Connect with us

Tech & Innovation

Brace for more phishing, scams, data breaches, APT attacks in APAC 2024 – Kaspersky

Global cybersecurity company reveals that, in particular, the dangers of phishing, scams, data breaches, and geo politically-motivated cyberattacks are seen to continue targeting organizations and individuals from the region.

Published

on

Driven by the Asia Pacific’s (APAC) rapid digitalization movement and known geopolitical frictions, experts at Kaspersky predict the upcoming cybersecurity threat landscape in the region this year.

Global cybersecurity company reveals that, in particular, the dangers of phishing, scams, data breaches, and geo politically-motivated cyberattacks are seen to continue targeting organizations and individuals from the region.

“Asia Pacific’s digital economy continues to grow exponentially and is expected to keep its momentum in the next five years. With digitalization efforts including adoption of technologies like digital payments, Super Apps, IoT, smart cities, and now generative Artificial Intelligence (AI), cybersecurity will be key to ensuring the resilience of the region’s overall defenses against potentially damaging cyberattacks,” says Vitaly Kamluk, Head of Research Center for Asia Pacific, Global Research and Analysis Team (GReAT) at Kaspersky.

“When it comes to sophisticated Advanced Persistent Threats (APTs), we have seen that cyber espionage remains to be the main objective of Asian groups. We expect this trend to continue in 2024 due to the existing geopolitical tensions in the region,” Kamluk adds.

Kaspersky’s GReAT researchers have also specified the key cyberthreat predictions in 2024 for the key countries and territories in APAC.

South East Asia (Singapore, Philippines, Thailand, Vietnam, Malaysia, Indonesia)

The scale of scam in Southeast Asia

According to a report by the UN, hundreds of thousands of people from Southeast Asia (SEA) were recruited to join online-scam operations such as romance-investment scams, crypto fraud, money laundering and illegal gambling. Recruitment to these criminal operations are mostly done via advertised professional roles such as programmers, marketers or human resource specialists, through what appear to be legitimate and even elaborate procedures. 

Increased usage and trust in digital payment methods, lack of regulations protecting the rights of users online and large numbers of people forced into joining online-scam operations add complexity to this major issue in SEA and in resolving it.

“Law enforcement is working on many of those cases, involving scam and phishing attacks and we have seen successful operations in 2023, such as a joint operation of Australian Federal Police (AFP), and United States Federal Bureau of Investigation (FBI) and Malaysian Police which led to the arrest of 8 individuals behind a syndicate running a phishing-as-a-service campaign online,” says Kamluk.

“Nevertheless, we think that the scale of online scam and phishing attacks in Southeast Asia will only continue growing in the coming years due to technical and legal illiteracy of many people involved in such attacks from operators to victims,” he adds.

Singapore

Major technology safety and security highlights in Singapore in 2023 were related to data breaches and outages.

Financial service outages

In October 2023, DBS, one of the largest Singapore banks, experienced an operational failure due to datacenter outage, which resulted in 2.5 million failed transactions. Although, the reason for failure was not to be associated with a cyberattack at the time, given a prior history of outages, it will have implications on the bank’s strategies and priorities among which shall be increased reliability and safety of the services. As reported by the media, Citibank operations were also affected. While we embrace attention to improving the reliability and security of the infrastructure, it’s still the time of changes, which always opens a window of opportunities for the attackers.

DDoS attacks

Another highlight was related to web service outages of several public hospitals and polyclinics due to a distributed denial-of-service (DDoS) attack: the attackers flooded servers with internet traffic to prevent users from accessing online services. The disruption did not result in a compromise of data or internal networks according to publicly known information. This incident tells us that while the websites demonstrated resilience against potential compromises, they were unfortunately unprepared to a DDoS attack. 

Website defacements

A number of Singapore websites suffered from politically motivated defacement attacks in late 2023. Those attacks affected a historical temple website, a retirement info website, a tourism agency and other businesses located in Singapore.

“The bottom line is that the trend for future attacks in Singapore will likely be related to denial of service attacks, politically motivated compromises, defacements, and data leaks. Targeted ransomware threat is still real too, but will adopt the newest trend of pressuring the victim through regulator complaints,” explains Kamluk.

South Korea

Prominent political event and cybersecurity threats

In the upcoming year of 2024, South Korea is poised to hold a significant general election. Historically, major political events such as this have consistently attracted the attention of threat actors, who view them as prime opportunities for launching direct cyberattacks with the intent of disrupting the political proceedings. Furthermore, these threat actors often employ sophisticated social engineering techniques to achieve their goals. Thus, it is our firm belief that this impending major event will serve as a catalyst, intensifying the frequency and complexity of cyberattacks.

Customized Cyber Threats Targeting the Local IT Environment

Over the past several years, alleged state-sponsored threat actors have systematically infiltrated numerous entities within South Korea, employing widely adopted software solutions that are integral to the country’s IT infrastructure. These adversaries adeptly exploited vulnerabilities specific to the local, well-known software and IT ecosystem, thereby facilitating the successful dissemination of their malicious software to their unsuspecting targets. This nefarious activity wreaked havoc across various industries, causing extensive damage.

“As we look ahead to the year 2024, it is evident that these customized threats, meticulously tailored to exploit South Korea’s unique software landscape and IT environment, are poised to persist and pose an ongoing challenge,” adds Kamluk.

China

Telecom fraud activity will decrease, but phishing attacks may increase

In the past year, the Chinese government has been trying to find ways and even seek international cooperation to combat telecom fraud. In this high-pressure environment, the telecom fraud groups, known to be located in northern Myanmar, may soon collapse. 

However, Kaspersky researchers still have seen a wave of phishing attacks from unidentified groups over the past year launching frantic QR code phishing attacks on Chinese citizens, targeting personal credit card information. This group’s operations do not appear to be affected by the situation in northern Myanmar, and based on Kaspersky statistics and observed behavioral patterns, attacks may peak again at the end of the year and early next year. 

APT attacks on high profile targets will become increasingly active

Earlier this year, Chinese authorities reported cyberattacks on various national institutions and organizations. The CVERC reported isolating a spyware artifact named “Second Date”. This advanced cyber-espionage tool can fully control targeted network devices and enable prolonged data theft.

Targets that were compromised include a university developing military-industrial projects and government departments that maintain basic geographic data. In addition, Kaspersky have also noticed that some long-term active APT organizations have launched APT attacks against Chinese nuclear energy companies and unknown targets. 

Given China’s geopolitical prominence, Kaspersky experts expect that the number of APT attacks targeting the country will only increase in the future.

India

India has been traditionally suffering from a number of low skill but high scale scam and fraud cases. Typical threats include the following:

  • Illegal or fake digital loan apps
  • Income tax refund services
  • Real estate fraud
  • Investment scam
  • Ponzi schemes online
  • Job fraud
  • Sextortion

“The rise of technologies and digitalization of the Indian economy, such as increased use of the sophisticated Unified Payments Interface (UPI), the software from the National Payments Corporation of India, will lead to a wave of related scams. Another opportunity for scammers is the ever-rising popularity of cryptocurrencies, which may lead to a new generation of scam apps,” explains Kamluk.

Also, a growing popularity of micro-loan apps has resulted in new schemes to target users in India through unexpected inflated premiums and personal threats. 

In addition, with India’s move towards smart cities, IoT vulnerabilities pose serious security challenges for the country. 

For organizations in APAC, Kaspersky shares the tips below to keep safe from these upcoming threats in 2024:

  • Always keep software updated on all the devices you use to prevent attackers from infiltrating your network by exploiting vulnerabilities. 
  • Establish the practice of using strong passwords to access corporate services. Use multi-factor authentication for access to remote services.
  • Choose a proven endpoint security solution such as Kaspersky Endpoint Security for Business that is equipped with behavior-based detection and anomaly control capabilities for effective protection against known and unknown threats. 
  • Use a dedicated set for effective endpoint protection, threat detection and response products to timely detect and remediate even new and evasive threats. Kaspersky Optimum Security the essential set of endpoint protection empowered with EDR and MDR.
  • Use the latest Threat Intelligence information to stay aware of actual TTPs used by threat actors.

BizNews

Robot-phobia could exacerbate hotel, restaurant labor shortage

Having a higher degree of robot-phobia was connected to greater feelings of job insecurity and stress – which were then correlated with “turnover intention” or workers’ plans to leave their jobs.

Published

on

Using more robots to close labor gaps in the hospitality industry may backfire and cause more human workers to quit, according to a Washington State University study.

The study, involving more than 620 lodging and food service employees, found that “robot-phobia” – specifically the fear that robots and technology will take human jobs – increased workers’ job insecurity and stress, leading to greater intentions to leave their jobs. The impact was more pronounced with employees who had real experience working with robotic technology. It also affected managers in addition to frontline workers.

The findings were published in the International Journal of Contemporary Hospitality Management.

“The turnover rate in the hospitality industry ranks among the highest across all non-farm sectors, so this is an issue that companies need to take seriously,” said lead author Bamboo Chen, a hospitality researcher in WSU’s Carson College of Business. “The findings seem to be consistent across sectors and across both frontline employees and managers. For everyone, regardless of their position or sector, robot-phobia has a real impact.”

Food service and lodging industries were hit particularly hard by the pandemic lockdowns, and many businesses are still struggling to find enough workers. For example, the accommodation workforce in April 2024 was still 9.2% below what it was in February 2020, according to US Bureau of Labor Statistics. The ongoing labor shortage has inspired some employers to turn to robotic technology to fill the gap.

While other studies have focused on customers’ comfort with robots, this study focuses on how the technology impacted hospitality workers. Chen and WSU colleague Ruying Cai surveyed 321 lodging and 308 food service employees from across the US, asking a range of questions about their jobs and attitudes toward robots. The survey defined “robots” broadly to include a range of robotic and automation technologies, such as human-like robot servers and automated robotic arms as well as self-service kiosks and tabletop devices.

Analyzing the survey data, the researchers found that having a higher degree of robot-phobia was connected to greater feelings of job insecurity and stress – which were then correlated with “turnover intention” or workers’ plans to leave their jobs. Those fears did not decrease with familiarity: employees who had more actual engagement with robotic technology in their daily jobs had higher fears that it would make human workers obsolete.

Perception also played a role. The employees who viewed robots as being more capable and efficient also ranked higher in turnover intention.

Robots and automation can be good ways to help augment service, Chen said, as they can handle tedious tasks humans typically do not like doing such as washing dishes or handling loads of hotel laundry. But the danger comes if the robotic additions cause more human workers to quit. The authors point out this can create a “negative feedback loop” that can make the hospitality labor shortage worse.

Chen recommended that employers communicate not only the benefits but the limitations of the technology – and place a particular emphasis on the role human workers play.

“When you’re introducing a new technology, make sure not to focus just on how good or efficient it will be. Instead, focus on how people and the technology can work together,” he said.

Continue Reading

Tech & Innovation

AI can enhance flexibility, efficiency for customer service centers

AI is a valuable asset, so long as it’s used properly, though these organizations shouldn’t rely on it exclusively to guide their strategies.

Published

on

Whenever you call a customer service contact center, the team on the other end of the line typically has three goals: to reduce their response time, solve your problem and do it within the shortest service time possible.

However, resolving your problem might entail a significant time investment, potentially clashing with an overarching business objective to keep service duration to a minimum. These conflicting priorities can be commonplace for customer service contact centers, which often rely on the latest technology to meet customers’ needs.

To pursue those conflicting demands, these organizations practice what’s referred to as ambidexterity, and there are three different modes to achieve it: structural separation, behavioral integration and sequential alternation. So, what role might artificial intelligence (AI) systems play in improving how these organizations move from one ambidexterity mode to another to accomplish their tasks?

New research involving the School of Management at Binghamton University, State University of New York explored that question. Using data from different contact center sites, researchers examined the impact of AI systems on a customer service organization’s ability to shift across ambidexterity modes.

The key takeaway: it’s a delicate balancing act; AI is a valuable asset, so long as it’s used properly, though these organizations shouldn’t rely on it exclusively to guide their strategies.

Associate Professor Sumantra Sarkar, who helped conduct the research, said the study’s goal was to understand better how organizations today might use AI to guide their transition from one ambidexterity mode to another because certain structures or approaches might be more beneficial from one month to the next. 

“Customer service organizations often balance exploiting the latest technology to boost efficiency and, therefore, save money,” Sarkar said. “This dichotomy is what ambidexterity is all about, exploring new technology to gain new insights and exploiting it to gain efficiency.”

As part of the three-year study, researchers examined the practices of five contact center sites: two global banks, one national bank in a developing country, a telecommunication Fortune 500 company in South Asia and a global infrastructure vendor in telecommunications hardware.

While many customer service organizations have spent recent years investing in AI, assuming that not doing so could lead to customer dissatisfaction, the researchers found these organizations haven’t used AI to its full potential. They have primarily used it for self-service applications.

Some of the AI-assisted tasks researchers tracked at those sites included:

  • using AI systems to automatically open applications, send emails and transfer information from one system to another
  • approving or disapproving loan applications
  • providing personalized service based on customer’s data and contact history

Researchers determined that while it’s beneficial for customer service companies to be open to harnessing the benefits and navigating any challenges of AI systems as a guide to their business strategies, they should not do so at the expense of supporting quality professional development and ongoing learning opportunities for their staff.

Sarkar said that to fully utilize AI’s benefits, those leading customer service organizations need to examine every customer touchpoint and identify opportunities to enhance the customer experience while boosting the operation’s efficiency.

As a result, Sarkar said newcomers in this technology-savvy industry should learn how companies with 20 or 30 years of experience have already adapted to changes in technology, especially AI, during that time before forming their own business strategies.

“Any business is a balancing game because what you decide to do at the start of the year based on a forecast has to be revised over and over again,” Sarkar said. “Since there’s that added tension within customer service organizations of whether they want to be more efficient or explore new areas, they have to work even harder at striking that balance. Using AI in the right way effectively helps them accomplish that.”

Continue Reading

BizNews

Emojis make tourism advertising on social media more effective, appealing

The use of emojis in online messages about tourism destinations facilitates processing and reduces ambiguity, especially when the recipients encounter content with low levels of congruence.

Published

on

The use of congruent messages and emojis when promoting tourist destinations on social media leads to greater user attention. This strategy helps users to process the information effectively and reduces their cognitive effort. More specifically, the use of emojis in online messages about tourism destinations facilitates processing and reduces ambiguity, especially when the recipients encounter content with low levels of congruence.

This is according to a research – “The effect of online message congruence, destination-positioning, and emojis on users’ cognitive effort and affective evaluation” – that was published in the Journal of Destination Marketing & Management.

The study, which was carried out at the University of Granada’s Mind, Brain and Behaviour Research Centre (CIMCYC), consisted of an experiment using eye-tracking techniques on 60 users of the social network Facebook. These individuals underwent a series of experimental procedures in which the researchers manipulated the level of congruence between the messages of those posting and the users, the use or omission of emojis in the content, and the way in which the tourist destination was positioned in the media (natural environment, gastronomy, hotels, sun and beach).

The UGR research team, which includes Beatriz García Carrión, Francisco Muñoz Leiva, Salvador del Barrio García and Lucia Porcu, point out that the study “clearly illustrates the benefits in terms of the effectiveness of using congruent messages in marketing communications in general, and especially in digital communications via social media, as well as how the use of emojis contributes to improving users’ information processing, increasing their attention and reducing the cognitive effort involved. Moreover, congruent messages not only facilitate users’ information processing, but also improve their affective evaluation — a crucial aspect when it comes to making a decision on a tourist destination.”

The key findings included:

  • Importance of maintaining a high level of congruence in the information they convey through social media. As the researchers explain: “This involves systematically reviewing and managing comments across all communication channels to identify any comments that do not align with the destination’s desired positioning, with a view to mitigating potential negative effects.”
  • Pictorial representations (emojis) significantly enhance the overall comprehension of the information. However, the study did not find a significant impact of emojis on the formation of affective evaluations.
  • Tourism managers should focus on information related to the destination’s gastronomy and natural environment, rather than more conventional aspects such as sun and beach facilities or hotel offerings, as the former attract more attention and are perceived more favorably, even under low levels of congruence.

The research findings suggest a shift in the preferences of potential consumers towards more nature-based tourism. “Therefore, tourism managers should place greater emphasis on communicating aspects related to the environment and sustainability of the tourist destination in their social media posts, thereby reaping benefits in terms of visual attention and affective evaluations,” the researchers stressed.

Continue Reading
Advertisement
Advertisement

Like us on Facebook

Trending