China-based hacker groups to target India, Hong Kong in 2018: FireEye

FireEye observed an increase in non-Chinese and non-Russian APT groups in 2017 and expect to discover more in 2018

Chinese advanced persistent threat (APT) groups that have allegedly been creating cyber havoc internationally will shift their focus in 2018 to countries like India and Hong Kong and groups seen as a threat to Beijing's influence over global markets, enterprise cybersecurity company FireEye said on Thursday.

Hacker groups backed by nation-states are termed as APTs.

The changing geopolitical situation in the Asia-Pacific region will give way to such threats.

"For Indian enterprises, one of the most important security questions is, do you know who is targeting you and how they operate? The threat landscape looks very different depending on the nature of your business, the data you hold, your relationships, and more," Shrikant Shitole, Senior Director and Country Head for India at FireEye, told IANS.

"Organisations cannot effectively measure their security by compliance standards or vis a vis their peers. They must measure it against their adversaries. Can they detect and defend the attacks their adversaries are likely to employ? Most firms are not as secure as they would like to believe," Shitole added.

For the government and private sector alike, the FireEye executive said, it's important we shore up defences to avoid a situation like Russia's meddling in the recent US presidential election.

"The threat actor activity which facilitates these operations often takes place well before election day, and as we saw in the US, targets can be very diverse. The unfortunate reality today is this is threat with which all democracies must contend," Shitole noted.

In the Asia-Pacific region, FireEye said, China and neighbouring countries are still continuing political disputes, especially with India, South Korea, Japan, the Philippines, Vietnam and other South-east Asian countries.

"Therefore, unorganised 'hacktivism' attacks as a response to these political tensions within and against these countries is expected to continue and possibly rise throughout the new year," the company warned.

According to FireEye, it observed an increase in non-Chinese and non-Russian APT groups in 2017 and expect to discover more in 2018.

"Recently we did a report on APT33, a threat group out of Iran. They're primarily targeting the kingdom of Saudi Arabia, the United States, and Israel. Those nations tend to pop up on Iran's radar when it comes to targeting. It's game on for them," Kevin Mandia, CEO, FireEye, said in a statement.

Ransomware is expected to rise in 2018, especially as administrators are slow to patch and update their systems.

Other popular techniques that will continue to be used in 2018 are strategic web compromises and spear phishing, especially in targeted attacks. We also expect to see many more destructive worms and wipers, the cybersecurity firm noted.

However, adoption of Cloud technology among majority of businesses will increase in 2018.

"You have to be ready for even the most seemingly simple threats, and you have to detect them, because I don't believe we're going to be able to do security risk transfer to have the Cloud providers detect it. It's a tough thing to do," Mandia said.

"They can't tell you how your users normally use their email. They just try to make it available to your users. So, we're going to have a lot of interesting challenges and complexities there," he added.

Meanwhile, as cryptocurrency continues to skyrocket in value and popularity, malware targeting anonymous currencies such as bitcoin will increase in 2018.

"Moving into 2018, we expect to see much more malware actively stealing cryptocurrency from weakly protected wallets, shimming password entry to wallets, stealing offline wallets for brute forcing or using credentials stolen from the same user," the firm said.