Hackers Exploit Loopholes To Compromise ASEAN Networks
Internal networks are businesses' arteries, where sensitive data is stored and processed, and employees collaborate on projects. Yet, a new study has found that many Southeast Asian countries lag in cybersecurity.
According to the Digital Footprint Intelligence (DFI) report, which security firm Kaspersky Lab conducted, there are still many cybersecurity loopholes in Southeast Asia (SEA).
The external attack surface of companies and countries continues to increase as they move ahead in their digitization efforts, which includes expanding their online presence and services.
Specifically, the study found that attackers exploited vulnerable services to gain access to corporate networks. Even a low-skilled attacker can easily exploit these vulnerabilities.
Services associated with remote access and management also further stretch the attack surface of the systems. Specifically, Kaspersky experts discovered that ProxyShell and ProxyLogon – two commonly used vulnerabilities – are being exploited by attackers in SEA.
ProxyShell is a backdoor often used in Chinese and Vietnamese attacks. ProxyLogon, on the other hand, has been used in attacks targeting government agencies (Thailand), the financial sector (China), healthcare (Philippines), and industrial organizations (Indonesia).
The collection of information based on 390,497 publicly-available services showed that nearly 20% of all services have one or more vulnerabilities. This puts companies and countries at risk of a successful attack.
Kaspersky showed an increasing incidence of exploitation due to day-one vulnerabilities, or vulnerabilities that attackers can exploit on the same day they are discovered before a patch is released.
Adversaries use this as initial access to compromise systems and data. These are an easy target for adversaries as they can be easily exploited with publicly available tools and require little skill.
Government institutions are potential incident-generators. The study also found three out of the top five countries with the highest number of vulnerabilities with publicly available exploits are located in Southeast Asia (SEA), including Malaysia, Vietnam, and the Philippines.
This highlights the need for organizations in SEA to be more vigilant in patching their systems and keeping their software up-to-date. They should also have security measures in place to detect and respond to threats quickly to minimize the impact of an incident.
Of the countries surveyed, Singapore remains the only country with low vulnerabilities to publicly-available exploits, which could be due to its high awareness of cybersecurity best practices.
Image credit: iStockphoto/Quardia
