Southeast Asia Dominates 2023 Global Ransomware Cases: Trend Micro Study
Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, revealed a 10% annual increase in total threats blocked in 2023, as detailed in its latest report, Calibrating Expansion: Annual Cybersecurity Threat Report. The report warns that attackers are using more advanced methods to target fewer victims with the potential for higher financial gains.
Trend Micro blocked 161 billion threats overall in 2023, compared to 82 billion threats five years ago. Some of the key global findings include:
-
Email malware detection surged by 349% year-on-year (YoY), while malicious phishing URL detections declined by 27% YoY — suggesting a trend for more using malicious attachments rather than links directly included in emails.
-
Business email compromise (BEC) detections increased by 16% YoY.
-
Ransomware detections dropped 14%, however, there was a 35% increase in threats blocked under Trend Micro’s File Reputation Services (FRS).
These findings suggest that firstly, threat actors are becoming more prudent about selecting their targets, and secondly, becoming more skilled in bypassing early detection layers. In the case of malicious emails, for instance, instead of launching large-scale attacks that rely on victims clicking on malicious links in websites and emails, cybercriminals are targeting a smaller pool of higher-profile victims with more sophisticated attacks. This approach helps them evade network and email filters, which could explain the surge in file detections at endpoints.
Similarly, in the case of ransomware, the increase in FRS detections suggests that threat actors are getting better at evading primary detection via techniques such as Bring Your Own Vulnerable Driver (BYOVD) and zero-day exploits, among others.
The report also illuminated threat developments in Southeast Asia in 2023. While Southeast Asia saw an overall increase in ransomware detections, making up more than half (52%) of the global number, this was largely attributed to significant detections within Thailand. Other markets such as Indonesia, Malaysia, Singapore, and the Philippines saw a decline in ransomware detections, similar to the overall global trend. In Singapore, the number of ransomware detections fell by 42%.
Outside of ransomware, the region generally saw a YoY decline in detections for other threats studied, including email threats (34%), malicious URL victims (7%), botnet victims (28%), and online banking malware (84%).
A similar trend is seen in Singapore, reporting a YoY decline in multiple threats, with the most significant decline observed in email threats (68%). Malicious URL victims, botnet victims, and online banking malware saw a decline of 7%, 18%, and 9% respectively.
David Ng, Country Manager for Singapore at Trend Micro, said, “While we have seen a decline in many threats in our region, we cannot rest on our laurels. Cyber threats continue to surge globally as adversaries level up their tactics, techniques, and procedures (TTPs) in their attacks, especially in defence evasion. As our report demonstrates, network defenders must continue to proactively manage risk across the entire attack surface today. Understanding the strategies favoured by our adversaries is the foundation of effective defence.”
In light of these findings, Trend Micro advises network defenders to:
-
Work with trusted security vendors with a cybersecurity platform approach to ensure resources are not only secured but also continuously monitored for new vulnerabilities.
-
Prioritise SOC efficiency by monitoring cloud applications carefully as they become more closely integrated into day-to-day operations.
-
Ensure all the latest patches/upgrades are applied to operating systems and applications.
-
Utilise comprehensive security protocols to safeguard against vulnerabilities, tighten configuration settings, control application access, and enhance account and device security. Look to detect ransomware attacks earlier in the attack lifecycle by shifting left in defences during initial access, lateral movement, or data exfiltration stages.
To read the report, Calibrating Expansion: Annual Cybersecurity Threat Report, please visit here.