With stolen credentials and Ransomware-as-a-Service kits being sold cheaper than ever on the Dark Web, expect more cybercrime this year!

According to a recent cybersecurity landscape report by Group-IB, the Asia Pacific region ranks third behind North America and Europe in terms of cyberattack incidents registered in its protection ecosystem. Last year, 322 attacks were conducted in the APAC region, amounting to 11% of all attacks worldwide.

The most active groups in the firm’s regional incidents were Lockbit, Conti, and Hive. In Asia as a whole, a Unix rootkit called Caketap is attacking Automated Teller Machines by incepting banking cards and PIN verification data from breached ATM switch servers. The stolen data is then used to facilitate unauthorized transactions


Four other regional cyber trends detected and summarized include:

    1. The region is a major target for state-sponsored ransomware Attacks
      Threat actors often use compromised VPN and RDP account credentials to access target company networks. This allows them to bypass initial stages of an attack and find new victims faster.

      On Dark Web forums, the average price for such stolen account credentials has decreased, making it more affordable than ever for cybercriminals to plan their attacks.

      In terms of the number of access offers, APAC ranks second to the US, with India the top country for access offers.

    2. Ransomware is still the number one threat
      Despite key threat actor forums banning searching for affiliates, the Ransomware-as-a-Service (RaaS) market continues to evolve. Last year, Group-IB discovered 20 new public affiliate RaaS programs in its ecosystem.

      Ransomware groups are becoming increasingly similar to IT startups, with their own corporate structures, departments, incentive programs, and staff “days off”. Threat actors are using zero-day vulnerabilities and supply-chain attacks to infect victims.

    3. Military operations are ongoing worldwide
      The firm’s specialists discovered 19 new state-sponsored groups that specialize in cyber espionage. Most attacks against critical infrastructure are successful because basic security requirements (such as updating software in time and patching) are not followed.

    4. Manufacturing and real estate industries likely most vulnerable in 2023 As far as the firm’s customer ecosystem is concerned, several industries, including finance, manufacturing, information technology, energy, and telecommunications, will continue to face increasing dangers in 2023.

      Last year, ransomware operators principally targeted the manufacturing and real estate sectors, which accounted for almost 20% of ransomware outbreaks.