According to one cybersecurity researcher, decades of insufficient spam regulation have conditioned people worldwide to be victims of phishing campaigns now
A cybersecurity firm’s ongoing research on spam email trends is showing that its clients in the Asia Pacific region receive 24% of the global malicious spam mails being detected and blocked by its solutions, and 61.1% of the malicious spam had targeted its clients from Vietnam, Malaysia, Japan, Indonesia, and Taiwan this year.
According to one of Kaspersky’s Senior Security Researchers, Noushin Shaba, three main factors are behind the bulk of spam emails targeting APAC: its large population, the high adoption rate of e-services, and the pandemic lockdowns: “Our constant monitoring of the Asia Pacific region… has showed that the majority of threat actors use spearphishing to crack into an organization’s systems.”
The most recent example of an advanced persistent threat (APT) targeting key entities in APAC through sophisticated malicious spam mails and spearphishing emails is the threat actor named Sidewinder. Since October 2021, this threat actor, also known as Rattlesnake or T-APT4, has been targeting military, defense and law enforcement agencies; foreign affairs; IT; and aviation entities in Central and South Asia with thousands of emails containing malicious RTF and OOXML files.
Considered one of the most prolific threat actors monitored by the firm in the APAC region, Sidewinder has been launching spearphishing attacks since October 2020.
Shabab added: “There are many more well-oiled APT groups like Sidewinder who are constantly upgrading their tools and tactics to target high-profile victims in APAC through believable spam and phishing emails. The implication for enterprises and government organizations here is that a single malicious email can crumble your most sophisticated defenses, and usually, APTs like Sidewinder just need one door to open, one machine to infect, and then it can hide and stay undetected for long.”
Governments can do more to impose stricter spam regulations to curb the cyber risks associated with the electronic nuisance. “Fewer spam emails from legitimate organizations means people are less used to receiving unexpected emails every day, and become more vigilant when they are being targeted with malicious spear phishing emails,” Shabab claimed.