Kaspersky Lab unriddled the mysterious threat of cyberespionage against countries, critical infrastructure, and companies in the region on its 3rd Asia Pacific (APAC) Cyber Security Weekend in Phuket, Thailand last week.
The company’s annual cybersecurity conference in the region brought together its top security experts along with industry professionals and journalists from 11 countries across APAC. The four-day event highlighted presentations from its top security researchers to reveal the truths and bust myths about cyberespionage, an alarming threat which has crossed the worlds of fiction and reality.
“Cyber espionage is a dangerous and costly threat targeting nations and corporations around the world, including nations right here in the Asia Pacific region. Kaspersky Lab today aims to sound the alarm louder about this imminent danger so we can step up our efforts to strengthen our infrastructure and protect the public,” says Stephan Neumeier, Managing Director at Kaspersky Lab APAC.
Four cybersecurity experts from Kaspersky Lab’s Global Research & Analysis Team (GReAT) top billed this year’s APAC Cyber Security Weekend and zeroed in on the state of targeted attacks in APAC countries from past to present and how governments, businesses, and concerned industrial sectors can beef up their cyber defenses.
Vitaly Kamluk, Kaspersky Lab’s Director of GReAT in APAC, opened up the discussion by looking back at major cyber attacks that have hit public and private organizations over the past years in countries around the region.
“Cyberespionage, a subset of intelligence activities in cyberspace, is covert by nature. The new generation of spies are not doing physical James Bond-style operations anymore they are regular software developers and system operators. Their achievements remain in the darkness until researchers like Kaspersky GReAT discover and document their activities. The attackers are not writing the history of cyberattacks, but researchers do. And it doesn’t come as easy making documentaries or writing memoirs. The work of researchers require high concentration and solving of multiple difficult logical problems on the way, which is why these stories are so valuable,” explained Kamluk.
Kaspersky Lab’s 2016 report titled “Measuring the Financial Impact of IT Security on Businesses” has found that targeted attacks, including cyberespionage, are among the most expensive types of attack. The study further shows these threats can cost up to $143,000 in losses for small businesses and $1.7 million for enterprises.
The global cybersecurity company’s cyberespionage report also reiterates that businesses in all sectors and of all sizes are vulnerable to a targeted attack. A Fortune 500 company is at risk as a two-man startup as both entities hold business data.
Aside from monetary loss, businesses and even government agencies lose confidential data and the trust from their stakeholders and customers in the wake of a successful cyberespionage campaign.
Seongsu Park, GReAT’s Senior Security Researcher based in South Korea, specifically talked about the role of a company’s infrastructure in a successful targeted attack.
Park is among the Kaspersky Lab researchers who have been closely monitoring the activity of the high-profile cyberespionage group, Lazarus, a cybercriminal gang believed to be behind the $81-million Bangladesh Bank heist last year. He said thorough analysis on this group proved that many servers of big corporations are being used by the cybergang as launchers of their attacks against these same enterprises.
To answer the who’s and how’s of a cyberespionage campaign, Noushin Shabab, Senior Security Researcher at Kaspersky Lab’s GReAT based in Australia, discussed the forensic techniques and critical analysis being carried out by researchers for years to be able to understand an attack and to unmask its perpetrators.
“Like paleontologists collecting the tiniest bones to be able to unearth a full artefact, cybersecurity researchers examine the leftovers of a malicious campaign, chase the trail of clues until we have gathered all the necessary pieces of the puzzle, and collate and compare evidences with fellow experts to be able to know the attackers behind an attack, their main goal, their techniques, and the length of their attacks. All the historic information we have gathered through investigating targeted attacks all these years helped us discover the truths and the myths of cyberespionage in the Asia Pacific region,” says Shabab.
Yury Namestnikov, Senior Malware Analyst at Kaspersky Lab’s GReAT, explained the trend of cyberespionage groups focusing on attacking financial organizations in the region using the now infamous ransomware to gain monetary rewards. He will also reveal the techniques used by these groups to mask destructive wiper-attack as an ordinary cybercriminal activity.
Aside from elite cybersecurity experts from Kaspersky Lab, the global cybersecurity company’s “Data Guardian” named Midori Kuma also graced the conference. Midori Kuma, who was in Asia Pacific for the first time, is Kaspersky Lab’s original character tasked to remind internet users on how to keep their data safe from cybercriminals.
Guest speaker Kyoung-JuKwak, Security Researcher at the Computer Emergency Analysis Team of Korea’s Financial Security Institute talked about Andariel, a threat actor connected to the Lazarus group and responsible for card leakage and illegal ATM withdrawals in South Korea.