Singapore was the most vulnerable country in Southeast Asia (SEA) in 2018, with over 3 million malicious URLs hosted locally and over 15 million victims falling prey to these URLs, according to Trend Micro Incorporated’s 2018 Security Roundup Report, which depicts a threat landscape that has evolved heavily in both approach and tactic.
Amongst all SEA countries, Singapore was a hotbed for hosting malicious URLs, accounting for 68.1% of such attacks.
Vietnam, Indonesia and Singapore were the three SEA countries with the highest numbers of email threats blocked by Trend Micro at 46.2%, 21.3% and 10.9% respectively.
Trend Micro detected more than 55 million malware attacks in SEA. Malaysia took top spot at 29.6%, followed by Singapore (19.8%) and Thailand (16.4%). Attacks that capitalize on the human desire to respond to urgent requests from authority are on the rise.
The number of BEC attacks in 2018 increased by 28% globally. While these attacks are less frequent than phishing attacks, they are more sophisticated and take more careful planning for cybercriminals. On average, they yield approximately S$177,000 per attack.
Trend Micro emphasizes that business email compromise (BEC) scams are a pressing issue amongst Singapore-based companies. The nation ranked first in SEA for experiencing the most BEC attacks (consisting of CEO fraud) last year (27.3%), followed by Malaysia (26.1%) and Indonesia (25%).”
As these attacks contain no malware and go undetected by traditional security measures, companies need to increase their protection against these attacks with smart solutions that analyze the email writing style of key executives in order to identify whether the email may be fraudulent. Trend Micro’s AI-enabled Writing Style DNA does exactly that and effectively helps detect BEC attacks.
Overall, Singapore ranked third in SEA for experiencing the most email threats last year, which included spam, preceded by Vietnam and Indonesia.
“The changes across the threat landscape in 2018 reflect a change in the mindset of cybercriminals,” said Nilesh Jain, vice president, Southeast Asia and India, Trend Micro. “Previously, attackers relied on spray and pray style attacks. Today, they can be more effective with targeted phishing emails to infect victims who click the links or open the attachments. Enterprises need to strengthen their cyber defenses at every touchpoint, namely, on the endpoint, in the cloud, and at the network layer.”
In 2018 alone, Trend Micro also documented how machine learning could help reduce the rate of unknown software downloads, identify certificate abuse and web defacement campaigns. “We have foreseen that cybercriminals will deliberately try to evade machine learning in security solutions,” cautioned Jain.
“To counter this, we have developed means to make machine learning systems more robust by generating adversarial samples to identify weaknesses in a machine learning model, which, in turn, can be used to retrain a machine learning system to make it more robust.”
Another strong indicator of how the threat landscape is shifting can be seen in the types of threats that decline. Ransomware detections decreased by 91% globally compared to 2017, along with a 32% decrease in new ransomware families. This reinforces the shift in attack tactics, as ransomware does not require extensive planning, technical skills or ingenuity due to the large number of resources available for malicious hackers in the cybercriminal underground.
Trend Micro’s ongoing research and most advanced threat intelligence influences future product enhancements to ensure customers remain a step ahead of malicious actors.