Ransomware detections increased alarmingly across several Southeast Asian nations, accounting for over half (52 per cent) of ransomware cases detected worldwide, according to a Trend Micro report.
This means ransomware has been found in the region more than in any other part of the world, the cybersecurity vendor says.
While Thailand accounted for 68 per cent of all Asian detections, ransomware detections decreased in other countries, including Indonesia, Malaysia, Singapore, and the Philippines, in accordance with the general worldwide trend. Significantly, ransomware detections in Singapore dropped by 42 per cent.
Outside of ransomware, the region experienced a year-on-year reduction in the threats investigated, including e-mail threats (34 per cent), malicious URL victims (7 per cent), botnet victims (28 per cent), and online banking malware (84 per cent).
Similar trends are observed in Singapore, with a year-on-year decline in multiple threats, with the most significant decline in e-mail threats (68 per cent). There was a 7 per cent, 18 per cent, and 9 per cent decrease in malicious URL victims, botnet victims, and online banking malware, respectively.
“Cyber threats continue to surge globally as adversaries level up their tactics, techniques, and procedures (TTPs) in their attacks, especially in defence evasion,” said David Ng, country manager for Singapore at Trend Micro.
“Organisations must proactively manage risk across the entire attack surface today. Understanding the strategies favoured by our adversaries is the foundation of effective defence,” he added.
Globally, there was a reported 10 per cent annual increase in total threats blocked in 2023. The Trend Micro report warns that attackers are using more advanced methods to target fewer victims with the potential for higher financial gains.
This is backed up by the finding that e-mail malware detection grew by 349 per cent year on year, while malicious phishing URL detections fell by 27 per cent year on year. This suggests that cyber attackers are using malicious attachments rather than links directly included in e-mails.
Another finding is that business e-mail compromise (BEC) detections increased 16 per cent year on year, and ransomware detections dropped 14 per cent. However, there was a 35 per cent increase in threats blocked under Trend Micro’s File Reputation Services (FRS).
These findings imply that threat actors are more selective about choosing their targets, and are becoming better at bypassing early detection layers.
For example, instead of launching large-scale attacks that rely on victims clicking on malicious links in websites and e-mails, cybercriminals are targeting a smaller pool of higher-profile victims with more sophisticated attacks—an approach that helps them evade network and email filters, which could explain the surge in file detections at endpoints.
Similarly, for ransomware, the increase in FRS detections suggests that threat actors are getting better at evading primary detection via techniques such as Bring Your Own Vulnerable Driver (BYOVD) and zero-day exploits.
According to Verizon, ransomware attacks were involved in 24 per cent of all breaches. In a separate Sophos report, ransomware was found to have affected 66 per cent of organisations in 2023.
Based on its findings, Trend Micro advises network cyber defenders to work with reputable security vendors using a cybersecurity platform strategy to safeguard resources and constantly check for emerging vulnerabilities.
Another tip is to give Security Operations Centre (SOC) efficiency a priority by monitoring cloud apps as they become more integrated into regular operations.
Besides ensuring that all operating systems and programmes have the most recent fixes and updates, organisations should use extensive security measures to improve account and device security, restrict configuration settings, manage application access, and protect against vulnerabilities.
Finally, aim to detect ransomware attacks earlier in the attack lifecycle by shifting left in defenses during initial access, lateral movement, or data exfiltration stages.
