The latest data from global cybersecurity company Kaspersky revealed that phishing incidents in Southeast Asia skyrocket only a few months into 2022, exceeding the total number last year.
From January to June 2022, Kaspersky’s Anti-Phishing system blocked more than 12 million malicious links in SEA, which is one million more than the total number of phishing attacks detected here in 2021 (over 11 million).
The end goal of a phishing attack is to steal credentials, particularly financial and login information, to steal money or worse to compromise an entire organization.
More than half of the H1 2022 phishing detections were targeting Kaspersky users in Malaysia, the Philippines, and Vietnam. Four out of six countries from SEA (Malaysia, the Philippines, Thailand, and Vietnam) recorded more phishing emails during the first six months of this year compared to their total number of incidents in 2021.
Aside from the individual’s loss of money, Kaspersky’s elite researchers recently sounded the alarm that most of the Advanced Persistent Threat (APT) groups in the Asia Pacific including SEA use targeted phishing to enter into a highly defended network.
Because of the level of effort needed to carry out such an attack, APTs are usually leveled at high-value targets, such as nation-states and large corporations, with the ultimate goal of stealing information over a long period of time, rather than simply “dipping in” and leaving quickly, as many black hat hackers do during lower level cyber assaults.
“We did a report this year which found that the majority (75%) of executives here are aware and even anticipate an APT attack against their organizations,” Noushin Shabab, senior security researcher for Global Research and Analysis Team (GReAT) at Kaspersky, revealed in a recent event.
Traditional security often doesn’t stop spear phishing attacks because they are so cleverly customized. As a result, they are becoming more difficult to detect. One employee mistake can have serious consequences for businesses, governments, and even nonprofit organizations.
“With phishing incidents hitting the roof in just the first six months of the year, enterprises, public entities, and government agencies should understand the impact of one wrong click on their critical networks and systems,” said Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky. “We, humans, remain the weakest link and it is time to look beyond training and awareness. Backup security plans, like incident response capabilities, should be in place to stop a phishing email from becoming the launch pad of a damaging attack to your organization.”
To fight spear phishing scams, employees need to be aware of the threats, such as the possibility of bogus emails landing in their inbox. Besides education, technology that focuses on email security is necessary. Kaspersky recommends installing protective anti-phishing solutions on mail servers as well as on employee workstations.