Cybersecurity company Kaspersky recently announced that 24% or one in every four of all malicious spam emails worldwide targeted the Asia Pacific (APAC) region, according to cybersecurity firm Kaspersky.
In 2022 alone, Vietnamese, Malaysian, Japanese, Indonesian, and Taiwanese Kaspersky users made up over half or 61.1% of all harmful spam discovered in Asia Pacific, the company added.
The region’s large population, widespread use of electronic services, and periodic lockdowns due to the Covid-19 crisis were cited as the primary drivers of spam email distribution in Asia Pacific.
Accounting for almost 60% of the global population, the Asia Pacific has more potential victims for scammers, Kaspersky noted. Users in the region are more likely to fall prey to scams because of the prevalence of internet services such as online shopping and other online platforms in people’s daily lives.
There is also the long-lasting effects of the epidemic, which included lockdowns and the establishment of work-from-home arrangements in the area, with employees bringing their office computers home to use. In most cases, the security of home networks is insufficient.
“Since 2018, the number of malicious spam mails detected by our solutions has seen a gradual decline after its peak in 2019. This, however, does not equate to our mailboxes being cleaner and safer. Our constant monitoring of the current and new Advanced Persistent Threats (APTs) operating in Asia Pacific showed that majority of these notorious threat actors use targeted phishing called spear phishing to crack into an organization’s systems,” said Noushin Shabab, senior security researcher for Global Research and Analysis Team (GReAT) at Kaspersky.
Sidewinder: A recent example
The threat actor known as “Sidewinder” is one of the most recent examples of an APT that targets critical organizations in APAC using sophisticated malicious emails. Since October 2021, Sidewinder has been employing new malicious JS code alongside fresh C2 server domains.
The attacker, who also goes by the names Rattlesnake and T-APT4, sends out spear-phishing emails that include infected RTF and OOXML attachments to intended victims.
Sidewinder is one of the most prolific threat actors tracked in APAC, according to Kaspersky, because of the variety of government institutions it has attacked throughout Central and South Asia. The specialists at Kaspersky have also recently uncovered spear phishing documents that seem to be directed at unsuspecting victims in Singapore.
The enormous volume, high frequency, and persistence of these assaults, plus the extensive collection of encrypted and disguised malicious components employed in their operations are just a few of the primary traits that set this threat actor apart from others.
Since October of 2020, Kaspersky specialists who have been keeping an eye on Sidewinder since 2012 have discovered over a thousand spear phishing assaults carried out by this APT actor.
The Sidewinder malware is constantly adding new victims to its database and improving its phishing techniques. For example, after sending a spear-phishing email containing a malicious RTF exploit file to a target, the attackers followed up with a similar email titled “_Apology Letter.docx,” which contained text explaining that the first email was sent in error and that they were reaching out to apologize for the inconvenience.
Steps for protection
Any organization – from government agencies and large financial institutions to energy companies – is vulnerable to APT attacks on sensitive data, Kaspersky warned. The main risk from APT assaults is that hackers could leave backdoors open that enable them to return at any time, even after they have been found and the immediate threat seems to be gone.
With this in mind, it is crucial to keep mailboxes secure, since that’s a common way for hackers to get access to a company’s internal systems, according to Kaspersky.
To protect against APTs, Kaspersky stresseed that all levels of staff should be alert to potential dangers, such as phishing emails. Email security technology is essential, along with education. Protective anti-phishing solutions should also be installed on mail servers and on staff workstations, so that businesses may check for possible spear-phishing signals without compromising their genuine security.
Moreover, Shabab recommends that international governments push for better legislation versus better spam. “Fewer spam emails from legitimate organizations means people are less used to receiving unexpected emails every day and are more vigilant when they are being targeted with malicious spear phishing emails,” she said.