The Threat Intelligence Index and the state of cybersecurity in APAC

• Tech Wire Asia spoke with Chris Hockings, CTO for IBM Security Asia Pacific, recently discussing the cybersecurity landscape in APAC and why it is the most targeted region by hackers.

For the second year, cybersecurity in the Asia Pacific (APAC) region deteriorated more than anywhere else. APAC, in fact, retained the top spot as the most attacked region in 2022, accounting for 31% of all incidents remediated worldwide, IBM Security X-Force Threat Intelligence Index shows.

Interestingly, IBM reckons businesses in APAC, including India, will continue to face growing numbers and sophistication of cyber threats as bad actors take advantage of economic and geopolitical disruptions. To understand why APAC as a region would have remained a target for hackers, Tech Wire Asia spoke with Chris Hockings, IBM’s chief technology officer in the APAC region.

This transcript has been edited for length and clarity.

What impacted IT security the last year?

The most significant shift was towards what’s known as backdoors, which represented 20% of all cases, and this is malware that provides access to compromised systems for attackers.

And it was the most observed this year, which knocked out ransomware from the last few years, actually, since 2020. So that’s number one. And I’ll explain to you why that’s severe.

We also saw a prevalence of thread hijacking, which doubled per month compared to last year’s data. Thread hijacking is really about an attacker taking control of people’s communication channels and inserting spam links or whatever else that seems trustable in the form of communication.

Therefore, the receiver doesn’t realize it is an attacker on the other end. Extortion was involved in about a quarter of all of the incidents, which was the most significant impact, and then it weighs on that psychological impact that forces victims to pay.

And we saw extortion attempts, even in Australia. You might remember the Medibank Private hack, whereby the ransomware group demanded a US$1 per customer ransom from the health insurer. The last shift is in the trend.

We’ve talked a lot about the increased number of vulnerabilities per year, and that continued. Again, vulnerabilities hit a record high, but the proportion of exploits available has been trending down. That tells you that attackers don’t need new exploits as much as they may have in the past. They end up using exploits that have existed.

That is why we even saw things like WannaCry making a comeback when in reality, we are five years on from when it was the top threat. Until last year, we saw an 800% increase in ransomware attempts that use WannaCry. Those are the top trends from the overall report.

What is the most significant cybersecurity pain point in APAC, and why is the region most targeted?

The region saw a 5% increase from 26% to 31%, and prevalent countries included Japan, the Philippines, Australia, India, and Vietnam. Considering the pandemic, the significance of supply chains, and how we depended on them like never before, IT systems were more exposed than ever.

That said, considering how APAC plays a massive role in connecting people, goods, and businesses, attackers shifted their focus to that region’s cybersecurity. It is not surprising, though, because historically, regardless of whether you’re in mature markets or emerging ones, cybersecurity often needs to catch up on the pace of technological implementations.

As we scale out, the message we need to push is to ensure that cybersecurity is considered a priority across APAC countries at the same pace of maturity as technological advancement. So in 2022, attackers found an opportunity to go after APAC, and they also persisted with that beyond the pandemic period.

Since manufacturing tops the list of most attacked industries in the region, what would you advise for organizations within the industry to be more secure?

The critical point for manufacturing is that it’s very attractive for extortion attempts because there’s a low tolerance for downtime and loss of productivity. Therefore, the ability to extort money is higher, and that’s where we see a lot of activity. 47% of incidents responded to by X-Force were in manufacturing, and deployment of backdoors was the top action on objective, identified in 28% of cases in the manufacturing sector.

Ransomware actors, in particular, find this industry an attractive target, likely due to these organizations’ low tolerance for downtime.

---

---

---

---