Singapore – The acceleration of AI adoption and innovation across the APJ region, specifically Southeast Asia, is reshaping how many industries operate. AI is now a technological staple across the region.
However, this rapid evolution of AI technologies has also become a gateway for malicious actors across the region, such as the known threat group SOLAR SPIDER, to utilise these tools for malicious phishing and malware attacks, compromising a wide range of industries.
According to the latest CrowdStrike report, the financial and banking sector in APJ accounted for around 30.3% of targets for the Magical Cat phishing kit data extortion, leaving vulnerable customer data on ransomware-dedicated leak sites (DLSs).
Meanwhile, the courier services sector was revealed to be even higher at 45.5% of the industry, falling victim to phishing campaigns, due to do-it-yourself tools, such as the Magical Cat phishing kit, easily accessed via underground sites.
“Cyberattacks now unfold in minutes or even seconds with an average breakout time of 48 minutes, and the fastest attacks occurring in just 51 seconds,” Mark Goudie, senior director of professional services of CrowdStrike Asia Pacific and Japan, stated.
He added, “This means organisations need every advantage in defending against financially focused eCrime actors.”
Mark explained that eCrime groups across APJ are industrialising cybercrime, driving underground operations and frameworks using advanced tactics, techniques, and procedures (TTPs), leveraging AI to enhance phishing, malware, and social engineering attacks.
Proactive defences using AI agents
Every day, it becomes more challenging to stay one step ahead of cybersecurity threats, with adversaries utilising AI tools to launch ransomware or phishing attacks. One way organisations can increase their ability to detect and identify threats faster is by using specially trained agents.
“AI agents that operate under human command to reason, prioritise, and act across identity, endpoint, and cloud data in real-time are the future of security operations,” Mark emphasised.
He further explained how agentic cybersecurity systems enable organisations to shift from having reactive to proactive defences, catching sophisticated threats at machine speed. An example of how organisations can achieve this is through CrowdStrike’s Agentic Security Platform, which includes the company’s Agentic Security Workforce.
This platform allows organisations to deploy an autonomous security operations framework at scale, allowing trained AI agents to handle time-consuming tasks and actively prioritise threats. Human security teams can then quickly and efficiently monitor prospective threats and take action to alleviate ransomware attacks and prevent data breaches.
“This evolution in the speed of attacks requires a transformation of organisations’ existing threat hunting and intelligence capabilities. What defenders need are agentic security capabilities that deliver an autonomous edge, while always operating within defined guardrails,” Mark added.
Combating financial threats in Southeast Asia
Cross-border payments and transactions are highly prevalent in Southeast Asia, especially in the Philippines, with Overseas Filipino Workers (OFWs) sending remittances reaching up to USD$38b in 2024, according to Banko Central ng Pilipinas (BSP).
This high influx of transactions has placed the financial sector under constant attack by adversaries such as SOLAR SPIDER, which has consistently targeted banks and foreign exchange services in the region, especially in the Philippines.
Most of the attacks are disguised as SWIFT or Western Union-themed transactions, but in reality, are phishing operations designed to deliver remote access tools and commodity malware software.
Mark elaborated that one way to detect and identify these disguised phishing campaigns is to develop and adapt a unified security approach. Services such as CrowdStrike’s Agentic Security Platform enable banks to achieve this.
“Financial organisations need a modern, AI-native security platform that consolidates their security architecture and provides unified visibility and protection across identity, endpoint and cloud domains,” Mark said.
While Banks, financial institutions, and other organisations can begin equipping these cybersecurity platforms, public identities such as national governments must also be proactive in combating cybercrime adversaries across the region.
Identifying false identities hidden in plain sight
While next-gen and AI technologies can be used by cybercrime adversary groups to conduct attack operations, social engineering tactics are also becoming highly prevalent across the APJ region to access data or launch ransomware as a service (RaaS) attacks.
“Public and private organisations alike must understand that identity is the new perimeter. Attackers are stealing trusted credentials and using social engineering to infiltrate organisations’ systems as trusted users,” Mark stated.
He explained, “Cloud environments are a common entry point for identity-driven attacks, as adversaries seek to exploit cloud data, configurations and controls to gain access into organisations’ systems.”
After malicious actors have gained access to a public or private organisation’s framework, they move laterally across identities, endpoints, and cloud environments, disguising themselves within normal operational workflows. With this access, adversaries can compromise sensitive information, steal data, and deploy ransomware.
This is a major threat to both governments and private organisations alike. Advanced resources such as zero-trust security principles, identity monitoring, and authentication with phishing-resistant MFA solutions can provide the necessary proactive defences to detect adversaries in disguise.
However, public and private organisations also need to emphasise training their workforce and educating employees to be more aware of recognising social engineering, phishing, and voice phishing (vishing) threats.
Addressing vulnerabilities to prevent future attacks
Building cyber resilience for organisations across the APJ region is a constant uphill battle, as malicious actors are continuously searching for new gaps and vulnerabilities to attack while growing their operations.
For public and private organisations, developing an adversary-centric approach is one avenue to not only identify internal vulnerabilities but also to develop a greater understanding of a threat’s operation and objectives.
“Threat intelligence, adversary profiling, and tradecraft analysis allow security teams to prioritise resources, adapt their defences, and actively hunt for threats before they escalate,” Mark stated.
“By also integrating intelligence into their security workflows, organisations can accelerate response times, disrupt adversaries, and turn insights into action.”
********
As adversary groups are on the rise across the APJ region, especially in Southeast Asia, organisations need to begin adapting intelligent adversary-centric approaches to stay one step ahead of RaaS operations and advanced TTPs attacks targeting the financial and courier sectors.
Implementing agentic AI systems alongside training and educating the workforce are both crucial steps to ensuring the security of sensitive information and identities.
