Just Six Months, Phishing Attacks In Southeast Asia Over A Number Of Years Then

The number of phishing attacks in Southeast Asia increased (photo: pixabay)

JAKARTA - Phishing continues to skyrocket in Southeast Asia (SEA). The latest data from global cybersecurity firm Kaspersky reveals that it only took six months for cybercriminals to surpass their phishing attacks last year.

From January to June 2022, Kaspersky's Anti-Phishing system has blocked a total of 12,127,692 malicious phishing links in Southeast Asia.

This number is one million more than the total number of phishing attacks detected in the region in 2021, which is 11,260,643 detection.

Phishing, a type of social engineering attack, remains one of the main methods used by attackers to harm their targets, both individuals and organizations.

Serangan ini dilakukan dalam skala besar di mana para penjahat dunia maya mengirim gelombang besar email yang mengaku sebagai perusahaan atau entitas yang sah untuk mempromosikan halaman fake atau menginfeksi pengguna dengan lampisan berbahaya.

The ultimate goal of a phishing attack is to steal credentials, especially financial information and login to steal money or worse, endangering the entire organization.

The first layer of 2022 is full of good and bad events. At a personal level, we are experiencing seismic shifts to try to regain post-pandemic normal life, and force companies and organizations to welcome remote and hybrid jobs," said Yeo Siang Chinese, General Manager of Kaspersky in Southeast Asia in a statement received on Monday, October 10.

In addition to individual losses, elite Kaspersky researchers recently sound the alarm that most of the Advanced Persistent Threat (APT) groups in Asia Pacific including Southeast Asia use phishing targeted to enter highly protected networks.

As the name suggests "advance or sophisticated", APT uses sustainable, secret, and sophisticated hacking techniques to gain access to the system and stay inside for a long period of time, with potentially damaging consequences.

Due to the level of effort required to carry out such attacks, the APT usually adjusts attacks to high-value targets, such as countries and large companies, where the ultimate goal is not just to infiltrate, but to steal information for a long time.

Noushin Shabab, Senior Security Researcher for the Global Research and Analysis Team (GReAT) at Kaspersky, revealed in a recent presentation that targeted phishing, also known as spear phishing, was the selected infection vector of the APT group operating in the region.

"We made reports this year that found that as much as 75 percent, executives here are aware and even anticipate APT attacks on their organizations," Yeo added.

Yeo also suggested that with phishing incidents hitting in just the first six months of 2022, companies, public entities, and government agencies should understand the impact of one wrong click on their critical networks and systems.

Traditional security often does not stop phishing spear attacks because they are customized very intelligently. As a result, they become more difficult to detect.

With the stolen data, online fraudsters can disclose sensitive commercial information, manipulate stock prices or commit various espionage actions.

More than that, spear phishing attacks can spread malware to hijack computers, setting them into large networks called botnets that can be used for service denial attacks.

To fight spear phishing scams, employees must be aware of threats, such as possible fake emails that enter their email boxes. In addition to education, email security-focused technology is also needed.

As for companies and organizations, Kaspersky suggests building incident response capabilities that will help manage the consequences of cyberattacks and incorporate threat intelligence services to have in-depth knowledge of cyber threats and growing tactics from active APT groups.