Cyber Attacks in ASEAN Countries: A Detailed Analysis (January - August 2024)

Introduction

Between January and August 2024, ASEAN countries experienced an unprecedented surge in cyber incidents, recording a total of 1,594 attacks. Indonesia, in particular, was disproportionately affected, largely due to a high-profile ransomware attack on its National Data Center, which triggered a wave of opportunistic attacks by various threat actors. The cyber threat landscape across ASEAN evolved during this period, with Distributed Denial of Service (DDoS) attacks dominating, but a concerning rise in data breaches and defacements indicates an increasingly aggressive focus on stealing sensitive data and defacing critical digital properties.

In this blog, we delve into the various categories of cyber attacks, the most affected countries and industries, and the key threat actors that shaped the region's cyber risk landscape. This data is sourced from FalconFeeds.io, providing critical insights to empower businesses and governments in the region to strengthen their cyber security measures.

1. Overview of Cyber Attack Categories

DDoS attacks represented the highest volume of attacks, emphasizing the continued preference of cybercriminals to disrupt online services. However, there was also a notable rise in data breaches and defacements as the year progressed, highlighting the increased focus on stealing sensitive data and compromising digital properties.

2. Monthly Distribution of Cyber Attacks

The number of cyber attacks fluctuated throughout the year, with a significant spike in August 2024, recording 240 incidents, the highest for any month. The sharp rise in July & August coincides with increased attention on Indonesia, where data breaches and defacements were particularly pronounced. The trend indicates that as the year progressed, threat actors increasingly targeted more sensitive sectors and data-rich organizations.

3. Breakdown of Categories by Month

• Data breaches saw a significant increase in July and August, with August recording the highest number. This indicates that threat actors are focusing more on unauthorized access to sensitive information as the year progresses.
• Data leaks remained relatively stable throughout the year, but there was a noticeable uptick in July, pointing to a growing trend of publicly exposing stolen data.
• DDoS attacks continued to dominate the attack landscape, particularly in January and February, before seeing a slight decline by August. Despite this, DDoS remains a primary method of attack, especially for disrupting services.
• Defacement attacks steadily increased, peaking in August. This indicates a growing tendency among attackers to target and deface websites, particularly government or media platforms.
• Initial access incidents, though relatively low in number, often acted as the gateway for more severe attacks, including ransomware and data breaches.
• Ransomware activity was inconsistent, with July seeing the highest number of incidents. Despite being less frequent compared to other attack types, ransomware continues to pose a significant threat due to its disruptive nature and the potential for substantial financial impact.

4. Country-wise Distribution of Incidents

Indonesia was the hardest-hit country, accounting for over 67% of the total incidents in ASEAN, largely due to the aftermath of the ransomware attack on its National Data Center. Other notable countries include the Philippines and Thailand, which also experienced significant cyber activity.

The concentration of incidents in Indonesia underscores the importance of strengthening the country's cybersecurity posture, particularly in response to high-profile attacks.

5. Industry-wise Impact

The Government & Public Sector was the most frequently targeted industry, followed by Education and Media, Arts & Entertainment. These sectors, given their role in handling sensitive data and critical operations, are prime targets for cybercriminals:

• Government & Public Sector: 372 incidents
• Education: 262 incidents
• Media, Arts & Entertainment: 223 incidents
• Technology & IT Services: 170 incidents
• Financials: 93 incidents

The heavy focus on the Government & Public Sector demonstrates how state-run institutions are often targeted for high-value data or to cause large-scale disruption. The Education and Media sectors have also become attractive targets due to their reliance on digital infrastructure and the valuable data they possess.

6. Platform-wise Distribution of Incidents

The cyber attacks reported between January and August 2024 were also linked to various online platforms used by threat actors to share, sell, or exploit stolen data. The distribution of incidents across different forums highlights the use of underground markets and dark web platforms for cybercrime activities.

The dominance of Breach Forum in these counts highlights how it has become a key platform for the sale and distribution of breached data. Other platforms, such as Exploit and Xss, also show activity, reflecting the diversity of forums used by cybercriminals to coordinate attacks and trade stolen data.

7. Most Active Threat Actors (January - August 2024)

Ransomware Groups

LockBit 3.0

• Incidents: 9
• Overview: LockBit 3.0 emerged as the most active ransomware group during this period, operating under a Ransomware-as-a-Service (RaaS) model. Despite a temporary disruption in February 2024 due to an international crackdown, dubbed Operation Cronos, which briefly halted their operations, the group displayed remarkable resilience by resuming activities within a week. LockBit 3.0 primarily targeted organizations in Indonesia and Thailand, with a focus on the manufacturing, healthcare, and financial sectors.

RansomHub

• Incidents: 8
• Overview: RansomHub surfaced in February 2024 as a new RaaS group and quickly made a significant impact. The group targeted key sectors, including financial services, healthcare, and government organizations, across Indonesia, Malaysia, and Thailand. RansomHub's rapid rise in activity highlights its growing threat potential in the region.

RansomHouse

• Incidents: 4
• Overview: RansomHouse, active since December 2021, operates through a combination of its leak site and Telegram PR channels. Utilizing a double extortion model, the group threatens to release sensitive data unless the ransom is paid. During this period, RansomHouse primarily targeted the healthcare and Technology & IT Services sectors across ASEAN countries.

DDoS-as-a-Service Groups

EXECUTOR DDOS

• Incidents: 201
• Overview: EXECUTOR DDOS operates a Telegram channel named “EXECUTOR DDOS [C2 API],” offering DDoS services. The group has been promoting its capabilities by targeting live organizations, primarily in Indonesia. Affected sectors include media, education, and technology, making EXECUTOR DDOS one of the most active players in the DDoS landscape.

TcodeX-TesterProff-Api

• Incidents: 65
• Overview: Another DDoS-as-a-Service group operating via Telegram, TcodeX-TesterProff-Api, has been responsible for numerous attacks, mainly targeting organizations in Indonesia. The group has focused on sectors such as education, government, and media, using live attacks to advertise its services.

SilitNetwork

• Incidents: 37
• Overview: SilitNetwork operates through a Telegram channel called “SILIT C2/API'S,” offering DDoS services to clients. Similar to other groups, SilitNetwork promotes its capabilities through live attacks, primarily affecting media, technology & IT services, and government sectors in Indonesia.

8. Key Insights and Recommendations

The cyber attack landscape in ASEAN from January to August 2024 highlights several key trends and actionable steps for mitigating future threats:

1. Indonesia's Vulnerability

• Following the ransomware attack on its National Data Center, Indonesia has become a prime target for opportunistic attacks. Immediate security improvements are critical to reduce this exposure.

2. DDoS Attacks Lead, but Data Breaches and Defacements Are Rising

• While DDoS attacks remain the most common, the rise in data breaches and defacements signals a shift towards more destructive and data-driven tactics. Organizations must implement stronger defenses against data theft and website compromises.

3. Critical Sectors at Highest Risk

• The Government, Education, and Media sectors are at the greatest risk and require urgent cybersecurity enhancements, particularly around sensitive data and infrastructure protection.

4. Ransomware’s High Impact

• Ransomware, although inconsistent, poses a significant threat due to its disruptive potential and financial impact. Focused defensive measures, such as frequent data backups and ransomware mitigation tools, are essential.

Mitigation Recommendations

To combat these evolving threats, ASEAN countries must adopt more robust cybersecurity strategies:

• Strengthen Security Infrastructure: Use multi-layered security solutions and ensure regular software updates.
• Enhance Employee Training: Educate staff on phishing, ransomware, and best cybersecurity practices.
• Adopt Zero-Trust Architecture: Limit access to critical systems and segment networks for better control.
• Monitor Dark Web and Threat Intelligence: Track dark web forums for stolen data and use real-time intelligence to prevent attacks.
• Prepare for Ransomware and DDoS Attacks: Regularly back up data and deploy DDoS protection tools to maintain service availability.
• Develop Incident Response Plans: Test and update response and recovery plans to minimize damage during attacks.
• Foster Collaboration: Engage in regional cybersecurity alliances and share information across public and private sectors to build collective resilience.

By implementing these strategies, ASEAN countries can reduce the risk and impact of cyber attacks, especially in high-risk sectors like Government and Education, and better prepare for future cyber threats.

Conclusion

The data analyzed in this report underscores the growing intensity and sophistication of cyber attacks across ASEAN countries, with Indonesia bearing the brunt of the impact. While DDoS attacks led the way in terms of volume, the rise in data breaches, defacements, and ransomware attacks signals a shift toward more destructive, data-driven operations targeting critical sectors such as Government, Education, and Media. These trends highlight the urgent need for ASEAN nations to bolster their cybersecurity defenses.

As threat actors continue to exploit vulnerabilities, a multi-layered approach to security is essential. By strengthening infrastructure, enhancing employee training, and fostering regional cooperation, ASEAN countries can mitigate the risks posed by these increasingly coordinated cyber threats. The future of cybersecurity in the region depends on proactive defenses, cross-sector collaboration, and continuous vigilance in tracking and addressing emerging threats.