Photo - Eric Hoh, President for Asia Pacific Japan at FireEye.
According to cybersecurity solutions company FireEye's latest Southeast Asia report, organisations in Malaysia faced a 65 percent higher risk of a targeted cyberattack than the global average in the first half of 2015.
Speaking in Kuala Lumpur, Eric Hoh, president for Asia Pacific Japan at FireEye, said the report showed that 33 percent of observed organisations in Malaysia were targeted with advanced cyber attacks in the first half of 2015.
Thailand and the Philippines were the hardest hit in Southeast Asia, with 40 percent and 39 percent of observed organisations exposed to these attacks, respectively, said Hoh.
More than one-third of malware detections associated with advanced persistent threat (APT) groups originated within the entertainment, media and hospitality industries, he said. By targeting media organisations, threat groups can gain access to news before it is published and potentially identify undisclosed sources.
Espionage not new
Hoh said FireEye noted at least 13 APT groups targeting national government organisations and at least four APT groups targeting regional or state governments around the world.
"Espionage isn't new but it is increasingly conducted online, and Southeast Asia is a hot spot," he said. "Geopolitics can drive cyber attacks. As Southeast Asia becomes a larger economic player on the world stage and tensions flare in the South China Sea, organisations should be prepared for targeted attacks."
Threat intelligence was an important tool for organisations seeking to stay ahead of attackers, Hoh added.
The report noted groups targeting prominent institutions, which included:
State-owned Bank Compromised - FireEye observed malware beaconing from a state-owned bank in Southeast Asia. FireEye Threat Intelligence believes the malware, called CANNONFODDER, was most likely used by Asian cyber threat groups to collect political and economic intelligence. In late-2014, FireEye observed the malware beaconing from an Asian telecommunications company. In mid-2014, the company observed threat actors sending spear phishing emails with malicious attachments to employees of an Asian government. Once opened, the attachments installed the CANNONFODDER implant.
Decade-Long Cyber Espionage Campaign Detected - In April 2015, FireEye released a report documenting an advanced persistent threat group referred to as APT30 which conducted a cyber espionage operation against businesses, governments and journalists in Southeast Asia for ten years. Organisations in Malaysia were targeted by APT30 during this period. This group's malware, called Lecna, comprised 7 percent of all detections at FireEye customers in Southeast Asia in the first half of 2015.