Well, here we are on a dreary Saturday morning, with snow once again predicted for the Chicagoland area.  Yes, snow, and it is almost May.  This place never fails to astound me.  Anyways, this is a perfect day to do some writing. 

Most of the blogs that I have written starting this year have primarily focused upon Cybersecurity issues here in the United States, and to a certain extent, even those in Europe, especially where the GDRP legislations are involved.

But did you know (and in fact, I did not even know this) that the Asian Pacific region actually surpasses the United States in terms of the number of Cyberattacks that are happening?  This is according to a recent “2019 Trustwave Global Security Report”. 

Their findings weren’t based upon survey like other studies have been, but rather, they have collected and analyzed large amounts of information and data which include the following:

*Billions of logged security and compromise events;

*Hundreds of data-breach and forensic investigations findings;

*Penetration Testing;

*Network Vulnerability Scans.

Here are some of the general findings of the report:

*35% of Cyberattacks take place in the Asia Pacific region, surpassing the United States at 30%, the EMEA at 27%, and the LAC region at 8%.

The sectors that were most vulnerable to a Cyberattack were:

*The retail sector at 18%;

*The finance sector at 11%;

*The hospitality industry at 10%.

In terms of how the threat vectors are being launched in the Asia Pacific region, the study also discovered the following:

*Phishing Attacks are becoming more focused, but more intense:

Believe it or not (and I can’t) the total number of Spam related attacks fell to only 6%.  This is due to the fact that the Cyberattackers, as I have written about many times before, have become much more focused when it comes to pouncing on their intended victims.  Gone are the days of the so called “Smash and Grab” campaigns, where it the mentality was all or nothing.  The Cyberattacker is taking their own sweet time, but once they are in the victim, that’s when the real damage starts.  Also, the drastic fall of the Phishing attacks can be attributed to the fact that Cyberattackers are resorting more towards using Botnets, such as that of Necurs.

*Denial of Service and Social Engineering Attacks are at the top of the list:

DDoS and Social Engineering have accounted for 62% and 60%, respectively for all of the Cyberattacks that have occurred in the Asian Pacific region.  For the former, privilege escalation to gain unauthorized access was the most used threat vector.  For the latter, Business Email Compromise (BEC) was the most widely used threat vector.  In an interesting note, in these instances, the Cyberattacker used free Email services in order to launch their BEC Attacks.  Businesses and corporations are the most prone to this, as 46% of them were found to be a victim in this regard.

*Credit card information is the most sought after “Crown Jewel”:

Quite interestingly, it is not username and passwords anymore that the Cyberattacker is most after.  Rather, they want direct access to your financial information, namely your credit card number. But even more startling is that the total number of credit card skimming attacks (those that occur at the Point of Sale) were only at 11%.  This is due because of the EMV chip technology that is being used these days in order to protect the credit card holder.  So how is the Cyberattacker getting to your credit card?  Simple enough: When you enter your number at an unsecure shopping card or E-Commerce site, or by being tricked into going to a spoofed up one.

*Cryptojacking is on the rise:

Although Social Engineering and DDoS top the attack pool, Cryptojacking is the most emerging Cyberthreat now in the Pacific Rim area.  For instance, when compared to 2017, the total number of these incidents have increased by 1,250%. 

*Websites are found to be the most vulnerable attack surface:

In this survey all of the major web applications that were analyzed had at least one major vulnerability in which the Cyberattacker could penetrate through (I am assuming that these websites are those that are hosted by ISPs in the Asia Pacific region).  It was also discovered that most critical weakness was the failure to implement the Microsoft Security Update MS17-010.  This repairs the ETERNALBLUE vulnerability in the Server Message Block (SMB) protocol used for local network communication.

*Corporate and Internal Networks are the most critical:

Overall, these are still most at risk in terms of a Cyberattack, accounting for at least 50% of the Cyberattacks that have occurred last year and even going into this year.  E-Commerce sites are the next most risk, with 27% of them being hacked into.

My thought on this?

Here is some good news that the survey found:  The mean time from actually detecting a Cyberthreat to mitigating it is now at 27 days versus the 67 days it originally took.  The time it has taken to detect an external threat and contain it has decreased down to 55 days from the original of 83 days.  Many companies have now started to adopt the use of Endpoint Detection Response (EDR) tools which have led to these key improvements.

Really, nothing too much surprises me about the report.  As I have mentioned before as well, Cryptojacking is going to be the next wave of major Cyberattack that is going to occur – whether it happens this year or not.  It will eventually happen.  At the present time, it is only used to consume the electrical and the processing power of the unsuspecting victim’s computer in order to launch illegally mine for the virtual currencies, such as that of Bitcoin.

But this entry point could also be used as a means in which to deploy even more malicious types of malware onto the victim’s computer, and cause even more widespread destruction, such as using them for Botnet style attacks. 

But I was surprised to see that the total number of credit card skimming attacks at the Point of Sale (POS) have actually decreased.  While this is certainly good news, this is a trend that continues with even greater proliferation here in the United States.  Remember EMV technology does not guarantee 100% security, it only offers an enhanced layer of security, and even this can still be broken into.

It’s like Two Factor Authentication (2FA).  At one point in time, this was claimed to be the key to further protecting yourself and your business.  While this is still true to a certain extent, the Cyberattacker has found ways to break through two lines of defenses, so now the mantra is to have three more layers of defense.

But, no matter what, all of this underscores the fact the Cyberattacker knows no geographic boundaries.  They can strike anywhere, anytime, and most scary:  When you least expect it.  You will not know that you have become a victim until it is too late to do anything about it.

Finally, more details about the study can be seen here at this link:

https://www.trustwave.com/en-us/resources/library/documents/2019-trustwave-global-security-report/