat actors to ramp up their social engineering attacks by faking banking websites and mobile applications to deceive bank customers into disclosing their credentials, according to Ensign.  

Ensign’s research suggests that more exploit attempts in 2020 targeted remote solutions used in the banking and finance sector compared to other industries.  

Threat actors were particularly interested in getting credentials to gain access to banks and other financial institutions, Ensign said. Cyber criminals could then sell this information to ransomware operators and other threat groups that could subsequently find their way into target organisations’ core networks. 

In terms of malware, Ensign found that Emotet and TrickBot were the top malware types observed across the region in 2020, constituting the bulk of command and control threat activities detected, especially in Hong Kong, Malaysia and Singapore. 

Threat actors commonly use Emotet and TrickBot, possible because they are versatile in design, allowing perpetrators to steal credentials, obtain information to move deeper into an infiltrated network and inject additional malicious payloads into the compromised digital environment. 

Ensign observed that threat actors frequently targeted technology service providers with these two malware families due to their capabilities to download more malware into the infected systems.  

Both Emotet and Trickbot were also observed to be used in phishing campaigns worldwide. 

With this in mind, Ng pointed out that organisations need to start paying attention to the security of their partners and vendors, in addition to their own networks and systems.  

“Organisations need to recognise that as their cyber supply chain ecosystem expands and diversifies, they will also need to take additional steps to mitigate the elevated cyber risks that come with it,” he said. “This includes increasing the organisation’s situational awareness by maintaining a complete inventory of the software, hardware, and information assets that are within their network, and those managed by their partners and vendors.” 

Ensign's report mirrors findings by Japanese global systems integrator NTT, which released research earlier this year indicating that the finance industry faced the greatest number of digital threats out of all market verticals in the Asia Pacific region during 2020.

Tags malwareSingaporeEnsign

Show Comments