Asia-Pacific as a region is two times more likely to be targeted by advanced cyber attacks worldwide than the world as a whole, according to FireEye Labs.
Citing research data, FireEye lists the 10 most targeted countries in Asia during the past year -- South Korea, Japan, Taiwan, Thailand, Hong Kong, Philippines, India, Australia, Pakistan and Singapore.
Writing on a company blog, Geok Meng Ong and Kenneth Geers clarify that the data represents only those attackers they regard as “advanced persistent threats” (APT) or targeted attacks.
In terms of industry verticals, the most often-targeted by advanced attackers in Asia were financial services, national government, high-tech, chemicals/manufacturing /mining, services/consulting, higher education, telecom, energy/utilities/petroleum, entertainment/media, and sub-national and local government.
“Clearly, APT actors were busy last year, stealing information from every sector. And unfortunately, 2014 is likely to bring more of the same,” they said.
FireEye Labs observes that while attention-seeking hackers are trying to attract as much press as possible, organized and resourceful cyber criminals and nation-state threat actors are capable of more advanced – and stealthy – attacks.
This type of attacks, meant to steal information or sabotage critical infrastructure, can often go unnoticed for long periods of time.
With the 2012 World Intellectual Property Organization (WIPO) report showing that three of the top five patent offices are now located in Asia, representing more than 45% of all patents filed worldwide, Asia is a logical battleground for cyber attacks.
Stealing information about an advanced-stage product can allow an unscrupulous competitor to bring a similar product to market at a much lower cost and effort — and at the direct expense of the victim.
Criminals are using many tools, techniques, and procedures, the most common of which in 2013 were Gh0stRat, Sisproc, Darkcomet, Heartbeat, and LV. In certain countries such as Japan, Taiwan, and South Korea, FireEye discovered more than 30 unique APT families.
“Many organizations today, however, rely on security strategies that were developed several years ago using traditional controls such as anti-virus software and firewalls,” the bloggers said.
“While these strategies served well in the past, security professionals must reassess their efficacy against the evolving APT threat landscape and the evasive tactics used in these cyber attacks,” they added.