Unprepared, APAC businesses to suffer as cybercriminals meddle in Pyeongchang Winter Olympics

High-profile events always attract cybercriminals, but global focus may expose endemic APAC cybersecurity inadequacies

Tensions between North and South Korea may have cooled in the leadup to next month’s upcoming Pyeongchang 2018 Winter Olympics, but ongoing reports of online attacks and lagging Asia-Pacific cybersecurity posture suggest that the high-profile event is likely to see a surge in cyberattacks on APAC targets.

North Korea’s name has been appearing with increasing frequency in reports on regional cybersecurity attacks, with McAfee’s Mobile Research team recently warning that North Korean journalists and refugees were being targeted by malware that leveraged Facebook and the Kakao Talk social-media service to target recipients.

McAfee has also separately warned about a file-less malware campaign targeting organisations involved with the Pyeongchang Olympics. The attackers “appear to be casting a wide net with this campaign,” the company’s security researchers wrote.

That net, and other similar attacks likely to emerge in the weeks before the Games begin on 9 February, highlight the growing climate of cybersecurity attacks – which, a recent FireEye-Marsh & McLennan analysis concluded, is particularly likely to see success in an APAC market that is lagging the world when it comes to cybersecurity defences.

APAC targets have by far the longest dwell time in the world, the firms’ Cyber Evolution analysis found – with the average regional dwell time of 172 days nearly twice the global average of 99 days.

Countries like China, Vietnam and India were among the world’s hardest-hit by the recent WannaCry ransomware outbreak, the firms noted, warning that similarly crafty malware are likely to take advantage of “a basic lack of investment in appropriate cybersecurity measures” across the APAC region.

North Korea’s conciliatory gesture around the Olympics may have momentarily cooled tensions between the countries, but the country’s previous links to the Sony Pictures Entertainment hacks, an exploit targeting a Korean word processor, and to WannaCry – the US, UK, and Australia are among the countries officially blaming the devastating attack on the North Korean regime – suggests that North Korea’s athletes may not be the only ones preparing for a big competition next month.

The hype around previous Olympics has been linked to surges in hacker activity and other events, such as the 2014 FIFA World Cup, have been correlated with the ebb and flow of malicious attacks.

Regardless of any specific targeting of the Olympics, the event will occur in a general climate where the volume and sophistication of cybersecurity threats continues to expand. CrowdStrike recently warned of China-based threat actors targeting Western thinktanks in a series of highly-focused attacks.

Whether during the Olympics or after it, such surgical precision is likely to characterise the threat climate this year, with WatchGuard among the firms recently warning that cybersecurity attack volumes are climbing.

WatchGuard appliances saw an 81 percent increase in malware variants compared with the previous quarter, the company highlighted in its WatchGuard Threat Report for Q3 2017, while scripting attacks now account for 68 percent of all malware hits. Legacy antivirus solutions – trusted too much by too many small businesses – were missing 24 percent of malware. Scripting attacks accounted for 68 percent of all malware, while extensive use of HTML iframes was helping malware authors embed malicious code into victims’ sites.

Given these and other malware risks, APAC businesses are in the firing line. While regional organisations recognise cybersecurity as a top business risk – 58 percent of respondents to a recent FireEye survey ranked it as one of their top five risks – but level of awareness “is inconsistent with the region’s [low] level of preparedness”, the FireEye-Marsh & McLennan analysis noted.

Low regional transparency requirements, a weak cyber-regulatory environment, low investment in information security, and long dwell times were, the analysis concluded, all keeping the region susceptible to attacks, unprepared to deal with them once they hit, and unable to correlate security risks with potential business outcomes.

“Quantifying cyber risk is a key roadblock businesses face... [companies’] true cyber exposure remains unknown, and these companies are unprepared for potential cyber attacks.”