Tech titan IBM has released the 2024 X-Force Threat Intelligence Index, revealing the manufacturing sector as the most-targeted industry in Asia-Pacific for the second year in a row, accounting for 46% of the incidents.
While Europe accounted for most attacks on the transportation industry globally in the previous year, Asia Pacific surpassed it in 2023 as it experienced 63% of attacks against transportation entities.
Notably, the study also showed how Asia-Pacific was the third most-targeted geography in 2023, accounting for 23% of incidents responded to globally.
According to IBM X-Force, IBM Consulting’s offensive and defensive security services arm, phishing and exploitation of public-facing applications were the most common initial access vectors observed in the region for 2023.
However, amid the spike of identity-based attacks that emerged globally, organizations in the region should practice vigilance and focus on strengthening their user access controls as cybercriminals see more opportunities to “log in” versus hacking into corporate networks through valid accounts.
The X-Force Threat Intelligence Index is based on insights and observations from monitoring over 150 billion security events per day in more than 130 countries.
Some other key findings in Asia-Pacific region include:
- At the industry level, manufacturing was the most-targeted in the region (46%); followed by finance and insurance, and transportation industries, which tied for second place, accounting for 12% of cases each; and education was third at 8%.
- Phishing persisted as the top initial access vector in the region, with 36% of incidents in 2023, closely followed by exploitation of public-facing applications at 35%. The use of valid accounts, abuse of trusted relationship and replication through removable media all tied for third, each caused 12% of incidents observed.
- Once again, malware was the most observed action representing 45% of attacks in Asia-Pacific. Ransomware led those incidents accounting for 17%, and infostealers followed at 10%. Backdoors which accounted for 31% in 2022, made up only 3% of cases in 2023.
- The most common impact observed in attacks on the region were brand reputation and data theft at 27% each. Extortion, data destruction and data leak followed, all accounted for 20% of cases.
“Although ‘AI-engineered attacks’ are receiving more attention due to the rise of generative AI in the current landscape, the biggest security threat in Asia Pacific remains to be known unpatched vulnerabilities. Additional focus should also be placed on the region’s critical infrastructure and key industries such as manufacturing, finance and insurance, and transportation, with stress tests and well-prepared incidents response plans in place,” said Catherine Lian, general manager and technology leader at IBM Asean.
“The exploitation of user identity is becoming a preferred weapon of choice for global threat actors, raising the need for more effective user access control strategies in the region, and is prompting us to promote a holistic approach to security in the age of generative AI.”
