Kaspersky’s Report Reveals External Cybersecurity Vulnerabilities in Southeast Asia in 2021
JAKARTA - Cyber attacks can be prevented before the attacker is inside the internal network. Monitoring of these threats is considered capable of making organizations take action and neutralize attack attempts appropriately, before they penetrate existing gaps and affect the targeted institutions.
Cyber security company Kaspersky announced the results of a Digital Footprint Intelligence (DFI) report covering external threats for a select number of countries from the Asia Pacific (APAC) region in 2021, including six major Southeast Asian (SEA) countries.
This review of the report is intended to create awareness about cyberthreats, and demonstrate effective approaches to mitigate the risk of widespread attacks with significant business impact.
Capability of exploiting cybercriminals
A rapidly growing part of the adversary's early access approach is the exploitation of one-day vulnerabilities. Complex business processes are forced to leave services at the perimeter, thereby increasing the external attack surface.
With the help of public sources and specialized search engines, Kaspersky collects information about 390,497 services available from public networks and analyzes them to find key security issues and major vulnerabilities.
The analysis revealed that by 2021, nearly every five vulnerable services contained more than one vulnerability, increasing the chances of an attacker carrying out a successful attack.
All industry sectors, and all countries have issues with implementing security updates for publicly available services. Government agencies (primary personally identifiable information (PII) processors and key service providers to the public) are potential incident generators by a huge margin.
Singapore has a low number of vulnerabilities and a low ratio between the number of services and the number of vulnerabilities in them, while Vietnam, Indonesia, Thailand, and Malaysia have the highest ratios among Southeast Asian countries.
In terms of share of vulnerabilities with publicly available exploits, three of the top five countries are located in Southeast Asia (SEA), the countries being Malaysia, Vietnam and the Philippines.
While researching the security issues of enterprises from the Asia Pacific region, Kaspersky experts observed a number of commonly used vulnerabilities called ProxyShell and ProxyLogon.
The exploits for these vulnerabilities are widely available on the Internet, therefore, they can be easily exploited even by low-skilled attackers.
While ProxyShell is quite common in China and Vietnam, the other countries most affected by ProxyLogon are:
- In Government agencies – Thailand
- In the Financial sector – China
- In the Health Care sector – Philippines
- In the Industrial sector – Indonesia'
VOIR éGALEMENT:
ProxyShell is a group of vulnerabilities for Microsoft Exchange servers, such as CVE-2021-31206, CVE-2021-31207, CVE-2021-34473, and CVE-2021-34523.
Meanwhile, the ProxyLogon group includes CVE-2021-26855, CVE-2021-26857, CVE-2021-26858, and CVE-2021-27065. The vulnerabilities of both groups allow an attacker to bypass authentication and execute code as a privileged user.
The best defense against this vulnerability is to keep public systems up to date with the latest patches and product versions. Companies should also avoid direct access to the Exchange Server from the Internet.