IBM Security: APAC was the most attacked region in 2022, led by Japan

IBM Security: APAC was the most attacked region in 2022, led by Japan.

IBM Security: APAC was the most attacked region in 2022, led by Japan

  • Asia Pacific (APAC) remains in the top spot as the most attacked region in 2022, accounting for 31% of all incidents, as shown by IBM Security X-Force Threat Intelligence Index 2022.
  • The APAC region, specifically Japan, was the epicenter of the Emotet spike in 2022.
  • Manufacturing tops the list of attacked industries in this region in 48% of the cases, with finance and insurance a distant second place at 18%.

The year 2022 saw threat actors capitalizing on disorder, using risky landscapes to their advantage to infiltrate governments and organizations across the globe. As IBM Security puts it, disruption made 2022 a year of economic, geopolitical, and human upheaval and cost, creating precisely the chaos in which cybercriminals thrive – and thrive they did. The result is that Asia-Pacific (APAC) is once again the most attacked region in 2022, accounting for 31% of global incidents.

According to the latest X-Force Threat Intelligence Index by IBM Security, the APAC region holds the top spot as the most attacked region for the second year in a row. The statistic represents a five-percentage-point increase from the total share of attacks to which X-Force responded in the region in 2021. “Asia-Pacific and Europe saw higher proportions of cases, increasing five percentage points and four percentage points, respectively, from 2021 figures,” IBM Security said.

Proportion of IR cases by region to which X-Force responded from 2020-2022. Source: X-Force

Proportion of IR cases by region to which X-Force responded from 2020-2022. Source: X-Force

Within the APAC region, IBM Security found that Japan was the epicenter of the Emotet spike in 2022. Emotet is a Trojan that is primarily spread through spam emails. “While not directly related to the war in Europe, the surge of Emotet cases in Japan occurred alongside Russia’s invasion of Ukraine, which other researchers in the cybersecurity community noted helped drive significant Emotet activity at the time,” the report reads.

Overall, Japan accounted for 91% of APAC cases, the Philippines 5%, and Australia, India, and Vietnam for 1.5%. X-Force Threat Intelligence Index shows that spam campaigns were identified across several industries, with most cases occurring in manufacturing, finance, and insurance. Emotet is delivered mainly through spam campaigns that use attention-grabbing headlines.

“Manufacturing tops the list of attacked industries in this region in 48% of the cases, with finance and insurance in a distant second place at 18%,” IBM Security said. The index also shows that spear phishing by attachment was the top infection vector at 40% across this region, followed by exploiting public-facing applications at 22%. Cases of external remote services and spear phishing links tied for third place at 12%.

On the other hand, deployments of backdoors were the most common objective in 31% of cases in the region. “Ransomware placed second at 13% and maldocs third at 10%. Extortion was the most common impact observed in 28% of cases. Impacts to brand reputation were in second place at 22%, and data theft was in third place at 19%,” shared IBM Security.

Charles Henderson, the head of IBM Security X-Force, believes that the shift towards detection and response has allowed defenders to disrupt adversaries earlier in the attack chain – tempering ransomware’s progression in the short term. “But it’s only a matter of time before today’s backdoor problem becomes tomorrow’s ransomware crisis. Attackers always find new ways to evade detection,” he said.

Henderson also noted that more than good defense is needed. “To break free from the never-ending rat race with attackers, businesses must drive a proactive, threat-driven security strategy.” IBM India & South Asia’s VP for technology, Viswanath Ramaswamy, reckons businesses in the Asia Pacific, including India, will continue to face more, increasingly sophisticated cyber threats as bad actors take advantage of economic and geopolitical disruptions.

“Hence, it is imperative that business leaders take immediate action to prepare and secure against these malicious threats. This includes a holistic approach of understanding and reducing their attack surfaces, preparing for the specific threat actors and techniques that target their industry or geography, and performing regular offensive testing to detect attack paths into their environments,” Ramaswamy concluded.