5 cyber-threats you should be aware of in 2020

Cybercriminal activities have been continuously getting burdensome in recent years and these have brought impact on the society, either targeting individuals or organisations. Whether it has to be a password breach or unsecured internet pages, cybersecurity company Kaspersky has given five cybersecurity trends that should be watched out for in the Asia Pacific (APAC) region this year.

These predictions come from Kaspersky’s Global Research and Analysis Team (GReAT) who have combined their observations and findings with industry and technology trends.The reason for this is to provide guidance and insight  for the cybersecurity industry and stakeholders in APAC regions. 

More mobile threats

Almost everyone owns a smartphone these days. Statistics show that the number of smartphone users has exceeded three billion and is expected to grow steadily over the next few years. While that means that more people will have the internet at their fingertips, it also means that there are even more users who will be vulnerable to cyberattacks. As a result, the number of threat actors going into this space will likely increase too.

In 2019, there were a number of Android and iOS zero-days reported. According to Kaspersky, a zero-day exploit is known as “a cyberattack that occurs on the same day a weakness is discovered in software”.

One of these exploits is known as the “watering holes” attack. In essence, this is an “attack” where predators observe the websites that are visited often by an individual or organisation, and then infect those sites with spyware.

Lan Beer with Google’s Project Zero team stated that the watering holes deliver a spyware implant that can steal private data such as iMessage photos and GPS live-location information. Besides that, cybercriminals can also have the ability to access the iCloud keychain, which contains users’ account logins and banking information from the infected websites. 

One reason why watering holes attacks are dangerous and continue to pose a serious threat to organisations is that they are difficult to detect because they aren’t direct attacks on individuals or organisations. 

Strategy for new techniques and new platforms 

Last year, Kaspersky notes that they’ve seen a number of active Advanced Persistent Threats (APT) actors in the APAC region. On top of that, these threat actors have been developing new techniques and approaches to attack systems.

One example is the Ocean Lotus APT group. Kaspersky reports that this group used steganography to secure encrypted payloads (in the context of a computer virus or worm, the payload is the portion of the malware which performs malicious action) within .png image files.

Tom Bonner, Director of Blackberry Cylance Threat Research explained that the steganography, in its simplest terms, is basically embedding some sort of data into—in this case, an image—for the purpose of hiding it and making it seem like harmless messages. That technique offers an effective way of obscuring messages, payloads or concealing whatever information someone might like to hide. 

Researchers have also seen Ocean Lotus with their new iOS malware last year. This APT actor has been actively adopting new techniques designed to complicate malware analysis.

Of course, that’s just one of them. Other threat actors have also developed new techniques. Groups like Zebrocy, for example, have developed malware in the Nim programming language, while others like HoneyMyte use malicious LNK files.

More attacks targeting countries involved in Belt and Road Initiative (BRI)

Kaspersky also identifies the countries in the region involved in China’s Belt and Road Initiative (BRI) to be targets for cyber attacks this year. This is because Kaspersky saw a number of threat actors targeting countries involved in this program. 

BRI is a programme which aims to connect China to the world. Announced in 2019, the project aims to link the country to three continents—Asia, Africa, and Europe—through interlinked land and maritime networks. The end goal is to balance trade and economic growth and to improve regional integration. 

Threat actors appear to be interested in countries where there is a lot of money at stake for them or where policies are being created that would affect future projects. Moreover, the growth of activities of these cyber espionage throughout Southeast Asia is likely because most organisations are not capable of detecting their intrusion. 

Supply chain attacks remain one of the largest threats

These days, attackers want more than just to get into your system. They are also targeting supply chains and these attacks remain of the largest cybersecurity threats. According to Carbon Black’s latest quarterly global incident response threat report, 50 percent of today’s attacks leverage “island hopping”.

This means that attackers are not going after just one target network but are also hopping to more connections via the supply chain. In simple words, attackers are using the name of the victim and their next steps are invading the customers and partners of that company. Kaspersky noted that a supply chain can lose as much as USD2.57 million (RM10.8 million) from this kind of attack.

One of the well known threat actors for this attack is known as ShadowPad or ShadowHammer, who are believed to have already breached several supply chain companies in Asia. Kaspersky expects that this particular group will continue to move into these segments and harm large number of supply chains in the future. 

Olympic Games in Japan

As the 2020 Summer Olympics game (also known as Tokyo Olympics 2020) is around the corner, we should not forget the cyberattacks in 2018 where, according to US officials, Russian spies hacked the Pyeongchang Winter Olympics and tried to make it look like North Korea did it. 

According to the report, the organisers of the Pyeongchang Olympics confirmed that a cyberattack they were investigating had temporarily paralyzed IT systems ahead of official opening ceremonies, shutting down display monitors, killing Wi-Fi, and taking down the Olympics website so that visitors were unable to print tickets. 

With high political tension in many regions of the world, Kaspersky believes that we can expect one or even several independent attacks to happen during the upcoming Olympic Games in Tokyo.