Organisations in Asia-Pacific will face more targeted cyber attacks that steal financial, personal and classified data in 2015, after a number of high-profile threats in the United States this year, warned Trend Micro today.
The cyber security firm predicts that criminals would use tried and tested methods, such as exploiting existing vulnerabilities in software used by victims, to grow their target list in the year ahead.
In a report on online threats released today, it said it has already seen attacks against targets in Indian, Indonesia, Malaysia and Vietnam. It expects hackers to employ more sophisticated methods to expand their attacks in the region.
These targeted threats will often involve carefully planned efforts, such as early-stage intelligence gathering that lets criminals select particular points of entry and long-term surveillance to find a weak point.
With widespread social media usage, it is much easier to find information on a particular person in an organisation and attempt to enter a network through this authorised user, Trend Micro executives told reporters in Singapore today.
Among the most commonly targeted loopholes were those found in popular software, such as Microsoft Office, the company revealed. Adobe’s Acrobat Reader, used often in the office, was another target.
To counter the threat, Trend Micro said today it is partnering cyber threat monitoring firm e-Cop and distributor M.Tech to deliver an outsourced security service to organisations in the region.
They promise cyber security expertise that would help organisations detect and ward off attacks, even if they are too cash-strapped to set up their own security operations centres to monitor threats from around the world.
Several high-profile security breaches this year, such as ones affecting Target and JP Morgan, have exposed millions of users’ private information in the United States. In Singapore, 300,000 customer accounts were in the open in September after an apparent attack against karaoke chain KBox.
Organisations are increasingly worried that existing security tools, such as firewalls and malware detection, are no longer effective as hackers turn to customised attacks that use specially written malware code that is hard to detect and target specific users in an organisation to gain entry.
Once in, they could slowly survey the network and penetrate layer after layer of security, while secretly sending stolen information back to command and control servers overseas.
Trend Micro is not the first to offer such an outsourced service to customers in the region, as awareness of such advanced persistent threats gets heightened.
Last month, SingTel and FireEye said they were investing US$50 million in the next five years to set up two operations centres and train professionals in Asia-Pacific to fight off sophisticated threats.
UPDATE 25 November 2014, 5:26pm: Trend Micro, through its public relations agency, has clarified that the outsourced service it is offering now is via a “serviced model” that reduces capital expenditure. It had rolled out an initial offering last year.