APAC seeing more APT attacks than other regions

The Asia-Pacific region is seeing more advanced persistent threat (APT) attacks than their global counterparts, with South Korea, Hong Kong, Taiwan, and Japan accounting for more than 80 percent of such attacks. 

In addition, high-value verticals are popular targets of advanced cyberattacks, according to a study released Tuesday by APT security vendor FireEye. These include the services, government, and high-tech industries. The study monitored computer network activities that targeted FireEye customers in the first half of this year, but included only customers that agreed to share their metrics. This is the first half-yearly threat study the vendor has released for the Asia-Pacific.  

FireEye has some 2,500 customers in 60-plus countries, and runs research teams in Singapore, India, and Japan. 

According to the findings, more than one in two FireEye appliances in the region recorded APT attacks compared to one in three globally. In particular, Taiwan, South Korea, and Hong Kong were the most heavily targeted, in which more than 60 percent of attacks involved tools and techniques used in APT attacks. 

FireEye listed APT activities captured in the region by country, ranked from most (1) to least active (10):

1. South Korea
2. Hong Kong
3. Taiwan
4. Japan
5. The Philippines
6. India
7. Singapore
8. Australia 
9. Thailand
10. Malaysia

The top four countries alone accounted for more than 80 percent of all APT attacks in the region. In addition, 51 percent of FireEye appliances in the region had experienced at least one APT incidence, compared to the global average of 35 percent.

The IT security vendor also noted that hacking tools such as Gh0stRat and DarkComet, which were readily and freely available, were most commonly used to steak banking information. These tools can also hide the attackers' origin. 

The study further uncovered increases in APT attacks, namely the Kaba/PlugX malware, in Hong Kong where some attacks were linked to issues related to Chinese and Japanese NGOs and activists. 

Asked why the region was bearing the brunt of attacks, Bryce Boland, FireEye's vice president and APAC CTO, noted that about 40 percent of the world's intellectual property rights or patent applications are generated from Asia. He suggested this could have fuelled attacks from hackers looking to steal intellectual property and infiltrate research and centers based in the region. 

Speaking at a media briefing in Singapore to discuss the findings, Boland added that there typically would be a spike in APT attacks around conflict areas. Recent incidents in this region leading to tensed bilateral relationships could have resulted in hackers targeting countries involved in such conflicts, such as the South China Sea dispute between China and the Philippines. 

According to the FireEye study, high-value verticals were also popular targets, with the services, consulting, and value-added reseller sector leading the list and accounting for 19.82 percent of overall APT attacks in the region. The federal government sector ranked next at 13.51 percent, followed by the high-tech vertical at 13.01 percent. These three sectors together accounted for nearly 50 percent of all APT activities in the region.  

"Motivated by financial and political objectives, threat actors are leveraging increasingly sophisticated methods to steal personal data," FireEye said, adding that the high level of activities against the services and consulting industry suggested hackers likely were targeting customers of third-party services.

Boland noted that organizations involved in outsourcing and consulting work made attractive targets because they would manage sensitive and, hence, valuable data on behalf of their clients. 

Stephanie Boo, FireEye's Southeast Asia regional director, said at the briefing that it would take on average 229 days before organizations realize hackers have infiltrated their network. In addition, 67 percent of businesses would learn about a security breach from an external entity, and all victims of APT attacks had updated antivirus signatures, Boo said.