What were the most prominent cyber threats of 2023 in the Asia-Pacific region, specifically in Singapore, Malaysia, Indonesia, South Korea, Australia and the Greater China Region?
- The most targeted industries in APAC were Technology, Media and Telecommunications (TMT), Government, Manufacturing and Financial Services
- Supply chain cyber attacks are on the rise in the APAC region.
- Based on the incidents that Ensign worked on, the maximum dwell time (the time attackers stay in a network undetected) decreased significantly from 1,095 days in 2023 to just 49 days. That is very encouraging and suggests that companies increase their detection capabilities.
- Below are the hacker groups most active in the region, their motivations, their associated territory and their victim’s territories.
The biggest threats:
- Ransomware
- Ransomware was the most concerning threat to cybersecurity in 2023. No matter how many hackers are obstructed by law enforcement, new ones continue to be drawn in by the huge sums of cash on offer. Organisations of all sizes, in all locations, are at risk.
- Hacktivism
- Fraught geopolitical situations around the world have worsened cybersecurity, with hacktivism and state-sponsored attacks on the rise. It’s not just those close to the conflict who are at risk: attackers may target neutral organisations to send a signal to a third party, with attacks including ransomware, data breaches, and denial-of-service.
- Digital infrastructure under attack
- Attacks on cyber supply chains accelerated, with malicious code entered into open-source software and targeted attacks on digital infrastructure proliferating.
The outlook for 2024:
- On AI and trust
- Digital trust has been decimated, partly because AI makes it easier for bad actors to create content with the aim of disseminating misinformation and manipulating opinions. Deepfakes also became more prevalent in the online sphere, and have been used in social engineering attacks.
- The difficulties of securing AI
- AI is a probabilistic technology, meaning its behaviour can be unpredictable - and cyber teams are accustomed to securing rule-based systems. Plus, they currently lack the forensic tools needed to identify AI-based attacks.
- It is crucial to protect the data inputted into AI, both during the initial training and during day-to-day operations. Otherwise, it will learn from and replicate malicious data.
- New regulations
- New regulations are coming into force around the world, and countries are developing home-grown technology stacks in an attempt to move away from shared global infrastructure and reduce their risk. We can’t say for sure they’ll be interoperable, and they may require different cybersecurity approaches.