Gone phishing: The latest in cybercrime, and how to beat it

Cover art Erka Inciong


Words by

Digital Reporter

Check your routers, check your passwords, check those URLs — cybercriminals are getting more and more sophisticated in their operations.

From regional balkanization and IoT-enabled threats, to best practices in digital hygiene, Kaspersky Lab outlines the five things you need to know about the state of online safety.

Here’s a breakdown of the latest in cyber security trends and threats:

Threats come from various sources, with varying motivations

With the discovery of the Roaming Mantis in the early part of this year, countries in the Asia-Pacific region are rightfully on guard for the next possible update in a cyber attack that’s already wormed into countless devices through infected routers and phishing scams.

Suguru Ishimaru, a Japan-based security researcher of Kaspersky Lab’s Global Research & Analysis Team (GReAT) in the Asia-Pacific region, told SparkUp that anyone with a phone in the Philippines should be concerned as well. In the span of a few months, the malware has ballooned from four supported languages, to targeting device owners using 27 different languages — including Tagalog.


Noushin Shabab, a GReAT senior security researcher who works on malware reverse engineering, noted that while some groups, like the team behind the Roaming Mantis, are likely motivated by money, it’s often difficult to infer a group’s motivations.

This is largely because cyber crime groups are so difficult to track down.

“We may see the victim, we may have some idea on the attack. But it’s not easy to always understand everything — what was the real intention, what was stolen, what was the information that the attackers were after,” she said.

One exception, however, was their investigation into the infamous Lazarus Group, the criminal body behind numerous large-scale assaults on national data grids worldwide and believed to be sponsored by the North Korean government.

“From time to time, we are lucky to find or deal with malware developers that install their software on their system,” GReAT Senior Security Researcher Noushin Shabab told SparkUp. Shabab’s team was able to detect the malware on a system they then identified to be that of a North Korea-based development team.

“Maybe [they do it] to check the detection of their malware and then we catch the malware on the developer’s system,” she added.

“I can’t say how advanced all the malware developers in Asia-Pacific are, but definitely we have big actors in the APAC region,” she said. “We have a lot of cyber criminal activities that are done by Chinese-speaking actors, and North Korean threat actors.”

When regions divide, cybercriminals conquer

Kaspersky last week reported that the rising trend of balkanization, or the separation of regions, will lead to protectionism, largely to the benefit of cybercriminals.

Balkanization itself is seen as a natural process as governments attempt to secure their infrastructure from cyber attacks, Vice President for Public Affairs and Head of CEO Office Anton Shingarev said.

“[Because of this], we’ll see more and more pressure on the localization in the companies, data localization, R&D (research and development) localization,” he added.

Likewise, this will also result to more local legislations on cyber security, Mr. Shingarev noted. But he cautioned that more regional collaboration is needed as cyber crime is mainly international.

Less cooperation means smaller scale efforts against well-coordinated attacks. Cyber criminals are more than ready to take advantage of geopolitical tensions.

Even as Kaspersky regularly publishes reports on evolving cyber attacks, malware developers are switching tactics and moving much faster than researchers anticipated.

“For example, [the Roaming Mantis group’s] DNS hijacking. In Japan, they didn’t use DNS hijacking. They used another malware system to spread, to expand in the world,” Mr. Ishimaru said.

“If they find their mistake, they can fix [it] and they can use [another] delivery system to spread malware or malicious content to infect more people,” he added.

New platforms, new vulnerabilities…

With the advent of the Internet of Things (IoT), both Ms. Shabab and Mr. Ishimaru agreed that this poses another opportunity for cyber criminals to take advantage of.

Ms. Shahab pointed out how industrial systems are starting to benefit from deeper and wider connectivity through IoT devices. Unlike your smartwatch pushing your step count to your smartphone, these industrial systems have the capacity to collate massive amounts of data and house critical infrastructure for businesses.

The manufacturers of these devices carry part of the blame, she added. Oftentimes, devices designed for industrial use aren’t built with a premium on security. In some instances, users can’t even change the default passwords that they ship with.

“Taking advantage of that vulnerable device to get into the network of your home or your working environment [gives cyber attackers] more access into more important information that you may have,” she added.

This is true not only for IoT systems, but for networked devices in general.

“Infecting networking devices is much easier than infecting your mobile phone because you check you mobile phone everyday, you change the settings, you get updates, you install antivirus and other security solutions,” Ms. Shabab said.

“But in the router, you may not be able to change or upgrade the server, or change the default password or install a security solution on it. From the manufacturer’s part, it’s not being so protected from cyber attacks.”

… same old defenses: basic digital hygiene

Ask any GReAT researcher, any cyber security expert, or just about any well-informed digital native, and you’ll get the same advice. Backup your files, install anti-malware apps, manage and update your passwords. Basic digital hygiene.

Ms. Shabab suggests ensuring your passwords are strong, and using a password manager to keep track of them. Make a habit of regularly updating all your devices to keep their security features up to speed, she added.

As digital tools become more integral to not only personal lives, but industry and society-wide systems, education is also a key point in protecting oneself from being a victim of cyber attacks.  

Kaspersky has been partnering with educational institutions to increase awareness of the increasing danger these cyber attacks pose, covering both trainers and students.

The Russian cybersecurity firm has recently struck a partnership with At the Yarra Valley Grammar School in Australia, Kaspersky has built a digital security curriculum for students aged three to 18.

“We helped them get into security awareness training for their staff and their students. This is a very interactive way of improving the awareness,” Ms. Shabab said. “It’s really helpful for all the employees to get better understanding, to get used to security practices. Not just hearing something and then when they go back and open their internet every pop-up that comes, they just click on yes, or okay.”

Bonus: Inclusivity is on the agenda for the cybersecurity industry

Ms. Shabab, who also takes part in technical workshops for Australian university students, said this education campaign is also an effective means to bring more people into the industry — in particular, women.

“As you can see that there are not that many female researchers here. Not just here, but everywhere in the world. I’m the only one in our global team,” she said.

“So I tried, in different chances in Australia to get more people, especially female university students, involved in cyber security and encourage them to pursue this field for their future careers,” she said.