Cyber Extortion on the Rise in Southeast Asia
Cy-Xplorer Report for 2023 Shows Increase in Cyber Extortion
Despite the fact that there are fewer and fewer victims, cyber extortion only increased at the beginning of this year. Orange Cyberdefense reports this in the Cy-Xplorer report for 2023. The energy sector (+51 percent), education (+41 percent), financial services and insurance companies (together +11 percent) were particularly hard hit in 2022.
Cyber exportion means the use of ransomware. This means that organizations are penetrated by cybercriminals, after which data is locked or stolen (or both). The demand is a ransom, with the frequent threat to make sensitive data public. Orange Cyberdefense uses the term ‘Cy-X’ for this type of attack.
“The fact that the number of Cy-X attacks continues to rise indicates a new focus of cybercriminals,” says Jort Kollerie, who is a Strategic Advisor at the company. “After 2022 seems to have been a year of distraction and rebranding, we see that various criminals are now clearly out for extortion.”
New Victims Further From Home
We are familiar with many victims in our own country. For example, the immensely popular LockBit 3.0 caused major problems for health care provider JorisZorg and the KNVB football association. However, Orange actually sees good news in that respect: organizations in Western countries are now often responding faster and more actively to threats. For a ransomware attack, time is an important aspect: if a criminal spends longer in a network, it can steal more data, infect more people and/or place backdoors to return later. Organizations in Europe and North America are therefore increasingly avoiding this, which means that there is a decrease in these areas. Kollerie explains this trend as follows: “Actors are now focusing on regions where the level of risk appears to be lower for them, which is often related to the proactivity – or lack thereof – of governments.”
The losers: countries in Southeast Asia, where cyber extortion increased by 42 percent. Indonesia, Singapore and Thailand count on the most attention from cybercriminals. They are therefore clearly looking for easier targets, which will need time to arm themselves against the sharply increased threat.
Delay Due to Ukraine War, More Defenses
The war in Ukraine disrupted the practices of ransomware groups. Orange interprets this by stating that cybercriminals had to choose sides: either Russia or Ukraine. It found that 74 percent of organizations were in NATO countries. Yet it took a while before cyber extortion started again. This is reminiscent of the trend we recently saw in Log4Shell exploits.
Finally, Orange also sees that governments are becoming increasingly active in this area. For example, there are countries that prohibit companies from responding to extortion, which should serve as a deterrent to cybercriminals. However, there will always be exceptions. However, that does not just mean that the criminals have been exonerated: arrests are becoming more and more common. For example, police recently arrested a group of cybercriminals in the Netherlands.
The Cy-Xplorer report for 2023 shows that cyber extortion is on the rise, particularly in Southeast Asia. While organizations in Western countries are responding faster and more actively to threats, those in Southeast Asia are lagging behind and are therefore more vulnerable to cybercriminals. Governments are becoming increasingly active in this area, with some countries prohibiting companies from responding to extortion. Arrests of cybercriminals are also becoming more common, though there will always be exceptions.