Four cybersecurity experts from Kaspersky Lab’s Global Research & Analysis Team (GReAT) attended this year’s APAC Cyber Security Weekend in Phuket, Thailand. They zeroed in on the state of targeted attacks in APAC countries from past to present and how governments, businesses, and concerned industrial sectors can beef up their cyber defenses.
Vitaly Kamluk, Kaspersky Lab’s Director of GReAT in APAC, opened up the discussion by looking back at major cyberattacks that have hit public and private organizations over the past years in countries around the region.
“Cyberespionage, a subset of intelligence activities in cyberspace, is covert by nature. The new generation of spies are not doing physical James Bond-style operations anymore — they are regular software developers and system operators. Their achievements remain in the darkness until researchers like Kaspersky GReAT discover and document their activities. The attackers are not writing the history of cyberattacks, but researchers do. And it doesn’t come as easy making documentaries or writing memoirs. The work of researchers require high concentration and solving of multiple difficult logical problems on the way, which is why these stories are so valuable,” explains Kamluk.
Kaspersky Lab’s 2016 report titled “Measuring the Financial Impact of IT Security on Businesses” has found that targeted attacks, including cyberespionage, are among the most expensive types of attack. The study further shows on average, these threats can cost $143,000 in losses for small businesses and $1.7 million for enterprises.
The global cybersecurity company’s cyberespionage report also reiterates that businesses in all sectors and of all sizes are vulnerable to a targeted attack. A Fortune 500 company is at risk as a two-man startup as both entities hold business data.
Aside from monetary loss, businesses and even government agencies lose confidential data and the trust from their stakeholders and customers in the wake of a successful cyberespionage campaign.
Seongsu Park, GReAT’s Senior Security Researcher based in South Korea, specifically talked about the role of a company’s infrastructure in a successful targeted attack.
Park is among the Kaspersky Lab researchers who have been closely monitoring the activity of the high-profile cyberespionage group, Lazarus, a cybercriminal gang believed to be behind the $81-million Bangladesh Bank heist last year. He said thorough analysis on this group proved that many servers of big corporations are being used by the cybergang as launchers of their attacks against these same enterprises.
To answer the who’s and how’s of a cyberespionage campaign, Noushin Shabab, Senior Security Researcher at Kaspersky Lab’s GReAT based in Australia, discussed the forensic techniques and critical analysis being carried out by researchers for years to be able to understand an attack and to unmask its perpetrators.
“Like paleontologists collecting the tiniest bones to be able to unearth a full artefact, cybersecurity researchers examine the leftovers of a malicious campaign, chase the trail of clues until we have gathered all the necessary pieces of the puzzle, and collate and compare evidences with fellow experts to be able to know the attackers behind an attack, their main goal, their techniques, and the length of their attacks. All the historic information we have gathered through investigating targeted attacks all these years helped us discover the truths and the myths of cyberespionage in the Asia Pacific region,” says Shabab.
Yury Namestnikov, Senior Malware Analyst at Kaspersky Lab’s GReAT, explained the trend of cyberespionage groups focusing on attacking financial organizations in the region using the now infamous ransomware to gain monetary rewards. He also revealed the techniques used by these groups to mask destructive wiper-attack as an ordinary cybercriminal activity.
In order to protect your personal or business data from cyberattacks, Kaspersky Lab advises the following:
● Implement an advanced, multi-layered security solution that covers all networks, systems and endpoints.
● Educate and train your personnel on social engineering as this method is often used to make a victim open a malicious document or click on an infected link.
● Conduct regular security assessments of the organizations IT infrastructure.
● Use Kaspersky’s Threat Intelligence that tracks cyberattacks, incident or threats and provides customers with up-to-date relevant information that they are unaware of. Find out more here.