More mobile threats seen in 2020


    MORE users moving to mobile platforms from regular PCs means the number of threat actors going into this space also increases proportionally. Android and iOS zero-days were reported in 2019, like spyware discovered on iOS that can access confidential data from iMessage photos and GPS location.

    The interest in compromising mobile platforms with persistence is ever-growing. Kaspersky experts see more threats when mobile exploits become a commodity and the price for it goes down.

    “Mobile users in the Asia Pacific remain vulnerable to social-engineering which is up to this time one of the most common attack vectors. Common users are often tricked by online scams, automated dialers, sextortion attempts, and free online services offering free streaming video, which often come with hidden in-browser cryptocurrency miner,” Vitaly Kamluk, Director for Global Research and Analysis Team (GReAT) Asia Pacific at Kaspersky said.

    In 2019, Kaspersky researchers saw how Advanced Persistent Threats (APT) actors in this region took on new techniques and approaches such as using steganography by Ocean Lotus or Developing malware in Nim programming language by Zebrocy or using malicious LNK files by HoneyMyte.

    Researchers have also seen Ocean Lotus with their new iOS malware in 2019. This threat actor has been actively adopting new techniques, which are aimed to complicate malware analysis.

    More attacks targeting countries involved in the “Belt and Road Initiative (BRI)” have also been observed. BRI aims to connect China to the world. Announced in 2019, the project aims to link the country to three continents—Asia, Africa, and Europe—through interlinked land and maritime networks. The end goal is to ramp up trade and economic growth and to boost regional integration. With more advancements in different aspects of this initiative more malware and cybercrime attacks may happen.

    Last year, Kaspersky researchers also discovered and announced a breach of several software supply chain companies in Asia. Threat actor known as

    ShadowPad/ShadowHammer is believed to be responsible for this sort of attack which can cost as much as $2.57M on average.

    The 2020 Tokyo Olympic games will be a target of cybercriminals, as it has almost become a tradition to run politically motivated attacks during the Olympic Games. With high political tension in many regions of the world, expect one or even several independent attacks to happen during the upcoming Olympic Games.

    “With its developed countries at the forefront of 5G technology and Industry 4.0 and its emerging economies with hyper-online and highly mobile and young population, Asia Pacific is definitely at the center of the new technologies and trends that will define the new decade,” Stephan Neumeier, Managing Director for Asia Pacific at Kaspersky commented.

    The full list of Kaspersky Threat Predictions for 2020 is available on