Cyberwarfare / Nation-State Attacks , Fraud Management & Cybercrime , Geo Focus: Asia
How Geopolitics Is Reshaping APAC Cybercrime Trends
Competing Geopolitical Interests Tied to Growing Number of CyberattacksThe costly toll of cybercrime in the Asia-Pacific region has been growing over the past decade as APAC countries have increasingly became a crucial component of global technology supply chains, an essential conduit for maritime transportation and a battleground for geopolitical conflicts.
See Also: OnDemand | 2024 Phishing Insights: What 11.9 Million User Behaviors Reveal About Your Risk
IBM said the Asia-Pacific region faced the most cyberattacks globally in 2022, and the Russian invasion of Ukraine led up to a major spike in Emotet malware attacks, particularly on Japan. BlackBerry's research also showed Japan, South Korea and Australia were among the five most targeted countries globally, as government, healthcare and financial organizations faced the brunt of geopolitical-based attacks.
"As hostilities in Ukraine continue, the link between geopolitics and cyberattacks has become increasingly clear," BlackBerry said. The company said modern nation-state groups perfected their attacks to influence events without reaching the threshold of conflict by stealing intellectual property and conducting cyberespionage campaigns, disrupting critical infrastructure, and powering digital influence campaigns to undermine public confidence in government.
The cybercrime wave continued unabated in 2023, leaving no country untouched. Increased tensions in the Taiwan Strait led to a rise in malware attacks on Taiwanese agencies. Threat intelligence firm Trellix observed serious spikes in malicious email activity in January and May that delivered an assortment of malware with varying capabilities. "Geopolitical conflicts are one of the main drivers for cyberattacks on a variety of industries and institutions," said Trellix Senior Vice President Joseph Tal.
South Korean Defense Companies Targeted
North Korean cyber actors intensified attacks against South Korea, triggering a new round of sanctions and international cyber agreements to close the gaps. Seoul in February sanctioned the Lazarus group, Andariel, Bluenoroff and the North Korean Technical Reconnaissance Bureau, but the move had little effect.
In August, the Kimsuky group attempted to breach a joint exercise between U.S. and South Korean military forces and soon afterward, North Korean hacker groups launched intensive cyberattacks on South Korea's shipbuilding industry to steal naval military secrets. The country's National Intelligence Service warned its northern neighbor "is expected to continue such attacks against South Korean shipbuilders and component manufacturing firms."
In December, Seoul police accused the North Korean hacker group Andariel of stealing 1.2TB of data, including information on advanced anti-aircraft weapons, from South Korean defense companies and laundering ransomware proceeds back to North Korea. The Kim Jong Un regime also deployed thousands of fake "IT workers" to win hundreds of millions of dollars' worth of IT contractual work from U.S. and South Korean companies to fund the regime's weapons development programs.
South Korea's response to belligerent North Korean cyber warfare tactics in 2023 relied on international cooperation. The government in a summit at Camp David in August formed several bilateral working groups with nations including India and Australia to coordinate cyber defense. South Korean leaders promised, along with the U.S. and Japan, to set up a high-level cyber consultative body to strengthen their joint cyber capabilities to deter North Korea from using cybercrime to fund its weapons development program.
Worsening Crisis in the West Philippine Sea
The Philippines, an archipelago of thousands of islands west of Taiwan, faces a looming military conflict with China over contested atolls, the Scarborough Shoal and the Spratly Islands in the South China Sea. Naval skirmishes are becoming more frequent, and cybersecurity threats are growing.
Since April, cybercriminals have targeted and breached several high-profile government agencies and departments, including the Philippine Health Insurance Corp., the Department of Science and Technology, the Philippine Statistics Authority and the Philippine National Police. The most significant attacks this year included China's People's Liberation Army exfiltrating data from a prominent manufacturing and electronics company and targeting government institutions related to trade, defense and external affairs.
The National Defense College of the Philippines said in June that state-sponsored cyber operations, such as those conducted by China's Naikon APT group, pose a major cybersecurity threat to civilian and government agencies. The country recently published a revamped National Security Policy to respond to cyberthreats and the armed forces is raising a cyber command to secure and defend military systems from cyberattacks.
Australia Goes on the Offensive
Australia was rocked in late 2022 by two serious data breaches. Health insurance giant Medibank suffered a major breach in December that compromised the information of 9.7 million customers, and a breach suffered by the country's second-largest telecommunications company Optus compromised a similar number of people.
2023 began on a similar note with personal loan and financial service provider Latitude suffering a major incident that compromised the data of over 14 million people. The compromised information included customers' full names, their physical addresses, email addresses, birthdates, driver's license numbers, phone numbers and passport details.
Australian organizations suffered more than 400 data breach incidents in the first half of the year, according to statistics released by the Information Commissioner's office. In response, the government announced the appointment of a cybersecurity coordinator within the Department of Home Affairs to direct the government's cybersecurity spending and help manage cyber incidents.
The move wasn't enough, and industry bodies joined ranks to call for further government action as a cost-of-living crisis and inflation chewed into cybersecurity investments. The small business sector was hard-hit, and the average business lost $46,000 to cybercrime last year.
"Despite improved awareness, half of small business owners feel that addressing cybersecurity is too hard, cost-prohibitive and complicated to maintain," the Council of Small Business Organizations Australia warned. Soon after, the government provided AU$23.4 million in its 2023-24 federal budget to help small businesses become more resilient against cybercrime.
The government has made no bones about the impact of rampant cybercrime on Australian businesses and individuals. "The borderless and multibillion-dollar cybercrime industry continues to cause significant harm to Australia, with Australians remaining an attractive target for cybercriminal syndicates around the world," said Minister of Defense Richard Marles. "This threat extends beyond cyberespionage campaigns to disruptive activities against Australia's essential services."
Many Australians warn that Australia's economic dependence on China despite deep geopolitical differences with the country could leave the nation vulnerable to cybersecurity threats backed by China. In February, the government said it would remove Chinese-made security gear and surveillance cameras from defense sites amid concerns that China could use its national security law to force companies such as Hikvision and Dahua to hand over sensitive footage and data.
The government in October also announced plans to introduce standards to shore up the security of the country's fast-growing solar market amid reports that Chinese state-sponsored hackers might target internet-connected solar inverters and cause blackouts.
In November, the government unveiled an AU$587 million cybersecurity strategy to convert Australia into a "world leader in cybersecurity" by the end of this decade. It said the strategy will mandate ransomware reporting by businesses, boost law enforcement capacity and fund startups with innovative cybersecurity solutions.
Indonesia Eyes Data Privacy Law
Indonesia, Southeast Asia's largest country by area and economic strength that maintains a cordial relationship with China, hasn't suffered many nation-state attacks, but it remains vulnerable to financially driven attacks. According to Check Point research, the country faced the highest number of cyberattacks in the region in the first half of 2023, suffering 3,300 cyberattacks per week.
The cybersecurity company called Indonesia Southeast Asia's hot spot for cryptomining, botnet, mobile malware and info-stealer attacks and said botnet attacks accounted for 18.8% of all attacks on Indonesian businesses. Despite the growing threat, consulting firm Kearney said Indonesia's cybersecurity spending as a percentage of GDP - 0.02% - is the lowest in Southeast Asia.
"The region's growing strategic relevance makes it a prime target for cyberattacks, but cyber resilience is generally low. Specifically, there is a lack of strategic mindset, policy preparedness and institutional oversight relating to cybersecurity," Kearney said.
Indonesia enacted its first Personal Data Protection Law in 2022, bringing its data privacy and security controls closer to standards set by Europe's General Data Protection Regulation, but the law will not take effect until late 2024.
Despite such measures, the country is no closer to defending against targeted attacks than it was five years ago. Experts says Indonesia faces an acute shortage of qualified cybersecurity professionals. To make matters worse, the government hasn't succeeded in spreading awareness about the data privacy law, contributing to the general lack of awareness among businesses.