Offline malware attacks surge in Southeast Asia, hitting 50 million

Kaspersky reports that its systems detected and prevented nearly 50 million on-device malware attacks against businesses in Southeast Asia during 2024, representing a 15% rise from the previous year.

The cybersecurity company warns that these attacks, which take advantage of offline vectors such as USB drives and other removable media, are becoming a significant issue for businesses as they focus security measures primarily on internet-based threats.

On-device threats can be delivered using physical devices like USB drives and external hard disks, bypassing traditional online security tools. Attackers exploit the inherent trust placed in these devices to introduce malicious software into systems not directly accessible via the internet.

Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky, explained, "Towards the end of 2024, our experts uncovered a concerning case where a secure USB drive, developed by a government entity in Southeast Asia for securely storing and transferring files in sensitive environments, was compromised. Malicious code had been injected into its access management software, enabling it to steal confidential files from the drive's secure partition. Additionally, the code acted as a USB worm, spreading the infection to other drives of the same type, highlighting the sophisticated nature of this threat."

According to Kaspersky, the 49,234,759 local threats blocked in Southeast Asia from January to December 2024 mark a significant increase from almost 43 million similar offline attacks stopped in 2023.

Singapore recorded the most significant rise in offline incidents, with an 88% jump in on-device attacks compared to the previous year. Malaysia saw a 47% increase, Vietnam 25%, Thailand 20%, and the Philippines 16%. Indonesia was the only country in the region to experience a slight decrease, with a 3% reduction in year-on-year local threats.

Yeo highlighted the risks presented by these offline methods, stating, "We have real-life incidents of advanced cyberattacks utilizing innocent-looking USBs and removable drives to infect a whole company. As offline malware attacks continue to evolve, businesses and organizations in SEA must remain vigilant and proactive in their cybersecurity efforts. By understanding the risks and implementing robust defenses, organizations can protect themselves from this growing threat."

The company offers several recommendations to help businesses and individuals avoid falling victim to these targeted offline attacks. These include providing security operations centre (SOC) teams with access to up-to-date threat intelligence, such as the Kaspersky Threat Intelligence platform, which consolidates over two decades of cyberattack data and analysis from the company.

Further suggested measures include upskilling cybersecurity staff by offering online training focused on countering new threats. This should be combined with the deployment of corporate-grade security solutions capable of detecting advanced attacks at the earliest stage, such as the Kaspersky Anti Targeted Attack Platform.

Kaspersky also recommends using centralised and automated solutions, like Kaspersky Next XDR Expert, to ensure comprehensive protection for all corporate assets. Security awareness training for employees is encouraged, as many targeted attacks originate from techniques like phishing or social engineering. Regularly updating operating systems and software is also advised to patch vulnerabilities that could be exploited by malware delivered via removable media.