Story image

Flashpoint: APAC companies must factor geopolitics in cyber strategies

15 Mar 2019

Article by Flashpoint Asia-Pacific intelligence team senior analyst Aaron Shraberg   

Geopolitical and economic tensions between the United States, China, and North Korea will steer risk management decisions in the Asia-Pacific region for the coming months. 

Organisations, such as some recently targeted financial services institutions in Australia and New Zealand, should closely monitor cyber and political activity in the area.

The diverse geopolitical and economic interests of the states in the region play a significant role in driving and shaping cyber threat activity against entities operating in APAC. 

While most threat actors targeting organisations in the region are financially motivated, nation-state activity remains a potent threat against government and diplomatic entities, as well as financial organisations as nations such as North Korea continue to fund operations through hacking.  

Political and economic events to watch

As 2019 progresses, the ongoing trade conflict between the US and China could spur an uptick in cyber activity against the US and its closest Five Eyes allies, further eroding the Xi-Obama agreement to cease China’s industrial espionage activity for economic gain.

Last year, a limited number of named advanced persistent threat (APT) outfits operating in the region were alleged to be behind high-profile compromises and thefts of data and/or funds from global financial institutions, attacks on various multinational firms via third-party providers, and campaigns against the cryptocurrency industry.

North Korea is likely to remain a stressor in the region. 

It is unlikely to unilaterally disarm its nuclear program, and will likely ramp up its cyber attacks against APAC, A/NZ, and Western financial institutions, as well as cryptocurrency exchanges in order to finance the regime and its activities. 

Organisations should also monitor unresolved disputes over ownership and militarisation of parts of the South China Sea, debates over the integrity of Huawei and ZTE devices in Western networks, and other events in the region that could impact businesses in A/NZ and APAC.

While some criminal organisations operating in A/NZ and APAC are believed to be behind Eastern European outfits in terms of experience and capabilities, APT activity from China and North Korea is considered highly advanced. 

Organisations in the region should be aware of campaigns linked to criminal or nation-states in the area, and some of the tactics, techniques, and procedures (TTPs) employed by these groups.  

Advanced TTPs coming out of APAC and A/NZ

Some TTPs include commonplace first-stage attacks such as phishing or spear-phishing emails and watering hole attacks. 

These groups also have at their disposal banking Trojans, malware that seeks out and steals credentials, and ransomware, among others. 

Many criminal groups are proficient in activity to facilitate carding and reshipment fraud, the theft and sale of personally identifiable information, as well as more technically involved operations, including the sale of compromised RDP hosts, developing proxy and anonymisation tools (to circumvent law enforcement and censorship efforts), and other tactics to carry out fraud.

Some attackers are also making use of publicly available exploits for common vulnerabilities in Apache Struts, Oracle products, Adobe Flash, Microsoft Office and others.  Most of these vulnerabilities have already been publicly disclosed and patches are available, meaning that threat actors are opportunistic in the region, capitalising on lax patching efforts, or under-resourced IT organisations to exploit these security flaws.

Already this year, financial institutions in Australia, Japan, and elsewhere have reported being targeted by a new spam campaign using the Hancitor dropper to infect machines with the Gozi information-stealing malware. 

Gozi, also known as Ursnif, packages up banking and other account credentials from an infected machine and exfiltrates them to an attacker-controlled server.  Variants of the banking malware have been active since 2014 and frequently target Microsoft Office vulnerabilities to gain a foothold on unpatched machines.

Malware-based attacks aren’t the only means of profit for threat actors in the region. 

Late last year, several Chinese-language deep and dark Web forums contained posts advertising the availability of fraudulent identification cards from Australia, New Zealand, several locations in Europe, as well as North America. 

The fraudulent documents would allow, in some regions, the ability to travel without additional visas, vote in elections, or open bank accounts, for example. 

Another post also advertised processing of identifications and passports from Australia, New Zealand, Canada, France and Germany, opening the door to citizenship in some of those locations, in addition to the previously mentioned capabilities.  

Assessment

Enterprises in Asia-Pacific, Australia, and New Zealand will have impending risk management decisions guided in some part by the fragile geopolitical and cyber climate in the region. 

As the US, China, and North Korea tug at each other’s shirttails in cyberspace and in the political arena, businesses will continue to be targeted by criminal and state-sponsored outfits operating in APAC and A/NZ. 

Any erosion of these diplomatic or economic relationships will trickle down to businesses in the area, and threat activity targeting countries and companies in APAC and A/NZ will be influenced accordingly.

Veeam joins the ranks of $1bil-revenue software companies
It’s also marked a milestone of 350,000 customers and outlined how it will begin the next stage of its growth.
Veeam enables secondary storage solutions with technology partner program
Veeam has worked with its strategic technology alliance partners to provide flexible deployment options for customers that have continually led to tighter levels of integration.
Veeam Availability Orchestrator update aims to democratise DR
The ability to automatically test, document and reliably recover entire sites, as well as individual workloads from backups in a completely orchestrated way lowers the total cost of ownership (TCO) of DR.
Why flash should be considered the storage king
Not only is flash storage being used for recovery, it has found a role in R&D environments and in the cloud with big players including AWS, Azure and Google opting for block flash storage options.
NVIDIA's data center business slumps 10% in one year
The company recently released its Q1 financial results for fiscal 2020, which puts the company’s revenue at US$2.22 billion – a slight raise from $2.21 billion in the previous quarter.
Limelight Networks celebrates 100th point-of-presence launch
The company has increased its global network capacity by 40% in just five months, bringing its total egress capacity to 42Tbps.
Dell EMC launches interactive AI Experience Zones
The AI Experience Zones are designed to educate visitors about how to start, identify, and implement an AI project.
Salesforce continues to stumble after critical outage
“To all of our Salesforce customers, please be aware that we are experiencing a major issue with our service and apologise for the impact it is having on you."