For the second year running, cybercriminals are largely targeting manufacturers in Asia Pacific. Such cyber attacks account for 46% of all incidents reported, according to IBM’s 2024 X-Force Threat Intelligence Index. IBM X-Force is IBM Consulting's security services arm.
Phishing continues to be the top initial access vector in the region, with 36% of incidents in 2023. This is followed by the exploitation of public-facing applications (35%), use of valid accounts (12%), abuse of trusted relationships (12%), and replication through removable media (12%).
Exploiting valid accounts has become the path of least resistance for cybercriminals, with billions of compromised credentials accessible on the Dark Web today. In 2023, X-Force saw a 266% uptick in infostealing malware globally. Those malware are designed to steal personal identifiable information like emails, social media and messaging app credentials, banking details, crypto wallet data and more.
Besides that, IBM X-Force predicts that once generative AI market dominance is established, it could trigger AI as an attack surface. Organisations should therefore secure their AI models before cybercriminals scale their activity. They must also take a holistic approach to cybersecurity as their existing underlying infrastructure is a gateway to their AI models and does not require novel tactics from attackers to target
“‘AI-engineered attacks’ are receiving more attention due to the rise of generative AI in the current landscape, but the biggest security threat in Asia Pacific remains known unpatched vulnerabilities. Additional focus should also be placed on the region’s critical infrastructure and key industries such as manufacturing, finance and insurance, and transportation, with stress tests and well-prepared incident response plans in place,” says Catherine Lian, general manager & technology leader of IBM ASEAN.
She continues: “The exploitation of user identity is becoming a preferred weapon of choice for global threat actors, raising the need for more effective user access control strategies in the region, and prompting us to promote a holistic approach to security in the age of generative AI.”
