Threat actors target Southeast Asian tech providers in hunt for scale

Technology service providers were attractive targets for threat actors in 2020, with many organisations engaging their services during the pandemic to ensure business continuity.

Last year saw threat actors target the technology sector across the Southeast Asia region to achieve economies of scale, according to the latest research by Singapore-based cyber security service provider Ensign InfoSecurity.  

Technology service providers were attractive targets for threat actors in 2020, with many organisations engaging their services during the pandemic to ensure business continuity, according to Ensign.  

This heightened service partner engagement presented a compelling draw for cyber criminals, with a successful cyber attack allowing threat actors to obtain the credentials of these service providers’ clients, potentially handing them illicit access to a wide range of companies.  

According to Ensign, threat actors also targeted technology hardware and software vendors to breach and implant malicious code and components into the vendors’ product development systems. This enabled perpetrators to rapidly develop zero-day exploits or create backdoors to compromise the integrity of the products, allowing them to readily reach a larger pool of targets. 

Tech companies are set to be prominent targets for the foreseeable future, according to Steven Ng, Ensign CIO and executive vice president of managed security services.   

“Technology suppliers and service providers will continue to be lucrative targets for threat actors as organisations become increasingly reliant on digital technologies to support their business operations and position themselves for the future,” said Ng. 

“If threat actors can successfully compromise just one of these companies’ systems, it can create a ripple effect that will impact large groups of organisations across industries and geographies,” he added. 

Steven Ng (Ensign)Credit: Supplied
Steven Ng (Ensign)

Ensign’s findings are captured in the company’s recently released Cyber Threat Landscape 2021 report, which found that the technology, manufacturing, and banking and finance industries were the top targets in the Asia Pacific region for threat actors in 2020. 

Specifically, the report provides insights into the cyber risks and threats that surfaced across four Asia Pacific markets: Hong Kong, Malaysia, Singapore and South Korea, as the pandemic dramatically reshaped the business landscape.  

From Ensign’s perspective, the threat actors’ focus on these sectors is a concern as organisations continue to invest in digital technologies.  

COVID-19 pulls focus 

However, the effect COVID-19 had on the threat landscape went further than criminals taking advantage of organisations’ engagement of technology providers, with opportunistic threat actors exploiting COVID-19 in phishing campaigns. 

A global phenomenon, threat actors sought to exploit individuals’ anxiety, fear and curiosity caused by the pandemic through phishing attacks, the report revealed. 

Ensign said it uncovered that 99 per cent of the phishing campaigns detected in Singapore in 2020 were centred on COVID-19 subjects, and that the market’s ‘circuit breaker’ period provided an opportune timeframe for threat actors to launch phishing attacks.  

South Korea also bore the brunt of phishing emails taking advantage of the pandemic situation. Indeed, the South Korean government was impersonated by one of the top threat actor groups in Asia Pacific, Lazarus Group, which sent out messages to at least 700,000 email addresses about fake COVID-19 payouts and shopping vouchers in a phishing campaign in June 2020.  

Threat actors exploited COVID-19-induced disruptions to set their sights on trade secrets, according to Ensign, with attacks on manufacturing companies with ransomware.  

In these instances, the perpetrators understood that the target companies’ production capabilities were already strained due to the pandemic-induced supply chain disruptions. This made manufacturers more willing to pay the ransom to resume operations quickly and avoid further production disruption.  

Read more on the next page...

Page Break

Moreover, threat actors also targeted manufacturing companies to steal trade secrets, including industrial design and operational knowledge, as well as source materials and suppliers.  

This type of information is particularly valuable as it can significantly undermine victims’ competitive edge while boosting the capabilities of their competitors, Ensign noted. 

Threat actors also intensified social engineering attacks last year, seeking to exploit remote working arrangements in the banking and finance sector. 

Remote work winds up threat activity 

Ensign’s findings revealed there was a greater increase in threat activities in the banking and finance sector due to the widespread adoption of remote working arrangements. 

As Singapore went into lockdown during the pandemic in 2020 there was increased usage of online banking services. This led threat actors to ramp up their social engineering attacks by faking banking websites and mobile applications to deceive bank customers into disclosing their credentials, according to Ensign.  

Ensign’s research suggests that more exploit attempts in 2020 targeted remote solutions used in the banking and finance sector compared to other industries.  

Threat actors were particularly interested in getting credentials to gain access to banks and other financial institutions, Ensign said. Cyber criminals could then sell this information to ransomware operators and other threat groups that could subsequently find their way into target organisations’ core networks. 

In terms of malware, Ensign found that Emotet and TrickBot were the top malware types observed across the region in 2020, constituting the bulk of command and control threat activities detected, especially in Hong Kong, Malaysia and Singapore. 

Threat actors commonly use Emotet and TrickBot, possible because they are versatile in design, allowing perpetrators to steal credentials, obtain information to move deeper into an infiltrated network and inject additional malicious payloads into the compromised digital environment. 

Ensign observed that threat actors frequently targeted technology service providers with these two malware families due to their capabilities to download more malware into the infected systems.  

Both Emotet and Trickbot were also observed to be used in phishing campaigns worldwide. 

With this in mind, Ng pointed out that organisations need to start paying attention to the security of their partners and vendors, in addition to their own networks and systems.  

“Organisations need to recognise that as their cyber supply chain ecosystem expands and diversifies, they will also need to take additional steps to mitigate the elevated cyber risks that come with it,” he said. “This includes increasing the organisation’s situational awareness by maintaining a complete inventory of the software, hardware, and information assets that are within their network, and those managed by their partners and vendors.” 

Ensign's report mirrors findings by Japanese global systems integrator NTT, which released research earlier this year indicating that the finance industry faced the greatest number of digital threats out of all market verticals in the Asia Pacific region during 2020.