Southeast Asia Businesses and Governments More Likely to be Targeted with Cyber Attacks: New Report from FireEye and Singtel
- Written by Reporters
A state-owned bank and an Asian telecommunications company were compromised
SINGAPORE - Media OutReach - Nov 19, 2015 - FireEye, Inc. (NASDAQ: FEYE) and Singapore Telecommunications Limited (Singtel) today released a new report on advanced cyber attacks against organizations in Southeast Asia. In the first half of the year, organizations observed in the region faced a 45 percent higher risk of facing a targeted cyber attack than the global average. In the prior six-month period, they faced only a 7 percent higher risk.
Chart: Percentage of FireEye customers observed to have been affected by targeted malware (January - June 2015)
Across the region, 29 percent of observed organizations were targeted with advanced cyber attacks in the first half of 2015. Thailand and the Philippines were hardest hit, with 40 percent and 39 percent of observed organizations exposed to these attacks, respectively.
More than one-third of malware detections associated with advanced persistent threat (APT) groups originated within the entertainment, media and hospitality industries. By targeting media organizations, threat groups can gain access to news before it is published and potentially identify undisclosed sources.
FireEye observed at least 13 APT groups targeting national government organizations and at least four APT groups targeting regional or state governments around the world.
"Espionage isn't new but it is increasingly conducted online, and Southeast Asia is a hot spot," said Eric Hoh, president for Asia Pacific Japan at FireEye. "Geopolitics can drive cyber attacks. As Southeast Asia becomes a larger economic player on the world stage and tensions flare in the South China Sea, organizations should be prepared for targeted attacks."
William Woo, Managing Director, Enterprise Data and Managed Services at Singtel said, "The report emphasizes the frequency and sophistication of cyber attacks against all types of industries and enterprises in the region. The risk of attack, faced by regional enterprises, is higher than the global average. Therefore these enterprises must make it a priority to reinforce their cyber defenses. Even though APT attacks can be discovered within a shorter timeframe than before, which is currently after 205 days, this still leaves enterprises wide open to malicious activity within their breached environment. To avoid such a situation, it is imperative for enterprises to adopt preemptive measures, such as our cyber defense managed services, to safeguard their assets and customers, in order to protect their reputations."
Threat intelligence is an important tool for organizations seeking to stay ahead of attackers. The report contains insights into recent developments in Southeast Asia's cyber threat landscape, such as groups targeting prominent institutions to gather political and economic intelligence, the detection of a known cyber espionage campaign, and threat actors' evolving techniques to evade detection.
State-owned Bank Compromised
FireEye observed malware beaconing from a state-owned bank in Southeast Asia. FireEye Threat Intelligence believes the malware, called CANNONFODDER, is most likely used by Asian cyber threat groups to collect political and economic intelligence. In late-2014, FireEye observed the malware beaconing from an Asian telecommunications company. In mid-2014, the company observed threat actors sending spear phishing emails with malicious attachments to employees of an Asian government.
Decade-Long Cyber Espionage Campaign Detected
In April 2015, FireEye released a report documenting an advanced persistent threat group referred to as APT30 which conducted a cyber espionage operation against businesses, governments and journalists in Southeast Asia for ten years. This group's malware, called Lecna, comprised 7 percent of all detections at FireEye customers in Southeast Asia in the first half of 2015.
Stealthy Group Targets Southeast Asia Government
FireEye has been tracking ongoing activity associated with a unique and relatively stealthy group it first identified in 2013 as APT.NineBlog. One of the probable targets of the group's 2015 campaign is a Southeast Asian government, based on the specificity of some of the decoy documents. The group's malware uses encrypted SSL communications to evade detection. In addition, the malware attempts to detect the presence of applications used to analyze malware, and it quits if any is detected.
View the full report: http://www2.fireeye.com/rs/848-DID-242/images/rpt-southeast-asia-fall-2015.pdf
Image
http://release.media-outreach.com/i/Download/4010
Company Logo
http://release.media-outreach.com/i/Download/3524
About FireEye, Inc.FireEye has invented a purpose-built, virtual machine-based security platform that provides real-time threat protection to enterprises and governments worldwide against the next generation of cyber attacks. These highly sophisticated cyber attacks easily circumvent traditional signature-based defenses, such as next-generation firewalls, IPS, anti-virus, and gateways. The FireEye Threat Prevention Platform provides real-time, dynamic threat protection without the use of signatures to protect an organization across the primary threat vectors and across the different stages of an attack life cycle. The core of the FireEye platform is a virtual execution engine, complemented by dynamic threat intelligence, to identify and block cyber attacks in real time. FireEye has over 4,000 customers across 67 countries, including more than 650 of the Forbes Global 2000.
FireEye is a registered trademark or trademark of FireEye, Inc. in the United States and other countries. All other brands, products, or service names are or may be trademarks or service marks of their respective owners.
About Singtel
Singtel is Asia's leading communications and ICT solutions group, providing a portfolio of services from next-generation communication, technology services to infotainment to both consumers and businesses. For consumers, Singtel delivers a complete and integrated suite of services, including mobile, broadband and TV. For businesses, Singtel offers a complementary array of workforce mobility solutions, data hosting, cloud, network infrastructure, analytics and cyber-security capabilities. The Group has presence in Asia, Australia and Africa and reaches over 575 million mobile customers in 25 countries.
For more information, please visit www.singtel.com.
Source http://www.media-outreach.com/release.php/View/1942#Contact