Positive Technologies: manufacturing companies have been the main victims of ransomware attacks in the Asian region in 2022–2023

Positive Technologies, an industry leader in results-oriented cybersecurity, presented a study of current cyberthreats in the Asian region in 2022–2023 during the Eastern Economic Forum. The study found that 57% of attacks on organizations involved malware, the industrial sector being the most vulnerable to ransomware attacks, and cyberespionage was the primary goal of attackers. At the same time, nearly a third of successful attacks resulted in a non-tolerable event, that is, disruption of the organization's core business. To improve protection, Asian governments and companies need to build results-oriented cybersecurity, identify non-tolerable events at industrial and national levels, and improve cyberdefense resources and legislation.

According to the Positive Technologies study, 74% of attacks were targeted, meaning they were aimed at specific organizations, industries, or individuals. Ransomware operators pose a serious threat to businesses in the region: the main victims of ransomware attacks are manufacturing companies, accounting for 34% of successful attacks. According to Ekaterina Kilyusheva, Lead Expert of Information Security Analytics Research at Positive Technologies, this figure is generally higher than its global equivalent: in 2022, the industrial sector accounted for 15% of successful ransomware attacks. Ransomware attacks also target medical institutions (11%), financial organizations (11%), and IT companies (10%).

Cyberespionage is one of the major threats to organizations and governments in Asia. Nearly every third malware attack involved the use of spyware. Half of all successful attacks on organizations (49%) resulted in compromised sensitive information. Ordinary users experienced data leaks as well, with 76% of successful attacks producing such consequences. In total, 24% of successful attacks targeted individuals, which is higher than the global rate (17% in 2022). Spyware accounted for 56% of malware attacks against individuals.

In 27% of successful attacks, organizations' core operations were disrupted, with business processes suspended and access to infrastructure and data interrupted.

The most frequent victims of cyberattacks were government agencies (22% of total attacks on organizations), industrial companies (9%), IT companies (8%), and financial institutions (7%). Government agencies in Asia have become cybercrooks' main targets for several reasons. First of all, their systems hold a lot of valuable information, such as citizens' personal data, statistics, and information of national importance. In addition, many countries in the region are pursuing digital transformation and actively integrating new technologies into their government systems. This leads to the risk of new vulnerabilities appearing in information systems.

IT companies are among the top three most targeted industries in Asia for a number of reasons.

Ekaterina Kilyusheva explains: "The countries of Southeast Asia, including India and China, have experienced rapid growth in the IT sector and become centers of technological innovation, home to some of the world's leading IT companies. These companies possess a large amount of valuable data, including intellectual property and user information, which is of particular interest to cybercriminals. Hacking into these companies can bring attackers substantial profits, whether through selling information on the black market or using it for a competitive advantage."

The majority of attacks on organizations (81%) in Asia are aimed at computers, servers, and network equipment. In 22% of cases, attackers successfully hacked web resources, most often using known vulnerabilities or compromised credentials.

In attacks on organizations, malware is used in 57% of cases. Social engineering methods (40% successful attacks) and vulnerabilities in company resources (39%) are almost equally common vectors. This indicates that the publicly available resources of companies are not sufficiently protected. Resources in less secure countries can also be used as a training grounds for exploiting vulnerabilities.

Remote administration tools (RATs) have become the most common type of malware in attacks on organizations (54% of successful malware attacks). Ransomware ranked second, being used in half of malware attacks. The third place went to spyware (35%).

Asian organizations are very popular on the dark web: among the Asian countries, the most common ads are for the sale of access to organizations in China, Thailand, and India. These are mainly government organizations, IT companies and service sector companies. The cost of access depends on the size of the organization and the privileges of the account. Access to a network with the rights of an ordinary user or to a small company can cost $100–200, while domain administrator privileges start at $500.

Artem Sychev, Positive Technologies' CEO Advisor, comments: "Asia is prone to powerful and frequent attacks, as evidenced by global statistics: the region accounted for a third of all cyberattacks in 2022. Most of these attacks are caused by cyberespionage. Almost a third of the companies suffered interruption of core activities. Such a gobsmacking figure means that there is an urgent need for organizations to identify non-tolerable events and build security processes that would allow them to prevent such events. Our statistics show that the Asian cybersecurity market has a large capacity to grow. We are ready to leverage our experience to ensure digital sovereignty and help our partners in the Asia-Pacific region build results-oriented cybersecurity."

According to Sychev, governments need to identify non-tolerable events at the industrial and national levels. This approach helps to effectively allocate resources to ensure protection of the most critical systems. It is vital to timely update legislative measures in the field of cybersecurity to keep pace with current cyberthreats and technological developments, improve mechanisms for interacting with national and industry cyberincident response centers, and cooperate with international partners in combating cyberthreats. Businesses, for their part, need to analyze the main risks, compile a list of non-tolerable events that can cause significant damage to the companies' operations, monitor and respond to cyberthreats, and train employees and infosec specialists.

Get in touch

Fill in the form and our specialists
will contact you shortly