According to the IBM 2021 Cost of a Data Breach Report, the year 2021 saw record-topping data breaches globally. With a large part of these numbers being due to the COVID-19 pandemic, there was a 10% increase in the average cost of a data breach from the previous year, with the cost difference where remote work was a factor being $1.07 million. The report showed that Asia was the most attacked region in the year, taking on 26% of all cyberattacks globally, while Europe (24%), North America (23%), the Middle East (14%), Africa (14%), and Latin America (13%) took on less of the remaining attacks.
The attack vectors spanned from business email compromises to phishing attacks, social engineering, a vulnerability in third-party software, and more; this indicated that organizations experienced cyberattacks not only without third-party security parameters in place, but also with security strategies, and as a result of human error.
The 2021 Sangfor Ransomware Trends Report showed that Enterprise and Research & Education were the highest attacked industries in 2021, accounting for 46.82% and 22.83% respectively, of the total number of attacks that occurred. For more information on the nature and scale of attacks globally, download the Sangfor Ransomware Trends Report here.
In the year 2022, the trend of cyberattacks in Asia has continued to be popular. According to research by Kaspersky, Jakarta- Indonesia alone experienced more than 11 million attacks in the first quarter of the year only. This number reflected a 22% increase from the previous year. Furthermore, the security company blocked a total of 11,260,643 phishing links across Asia using their anti-phishing systems with the majority of them being traced to the devices of users in Vietnam, Indonesia, and Malaysia.
These attacks have occurred all across Asia in every sector.
Major Ransomware Attacks in Asia
There have been several large-scale ransomware attacks in Asia over the last few years. An eye clinic in Singapore, web hosting services in Malaysia, and insurance companies across Thailand, Malaysia, Hong Kong, and the Philippines have all been victims, indicating the diversity of industries in which attacks take place.
Fujifilm
Early in June 2021, Japanese multinational conglomerate Fujifilm was hit with a ransomware attack that forced them to shut down parts of their global network. As a result, all of the company’s communications were affected. A public statement was released by the company on the 2nd of June in which they explained what had happened and expressed that they were taking measures to resolve the issue.
“FUJIFILM Corporation is currently carrying out an investigation into possible unauthorized access to its server from outside of the company. As part of this investigation, the network is partially shut down and disconnected from external correspondence,” it said, “We want to state what we understand as of now and the measures that the company has taken. In the late evening of June 1, 2021, we became aware of the possibility of a ransomware attack. As a result, we have taken measures to suspend all affected systems in coordination with our various global entities. We are currently working to determine the extent and the scale of the issue. We sincerely apologize to our customers and business partners for the inconvenience this has caused.”
AXA
In 2021, European insurance giant AXA also fell victim to a ransomware attack. It was believed that the ransomware attack was launched by the Avaddon ransomware group, who released a statement saying they had stolen three terabytes of data from AXA in the attack, including personal data and medical record data.
In a statement released by the insurance company, they said that if what the ransomware group had said was found to be true, they would handle the case with the necessary seriousness and inform all stakeholders and clients.
“AXA takes data privacy very seriously and if IPA’s investigations confirms that sensitive data of any individuals have been affected, the necessary steps will be taken to notify and support all corporate clients and individuals impacted.”
The hacking group threatened to publicize the stolen data in a period of ten days if AXA failed to meet their ransom demands. To support their claims, the group published several screenshots displaying some of the data that they had retrieved.
Read more about the incident here.
Thai Organizations
The healthcare sector has consistently ranked among the highest cyber-attacked industries. In 2020, in Thailand, several government hospitals and companies were hacked. Saraburi Hospital was one organization that was hacked, resulting in their inability to access their data, and slowed operations. While no ransom was demanded from them, other companies received demands of up to 1 million baht ($32,000).
According to Statista, in Thailand in 2019, the cybersecurity expenditure per capita amounted to around four million U.S. dollars. This number was forecasted to reach 7.4 million U.S. dollars by 2025.
In response to the growing attacks, Digital Economy and Society Minister Chaiwut Thanakamanusorn announced that Thailand had ushered in the Cybersecurity Act and NCSA to effectively respond to cyberattacks.
"Cybersecurity is increasingly important because it is close to people's lives and a crucial global trend as digital connects many dimensions. Any activities related to digital could increase the risk of a cyber-attack," said the minister.
What are the biggest causes of these ransomware attacks in Asia?
The landscape of cyber threats is enormous and constantly growing, but what are the factors that leave organizations vulnerable to these attacks in the first place?
As mentioned before, COVID-19 contributed greatly to the rise in cyberattacks, and remote work in particular presented companies with the challenge of new security issues to consider, just as it presented attackers with new opportunities to exploit vulnerabilities. In part, the vast changes and new concerns brought on globally for individuals and organizations alike can be attributed to digital transformation.
While essential to global development, digital transformation has presented the world with new risks, especially relating to cyber threats.
“The increase in digital transformation initiatives across businesses of all sizes is uncovering specific vulnerabilities for most organizations, which are only being catalyzed with the COVID-19 pandemic. With the emergence of new technologies such as cloud, artificial intelligence (AI)/machine learning, internet of things (IoT), big data, social media, and other operational technologies, technology risk is continually increasing,” writes Cyber Saint Security. “This has made it essential for CISOs and security teams to manage digital transformation risks by augmenting and enhancing IT and cyber risk management functions to support this new paradigm.”
Without the right cybersecurity infrastructure to support digital transformation, organizations are exposed, leaving them vulnerable to cyberattacks. The problems leading to insufficient security measures differ amongst companies.
- For some, it is a matter of insufficient product knowledge. Transformation needs teams that understand the ins and outs of new systems and procedures being introduced. Many companies lack the knowledge to understand how to protect their assets, or even that they need protecting at all.
- Limited security staff. There are several bases to cover in the IT departments of a company. This can often lead to a stretched workforce, leaving room for the negligence of the security aspect of it all. So, while companies have security and IT staff, they just don’t have enough to keep up with constant developments and complete regular and thorough analyses to detect existing and potential threats.
- They simply do not care. Unfortunately, some companies underestimate the importance of good security measures until it is too late. They fail to recognize that cybersecurity can be essential to business survival, thereby neglecting to equip themselves or invest in strong security products and solutions. Of course, it is important to know that no one is invincible from being the target of a cyberattack, and negligence is exactly what attackers look for.
How can companies in Asia combat the ransomware pandemic?
Sangfor’s Anti-Ransomware Solutions
At Sangfor, we understand how complex implementing cybersecurity solutions for an enterprise can be, so we not only do it for you, but we also simplify it too.
Sangfor’s Anti-ransomware Solution takes an integrated approach to combating ransomware attacks and as such is the only solution capable of clocking every step of the ransomware kill chain. Our ransomware solution follows four steps that allow our systems to detect and completely block all threats across your business's entire network:
- Stage 1: Detect & Block Malware and Ransomware Infection
- Stage 2: Detect & Block C&C Communications
- Stage 3: Detect & Block Exploitation
- Stage 4: Detect & Block Propagation
By converging Sangfor’s highly sophisticated Next Generation Firewall, Sangfor Endpoint Security, and Sangfor Engine Zero, our solution eliminates threats while repairing any vulnerabilities against future attacks, finding previously unnoticed blind spots, and tracing the source of all threats to ensure complete removal.
Now more than ever, businesses all across Asia must grasp the severity of this trend and act fast to put highly effective security measures in place. Cyber resilience from past incidents allows organizations to avoid the same mistakes because prevention is better than cure.
If you are interested in consulting security experts to implement a cyber security strategy tailored to your business, contact Sangfor now.
