APT attacks on the incline in APAC: FireEye

IT security firm FireEye has said that in the first six months of 2015, the Asia-Pacific region has seen a significant increase in the number of APT attacks.
Written by Asha Barbaschow, Contributor and  Philip Iglauer, Contributor

Organisations in the Asia-Pacific (APAC) region were increasingly targeted by advanced persistent threats (APT) in the first half of 2015, with APT exposure growing rapidly in the region from well below average, to well above average, according to a report produced by security vendor, FireEye.

In its report [PDF], titled Regional Advanced Threat Report: Asia Pacific 1H 2015, FireEye found that organisations in Southeast Asia are 45 percent more likely than the global average to be attacked.

FireEye said that it was still a thought throughout the APAC region this year that APT attacks were only prevalent in the United States, despite FireEye's 2014 findings, which highlighted South Korea, Hong Kong, Taiwan, and Japan accounted for more than 80 percent of such attacks.

"For years we have been stating that over 95 percent of businesses unknowingly host compromised PCs within their corporate networks, and that has not changed," the report said.

The security vendor said the first half of 2015 was eventful for the region, highlighting the breach Australia's dominant telco Telstra announced in May.

Telstra announced the acquisition of Asian telecommunications network company Pacnet for AU$697 million in December 2014.

At the time the telco giant said the deal would double its presence in Asia, with Pacnet operating in 11 countries throughout Asia, Australia, the US, and the UK, boasting over 2,400 customers.

A few months later, however, Telstra discovered a security breach on Pacnet's corporate IT network, finding that an SQL injection on a web application server in Pacnet's network had allowed access to its network, and that a third party had gained access to Pacnet's corporate IT network, including its email and administrative systems.

According to Telstra, Pacnet discovered and fixed the vulnerability on April 3, just under two weeks before Telstra finalised its purchase of Pacnet on April 16.

"Now we have addressed the breach and understand its potential impacts. We are in the process of advising our Pacnet customers worldwide of what occurred and reassuring them that we are now applying the same high level of security we apply to Telstra's networks," group executive of global enterprise services, Brendon Riley said at the time.

FireEye said that another breach which "rocked the nation" and raised awareness in the APAC region about APT attacks, was the Japan Pension Service (JPS) breach.

In June, the JPS saw the personal data of 1.25 million people leaked by way of a "simple error" the Japan Times reported at the time. Allegedly, employees of the JPS opened a virus-laced email attachment which was disguised as a health ministry document.

"The year ahead shows no signs of slowing down," FireEye said.

Another attacking trend FireEye highlighted as being prevalent in the region, was callback attacks; an unauthorised communication between a compromised victim computer and its command-and-control (CnC) infrastructure.

South Korea was the most targeted country in the world for CnC call back attacks, due to the country's "sophisticated internet infrastructure" as threat actors need a fast internet connection for their attacks, FireEye said.

"Also, South Korea is ranked as the top country exhibiting CnC infection callbacks. A high number of Gh0stRat callbacks exhibiting from Korea could be a reason. Most of them are for constructing large size botnets, while some are used for targeted attacks," the report said.

The East Asian country also had more malicious downloads and redirects to exploit sites than any other country in the world, according to FireEye, which speculated that the reason "could be related to watering-hole attacks targeting Korean users since FireEye has observed large scale watering-hole attacks redirect users to exploit sites such as advertisement service websites".

The US came in second, followed by China in the top 10 list of CnC callback "destination" countries. Australia did not make the list.

High-tech sectors topped the list of industries exhibiting infection callbacks, followed in second by federal governments, then financial services, manufacturing, and education.

FireEye said that every geography included in its report has a higher exposure rate to attacks from APT groups than the global average, adding "the region's geopolitical tensions have steadily ratcheted up in recent months, and its cyber activity reflects this".

Editorial standards