Why emerging APAC markets are prime targets for the malware of the future

Why emerging APAC markets are prime targets for the malware of the future

In many ways, Asia has led the way in technological development. Robotics, video games, dizzyingly fast Internet speeds. But when it comes to cybersecurity, several APAC countries, especially those in emerging markets, are severely lacking. And while, according to the 2017 State of Malware Report, cybercriminals are still focusing the bulk of their nefarious efforts on North America and Europe, it’s not long before they turn their full attention to the vulnerable targets of the East.

To be clear, that doesn’t mean that there’s no cybercriminal activity in Asia-Pacific. Quite the contrary. According to research by March & McLellan Companies, APAC is an ideal environment for cybercriminals to thrive in due to high digital connectivity contrasted with low cybersecurity awareness and weak regulations. However, lack of transparency from Asian governments and businesses leads to the potentially inaccurate perception that threat levels in the APAC region are lower than everywhere else. We just don’t know what we don’t know.

That being said, our data shows that the most dangerous and pervasive forms of malware and the highest frequency of attacks are not happening yet in Asia-Pacific. Why? If you need an answer for why cybercriminals do anything, look no further than this: money. Threat actors target countries with the strongest economies in order to get the biggest return on their investments. In countries where the Internet is just being introduced, criminals would not expect to extort the same amount of money or data as in countries where the Internet rules almost all commerce, banking, data storage, and financial transactions.

Countries such as the Philippines, Malaysia, and Indonesia are already seeing widespread use of mobile banking and social media via smartphones, rapidly bringing Internet access to citizens. With widespread Internet adoption, it is only a matter of time before cybercriminals turn their attentions toward these markets.

In fact, just yesterday virtually every person in Malaysia had their personal data swiped in hacks of government servers and telco databases. After all, when market share increases, the sharks smell blood. To avoid the feeding frenzy, emerging APAC markets need to increase cybersecurity awareness and take active steps to mitigate risks as Internet access and adoption increases.

Let’s take a closer look at the factors that leave emerging markets in APAC vulnerable to attack.

Lack of regulation online

With the rapid growth of Internet usage in the APAC region, it’s likely that we’ll see a relative increase in malware detections. The aforementioned lack of transparency has resulted in weak cyber regulations by authorities in certain geographies, as well as a marked lack of security investment amongst businesses—perhaps partially due to the Internet security market still being heavily targeted toward US and European markets.

A relative lack of regulation leads to an Internet that resembles the wild west of early years—yet with the technological sophistication of today. This results in third-party app stores selling malicious apps unchecked, and pirated software often left unpatched due to lack of official support. It also leaves PCs ripe for takeover, which is why 50 percent of all botnet detections by Malwarebytes were centered in Asia. Outdated prevention security, the use of pirated software, lack of remediation or response, and poor cyber hygiene habits leave these systems open to online attacks.

Increased adoption of Internet without awareness

According to ESET’s Asia Cyber-Savviness Report, 78 percent of Internet users in Asia have not received any education on cybersecurity. Collectively, Asia’s level of awareness is comparably lower than other regions of the world. This general lack of awareness bleeds over into business, with 70 percent of Asian firms saying they don’t have a strong understanding of their cyber posture (Marsh & McLellan).

Without background information on the dangers inherent in cyberthreats, individuals and companies are less likely to consult cybersecurity resources, invest in security products, or respond quickly to breaches.

Some Asian economies such as Singapore, Hong Kong, and Taiwan boast excellent cybersecurity postures; all have government-linked cybersecurity agencies that sponsor education, outreach, and response to cyberthreats. The entire region must make a unified effort, however, to ensure that cybersecurity awareness is given greater emphasis.

Increased adoption of Android

Android devices are vulnerable to malware attack because of their high market share and ability to download third-party apps from vendors outside of Google. These vendors often don’t require that developers submit to strict security regulations, which leaves them vulnerable to infection (or, in many cases, results in malicious apps making their way into the marketplace unobscured). Unfortunately, the region of the world with the highest rate of Android adoption is, you guessed it, Asia.

In addition, local phone manufacturers in emerging Asian markets have been known to skimp on security features in order to reduce manufacturing costs. This leaves Asian Android users even more open to attack.

Increased adoption of IoT devices

Asia-Pacific leads the IoT market, having pioneered the adoption of IoT and machine-to-machine technology. Yet IoT is still a relatively new technology, for which security has not be adequately developed. Because of this, we’re already seeing IoT devices being compromised for botnet attacks, which are rampant in the APAC region.

While Internet usage in the region continues to grow, legislation and cybersecurity awareness is lagging behind; users are leaving themselves vulnerable to increasing attacks from cybercriminals. Individuals, businesses, and government bodies must learn more about cybersecurity, educate their friends, family, and coworkers, and take steps to secure their environments now before the inevitable tsunami of cyberattacks hits.

ABOUT THE AUTHOR

Wendy Zamora

Editor-at-Large, Malwarebytes Labs

Wordsmith. Card-carrying journalist. Lover of meatballs.