Businesses in Southeast Asia have increasingly been challenged by the quantity and sophistication of cybersecurity problems for at least the last decade. Due to the availability and widespread adoption of advanced technologies such as AI and cloud computing, and the rising geopolitical significance of the region, large, small, and medium enterprises, as well as governments, have become attractive targets for cybercrime. Many have been compromised or have suffered data loss in recent times.
As business leaders know, the cyberthreat landscape is constantly changing. Regardless of where a business is in its security journey, it is critical to always be one step ahead to monitor malicious actors who continue to adapt their tactics and strategies, as well as new players and threats emerging across the world.
So, what are the evolving threats that should be on every business leader’s radar?
Enterprise hacks took centre stage in 2023
The remote and hybrid work era has undoubtedly accelerated the adoption of “as-a-service” enterprise software, shared cloud infrastructure, and virtualised workspaces. As a result, even the most security-focused companies have had to rely — and continue to rely — on a lineup of third-party services and tools to get work done.
Throughout 2023, this interconnected business environment was a clear target for cybercriminals. According to Insikt Group’s latest Annual Report, the number of exploited vulnerabilities in enterprise software increased fourfold from the previous year. Furthermore, threat actors favoured vulnerabilities in third-party products that would inflict damage on thousands of organisations.
This was evident with the MOVEit File Transfer Application exploit in May 2023, which garnered attention due to the high volume of second- and third-party entities whose data was exposed, including Shell, British Airways, and federal agencies in the United States. The ransomware gang behind MOVEit, CL0P, is estimated to have earned between US$75 and US$100 million in profit from the hack alone, affecting a staggering 2,750 enterprises and approximately 94 million individuals.
Given the success of ransomware gangs, especially CL0P, in mass exploiting vulnerabilities in enterprise file transfer solutions, these types of attacks will likely continue well into this year and beyond.
When AI and cybersecurity collide
The explosion of generative AI in 2023 led to a surge in new services. Security teams have experimented with AI for threat intelligence, incident response, and code patching, whereas cybercriminals and nation-state actors are experimenting with new ways to enable and amplify their tactics using AI.
Some of the emerging malicious use cases for AI include targeted deepfakes, influence operations, social engineering, data privacy breaches, and intellectual property violations. Last year, adversaries began using AI-powered chatbots to create phishing emails, support scam operations, and analyse e-commerce merchants’ anti-fraud systems to facilitate payment fraud. Another example is the advertising of malicious open-source large language model projects on the dark web with the promise of producing malware, creating phishing emails, and more.
While it will take some time for threat actors to develop the knowledge and skills to integrate AI into their operations, the cybersecurity community needs to use this time as an opportunity to prepare and adapt security strategies. Remaining vigilant is also key as there are early adopters already working on ways to amplify their tactics with AI.
Targeting BPOs for social engineering
A critical link to supply chains, cybercriminals have financial motives to target business process outsourcing (BPO) organisations. By targeting them, threat actors increase their ability to compromise many downstream customers through a single point of compromise. For example, in 2023, Scattered Spider sought to gain access to mobile carrier networks from compromised telecommunications or BPO environments to perform SIM swapping and further facilitate criminal operations beyond the primary victims, such as cryptocurrency theft.
Given that the Asia Pacific BPO market is expected to grow from US$72.7 billion to US$185 billion between 2022 and 2032, targeting of this sector will likely grow over the next decade.
Hacktivism on the rise
The year 2023 saw an acceleration of hacktivist activities associated with ongoing and emerging geopolitical conflicts. In addition to the surge in grassroots and state-sponsored activity after Russia’s invasion of Ukraine in 2022, the latter half of last year saw an unprecedented rate of emergence of new hacktivist groups and alliances taking advantage of the chaos following the attack against Israel by Hamas.
Additionally, cybercriminal actors appeared to increasingly take advantage of the geopolitical instability and “grassroots” interest in hacktivism. Several groups in the latter half of 2023 adopted tactics, techniques, and procedures that are typically more associated with cybercriminals than hacktivists, such as selling credential leaks, as well as continuing the previously observed tradition of selling exploits and DDoS-for-hire services (as done by Anonymous Sudan, for example).
Looking into the future, targeting of Western entities aligned with NATO and the European Union will likely continue, while focus on entities supporting Israel will likely increase.
Now what? The path forward
Metaphorically speaking, business, technology, and security leaders need to think and act like a dragonfly.
According to Harvard University, dragonflies are the most successful hunters in the animal kingdom. They catch 95% of their targets, making them four times more successful than a lion or cheetah. It is in the brain of the dragonfly that we find the secrets to its success. They are not known to chase prey like most hunters do; instead, they analyse their targets and predict their movements, intercepting them at precisely the right moment.
The same mentality applies in cybersecurity. Businesses will have a higher success rate of preventing attacks when they can be intercepted first. Cybersecurity threats can be tackled using proactive or reactive strategies, but in order to efficiently move from reactive to proactive, businesses need one thing — threat intelligence.
Threat intelligence allows us to bring together three critical vectors of context to form a proactive, threat-led strategy:
- What is happening in the wild?
- What is happening to others like you?
- What is happening in your own environment?
Ultimately, leaders need to have a proactive approach in how they defend and protect their business from the ever-evolving scope of cybersecurity threats. It is important to enable threat and security teams to have a holistic understanding of what threat actors are doing, who they’re targeting, and how they’re actually doing it, as well as a grasp of the macro trends that may have a role in it. Having this context is what will propel a security strategy forward from just being reactive.
