When it comes to cybersecurity in Asia today, some of the key threats that organizations face – like ransomware and phishing – are consistent risks that all cybersecurity teams are surely familiar with. But others are more fluid and may evolve rapidly. Cyberattacks related to hacktivism, for example, are a growing threat in the APAC region, and generative AI technology is also impacting Asia cybersecurity challenges in novel ways.

Okta, a provider of identity and authentication management services, reported that threat actors were able to access private customer data by obtaining credentials to its customer support management system. According to Okta’s Chief Security Officer, David Bradbury, the threat actor had the capability to view files uploaded by specific Okta customers in recent support cases.

A critical vulnerability, known as CVE-2023-46747, has been discovered in the widely used F5 BIG-IP Configuration Utility. This vulnerability has been assigned a CVSS score of 9.8 (critical), denoting its high severity. What makes it particularly alarming is its potential to allow unauthenticated attackers to execute arbitrary system commands, which could lead to a compromise of the system.

As the cybercrime industry continues to provide us with new Malware as a Service (MaaS) products, we have become used to seeing the operators advertising and developing the panels underground. An allegedly legitimate software company named Venom Control Software emerged, offering a Remote-Access-Tool (RAT) for “hackers and pen-testers”.

Over the past week, an establishment of a new ransomware franchise has emerged named GhostLocker. Ghost Locker is a new Ransomware-as-a-Service (Raas) established by several hacktivist groups led by GhostSec. Recently, many hacktivist groups have tried to engage in cybercrime activities in order to sustain themselves and GhostLocker seems to be one of these cases. In fact, some ransomware groups have already migrated to using GhostLocker instead of their original products.

Artificial Intelligence, often abbreviated to AI, refers to the development of computer systems capable of carrying out tasks and rendering decisions that traditionally demand human intelligence. This entails the creation of algorithms and models that empower machines to acquire knowledge from data, discern patterns, and adjust to unique information or scenarios.

Q3 will be remembered as a new record for the ransomware industry as it was the most successful quarter ever recorded. While the number skyrocketed in Q2 with 1386 cases, in Q3, the ransomware industry was able to surpass this number with 1420 cases. With no surprise, the U.S. continues to be the most targeted country by ransomware, while the business services sector is the most targeted sector.