TECHNOLOGY
You’ve Got Spam Mail: APAC accounts for a quarter of global malicious emails in 2022
September 7, 2022 2:05 p.m.
Spam mails have evolved since the first one was sent back in 1978. Its evolutions span from the techniques, tactics, and the latest trends cybercriminals piggyback on to make it more legitimate-looking and urgent-sounding – an effective formula to prey upon an unsuspecting user.
One of Kaspersky’s elite researchers, Noushin Shabab, probed into the spam threat landscape in Asia Pacific (APAC) this year to answer – what if emails do not get opened?
Shabab, presented in front of selected media from the region during Kaspersky’s 8th APAC Cyber Security Weekend, revealed that the region received 24% of the global malicious spam mails being detected and blocked by Kaspersky solutions. This means one in four junk electronic messages were delivered to computers in APAC.
Noushin Shabab, Senior Security Researcher for Global Research and Analysis Team (GReAT) at Kaspersky
Malicious spam is not a technologically complex attack, but when done with sophisticated social engineering techniques, it poses a severe threat to individuals and enterprises alike. These junk mails are sent out in mass quantities by spammers and cybercriminals who are looking to do one or more of the following:
- Make money from the small percentage of recipients that actually respond to the message
- Run phishing scams – in order to obtain passwords, credit card numbers, bank account details, and more
- Spread malicious code onto recipients’ computers
In 2022, more than half (61.1%) of the malicious spam detected in the region targeted Kaspersky users from Vietnam, Malaysia, Japan, Indonesia, and Taiwan.
Shabab cited three main factors which cause the bulk of spam emails targeting APAC —- its population, the high adoption of e-services, and the pandemic lockdowns.
The APAC region has almost 60% of the world’s population and this means that there are more potential victims for scammers here compared to other parts of the world. The extensive use of online services such as online shopping and other online platforms for day-to-day activities here also makes individuals more susceptible to falling victim to scams. There is also the lingering pandemic aftermath which led to lockdowns and work-from-home set up in the region where people took their work computers home. Home networks are usually less protected from cyberattacks.
“Since 2018, the number of malicious spam mails detected by our solutions has seen a gradual decline after its peak in 2019. This, however, does not equate to our mailboxes being cleaner and safer. Our constant monitoring of the current and new Advanced Persistent Threats (APTs) operating in Asia Pacific showed that majority of these notorious threat actors use targeted phishing called spear phishing to crack into an organization’s systems,” reveals Noushin Shabab, Senior Security Researcher for Global Research and Analysis Team (GReAT) at Kaspersky.
The most recent example of an APT targeting key entities in APAC through sophisticated malicious mails is the “Sidewinder” threat actor. Since October 2021, the Sidewinder threat actor has been using new malicious JS code with recently created C2 server domains. The attacker, also known as Rattlesnake or T-APT4, targets victims with spear-phishing emails containing malicious RTF and OOXML files.
Known for targeting military, defense and law enforcement agencies, foreign affairs, IT, and aviation entities in Central and South Asia, Sidewinder is considered one of the most prolific threat actors monitored in the APAC region. Kaspersky experts also recently found spear phishing documents which appear to be aimed at future targets in Singapore.
Some of the main characteristics of this threat actor that make it stand out among the others are the sheer number, high frequency and persistence of their attacks, and the large collection of encrypted and obfuscated malicious components used in their operations. Kaspersky experts, who have been monitoring Sidewinder since 2012, have detected over a thousand spear phishing attacks by this APT actor since October 2020.
Sidewinder also continues to expand its victimology and to sharpen its phishing tactics.
For instance, to reduce the suspicion raised by some of their spear-phishing documents that had no text content, the group followed their first attempt to attack the victim – a spear-phishing email containing a malicious RTF exploit file – with another similar email, but in this case, the title of the malicious document was “_Apology Letter.docx”, and it contained some text explaining that the previous email was sent in error and that they are reaching out to apologize for that mistake.
“There are many more well-oiled APT groups like Sidewinder who are constantly upgrading their tools and tactics to target high-profile victims in APAC through believable spam and phishing emails. The implication for enterprises and government organizations here is that a single malicious email when clicked can crumble your most sophisticated defenses, and usually, APTs like Sidewinder just need one door to open, one machine to infect, and then it can hide and stay undetected for long,” Shabab adds.
APTs target any sensitive data; one doesn’t need to be a government agency, major financial institution, or energy company to become a victim.
The major danger of APT attacks is that even when they are discovered and the immediate threat appears to be gone, the hackers may have left multiple backdoors open that allow them to return when they choose. This increases the importance of guarding mailboxes – an entry point they usually exploit to get a foothold of an organization’s networks.
Employees across all ranks need to be aware of the threats, such as the possibility of bogus emails landing in their inboxes. Besides education, technology that focuses on email security is necessary.
To be able to search for potential spear-phishing signs without diminishing the company’s actual security, Kaspersky suggests private and public companies to install protective anti phishing solutions on mail servers as well as on employee workstations.
Enterprises should also utilize advanced security software that can detect sophisticated APT attacks.
For governments, Shabab suggests defining better spam regulations to curb spam risks. “Fewer spam emails from legitimate organizations means people are less used to receiving unexpected emails every day and are more vigilant when they are being targeted with malicious spear phishing emails,” she adds.
TECHNOLOGY
SEA 2023: Cybercriminals clog business networks with financial phishing
6:36 p.m. March 18, 2024
In 2023, Kaspersky anti-phishing technologies detected nearly 500,000 attempts to follow a phishing link on businesses’ devices in Southeast Asia (SEA). Interestingly, this number only refers to phishing links related to finance matters – e-commerce, banking, and payment systems.
Phishing persuades users to take action which gives a scammer access to your device, accounts, or personal information. By pretending to be a person or organization the users trust, they can more easily infect the victim with malware or steal their information.
These social engineering schemes “bait” with trust to get valuable information. This could be anything from a social media login, to your entire identity via your social security number. These schemes may urge the user to open an attachment, follow a link, fill out a form, or reply with personal information.
“Financial phishing” is a type of phishing which refers to fraudulent resources related to banking, payment systems and digital shops. Payment system phishing includes pages impersonating well-known payment brands.
From January to December last year, Kaspersky solutions detected and blocked a total of 455,708 financial phishing attempts targeting companies of various sizes in the region. The statistics reflect clicks on phishing links placed in various communication channels, including emails, fraudulent web sites, messengers, social media, etc.
“Phishing is a trusted technique for cybercriminals when it comes to infiltrating business networks because they usually work. The rise of generative AI helps cybercriminals to make phishing messages or scam resources more convincing. As a result, it becomes challenging for people to distinguish between a scam and a legitimate communication. That’s why the role of robust security solutions increases,” comments Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.
The Philippines logged the highest number of financial phishing at 163,279 attempts in 2023, followed by Malaysia with 124,105. Indonesia chalked up 97,465 incidents while Vietnam experienced 36,130 phishing attacks related to financial matters. Thailand and Singapore registered the least number of this threat at 25,227 and 9,502 respectively.
“Cybercriminals employ various tactics, including financial-related phishing, to deceive employees and trick them into falling victim to an attack Our recent study showed employee security violations can be as damaging as external hacking for companies in Asia Pacific which means the human factor continues to play a role in making businesses vulnerable. Tools to help safeguard against human error are a vital step forward, but they can’t exclude employee education, skills development, and overall strengthening of the company’s ability to detect and respond to cyberattacks,” adds Yeo.
To help companies protect their systems against the damages of a successful phishing attack, Kaspersky experts recommend:
- To advance decision-makers’ understanding of the importance of cybersecurity and how best to distribute budgets to stay ahead of threats, engage them with Kaspersky Interactive Protection Simulation for enhanced C-level professional education.
- Consider experts’ help. For example, Kaspersky Assessments family of professional services identifies security gaps in your system’s configuration, and the Security Architecture Design helps create an IT security infrastructure that’s a perfect fit for a particular company. Every step of implementation is grounded in real security needs, giving decision-makers convincing arguments to allocate budgets.
- Install and use enterprise security solutions with anti-phishing software: The Advanced Anomaly Control feature within Kaspersky Endpoint Security for Business Advanced, Kaspersky Total Security for Business and Kaspersky Endpoint Detection and Response Optimum help prevent potentially dangerous activities that are ‘out of the norm’, both undertaken by the user and initiated by the attacker who has already seized control of the system.
TECHNOLOGY
Revolutionizing social networking: Rili, groundbreaking AI-powered platform
6:11 p.m. March 9, 2024
Rili.ai officially launches its AI-powered app to redefine how individuals connect, interact, create, and communicate in the digital age. Thanks to voice cloning and lip-syncing, anyone can create their own digital twin (Rili) and interact with anyone, anytime, and anywhere.
Users can cultivate their digital twin, training it with content in over 100 languages to break down communication barriers and foster worldwide friendships. Whether you’re looking to expand your knowledge, gain insights and information from other individuals, or delve deeper into meaningful conversations with other users, Rili.ai is the app to do so effortlessly.
To train Rili, users can share knowledge and information through chat (written messages or voice audios) or by speaking into a microphone. Moreover, it is possible to integrate the digital print of anyone into Rili profiles with their existing accounts on platforms such as Twitch, X, and YouTube. Leveraging this integration, Rili.ai gathers personalized information from users’ public profiles on these platforms, ensuring a tailored experience based on their interests and preferences.
Features for Enhanced Social Engagement
The app offers various features designed to enhance users’ digital interactions. The explore feature allows users to effortlessly search for their favorite Rili users and discover others who share similar interests and preferences, fostering meaningful connections in a virtual community. With profile customization, users can tailor their Rili to reflect their unique personality and interests. The chat functionality allows users to initiate conversations with other “Rilis” and review their past chats, promoting seamless interaction and boosting engagement. Other features include creating favorite Rili lists, scoring conversations, adding likes to conversations or phrases, and sharing messages with anyone through different channels.
Through Rili, users have the unique ability to deeply connect with others, gaining valuable insights and understanding into their perspectives, experiences, and expertise. Rili.ai facilitates meaningful connections that transcend geographical boundaries and time constraints. With its advanced capabilities, Rili.ai offers an app for preserving digital heritage, allowing users to capture and preserve their memories, stories, and experiences for future generations.
“Rili is the new generation of social media platforms. Powered by AI and using the most relevant state-of-the-art technologies, its development will be a turning point for the history of communication. The creation of digital twins will give the opportunity to the society to expand their knowledge, connections and share of voice beyond boundaries”, highlighted Antonio Camacho, Rili Co-founder. “Rili’s mission is to fight against isolation, allowing people to connect with others you would not be able to reach”.
Join Rili’s white list
The Rili alpha version is already live for anyone interested in joining the community. You can sign up for the white list and will be notified once you have access to create your own Rili. The app is available for iOS and Android.
Revolutionizing Social Networking: Introducing Rili, the Groundbreaking AI-Powered Platform for Sharing and Expanding Your Legacy
Rili.ai officially launches its AI-powered app to redefine how individuals connect, interact, create, and communicate in the digital age. Thanks to voice cloning and lip-syncing, anyone can create their own digital twin (Rili) and interact with anyone, anytime, and anywhere.
Users can cultivate their digital twin, training it with content in over 100 languages to break down communication barriers and foster worldwide friendships. Whether you’re looking to expand your knowledge, gain insights and information from other individuals, or delve deeper into meaningful conversations with other users, Rili.ai is the app to do so effortlessly.
To train Rili, users can share knowledge and information through chat (written messages or voice audios) or by speaking into a microphone. Moreover, it is possible to integrate the digital print of anyone into Rili profiles with their existing accounts on platforms such as Twitch, X, and YouTube. Leveraging this integration, Rili.ai gathers personalized information from users’ public profiles on these platforms, ensuring a tailored experience based on their interests and preferences.
Features for Enhanced Social Engagement
The app offers various features designed to enhance users’ digital interactions. The explore feature allows users to effortlessly search for their favorite Rili users and discover others who share similar interests and preferences, fostering meaningful connections in a virtual community. With profile customization, users can tailor their Rili to reflect their unique personality and interests. The chat functionality allows users to initiate conversations with other “Rilis” and review their past chats, promoting seamless interaction and boosting engagement. Other features include creating favorite Rili lists, scoring conversations, adding likes to conversations or phrases, and sharing messages with anyone through different channels.
Through Rili, users have the unique ability to deeply connect with others, gaining valuable insights and understanding into their perspectives, experiences, and expertise. Rili.ai facilitates meaningful connections that transcend geographical boundaries and time constraints. With its advanced capabilities, Rili.ai offers an app for preserving digital heritage, allowing users to capture and preserve their memories, stories, and experiences for future generations.
“Rili is the new generation of social media platforms. Powered by AI and using the most relevant state-of-the-art technologies, its development will be a turning point for the history of communication. The creation of digital twins will give the opportunity to the society to expand their knowledge, connections and share of voice beyond boundaries”, highlighted Antonio Camacho, Rili Co-founder. “Rili’s mission is to fight against isolation, allowing people to connect with others you would not be able to reach”.
Join Rili’s white list
The Rili alpha version is already live for anyone interested in joining the community. You can sign up for the white list and will be notified once you have access to create your own Rili. The app is available for iOS and Android.
TECHNOLOGY
The lightest smartphone with massive 6000mAh battery HONOR X7b coming to PH on March 9
4:34 p.m. March 7, 2024
HONOR Philippines never stops! After the successful launches of HONOR X9b 5G, HONOR Magic V2, and HONOR X8b, the leading global smart devices provider is expected to launch the HONOR X7b in the Philippines on March 9!
“We, at HONOR, believe that technology is very inclusive, there is technology that caters to even the most unique requirement there is. We had HONOR X9b 5G that is ultra tough that can withstand harsh drops. HONOR X8b was recently introduced with a massive storage and great camera quality for those who value design and photography. Now, we are welcoming a new addition to our X Series, the HONOR X7b,” said HONOR Philippines Vice President Stephen Cheng.
Welcoming the HONOR X7b
HONOR X7b is the latest addition to HONOR’s X Series line-up, offering consumers a reliable, well-rounded device available to consumers at an affordable price. Delivering upgrades in hardware performance, battery performance, and photography capabilities, the new device promises an exceptional, uninterrupted user experience.
Equipped with a 6,000mAh ultra-large battery, the HONOR X7b delivers the best battery life among all HONOR X Series smartphones to date. It can support various activities for up to 3 days on a single charge, making it a reliable companion for users on the go. Thanks to HONOR’s innovative battery technologies, the HONOR X7b is the thinnest and lightest smartphone with a 6000mAh battery. The device’s battery maintains over 80% of its health even after three years of usage, ensuring exceptional longevity and reducing the need for constant recharging.
The HONOR X7b boasts a 108MP Main Camera with a 1/1.67-inch sensor. To enable the camera to capture bright and vivid shots even in challenging low-light conditions, the HONOR X7b supports 9-in-1 pixel binning, achieving a pixel size measuring 1.92µm that ensures night colors are faithfully reproduced in images.
For more information and announcements, you may visit HONOR’s website www.hihonor.com or social media platforms: Facebook (Facebook.com/HonorPhilippines), Instagram (Instagram.com/honorph/) and TikTok Shop: (Tiktok.com/@honorphilippines). To check out HONOR’s complete list of retail stores, go to https://www.hihonor.com/ph/retailers/.
In the meantime, check out HONOR’s wide array of mobile phones, tablets, and laptops at any HONOR Experience and Partner Stores nationwide or online via Shopee (https://bit.ly/HONORPHShopee), Lazada (https://bit.ly/HONORPHLaz) and TikTok Shop (https://bit.ly/HONORTikTokShop)
SCG promotes green homes with sustainable products
Limited-Edition Tanduay Heritage Rum Celebrates Brand’s Tradition of Excellence
Toyota Motor Vietnam selects Synology as Data Management Partner
Ateneo gives PBA guest team fits in 102-93 loss
First in Manila! All immersive experiences lead to SM with its 3D Whale Shark billboard, Space Tunnel, Golden Gateway, dazzling light shows
Up to Date – Pop and viral news, memes, photos, videos, music
