Sunday, May 29, 2022
Tech ObserverNewsCyber SecurityTop 5 cyber threats CIOs need to be aware of in APAC region

Top 5 cyber threats CIOs need to be aware of in APAC region

pandemic has significantly impacted the of businesses and individuals worldwide. While some industries have been severely hit, others are experiencing sudden and exponential growth in demand for their services. Not surprisingly, this difficult time became a great breeding ground for cybercriminals who are using the pandemic crisis and our dependencies in online services for various gains. Here’s the latest cyber threats that CIOs need to be aware of in the region.


The #1 risk to remote desktop services. Almost two-thirds of contains an infection vector based on RDP and one of the most persistent services when it comes to account takeover attacks.

Servers from enterprises are much wanted resources for malicious actors as they can be abused for spam distribution, lateral movement and exfiltration of sensitive information followed by ransom, command and control server for botnets, attack stations for attacking other organizations, cryptocurrency mining and finally deploying ransomware, sometimes after the previous scenarios have been tried and dried, as a last resort to monetize a successful breach.

Encrypted attack protection

More than 90% of web traffic is now HTTPS encrypted. While HTTPS is crucial for data protection, it opens the door for new DDoS attacks. HTTPS requires many more resources from the target server than the client, meaning hackers can unleash devastating attacks with limited requests. Protection against encrypted DDoS floods is a critical requirement.

Massive global capacity

Internet of Things (IoT) botnets are growing larger and more sophisticated and becoming more capable of launching larger attacks. They can be purchased on the dark net for relatively small sums, for example the cost of a cup of coffee. Botnets are a significant threat during the massive COVID-19 public health emergency.

Application layer (L7) DDoS attacks

These pose a unique challenge for DDoS defenses, as they require insight into application behavior, and it is difficult to tell whether a request is legitimate or malicious simply by looking at the network-layer traffic. Moreover, as more and more web traffic is encrypted by SSL and HTTPS, DDoS defenses are frequently unable to look at the contents of the packet itself.

As a result, many types of DDoS defenses are unable to tell the difference between a legitimate spike in customer traffic (for example, during a flash crowd or a holiday peak) and an actual attack. Examples of attacks are: HTTP/S floods, SSL negotiation attack, Low and Slow attacks, HTTP/S bomb attack and large file download.

Account takeover/credential theft

Compromised accounts have been traded for financial gain for years. Email addresses, passwords and credentials are low-hanging fruit, as they are relatively cheaper and go in masses. Payment details are another favorite, with prices dictated by different parameters such as country of issue, credit score and more at the highest end.

The decisions and tools that organizations choose now, and the training they provide to their employees, will have enduring effects on security for years to come. It’s crucial that companies get it right.

The author is Vice President & Managing Director – India , SAARC , Middle East & GSI at Radware. Views are personal.

Subscribe to receive the day's headlines from Tech Observer straight in your inbox

- Advertisement -

Your Comment on this Story


Share on activity feed

Powered by WP LinkPress


Please enter your comment!
Please enter your name here

Subscribe to our Newsletter

83000+ Industry Leaders read it everyday

By subscribing you agree to our Privacy Policy, T&C and consent to receive newsletters and other important communications.
- Advertisement -ESDS SAP HANA Community Cloud
- Advertisement -Digital Senate 2022

Airbnb announces China retreat, shut all offices by July 30

The company made the announcement in a letter posted to its official WeChat account addressed to its Chinese users without elaborating on the reasons.


- Advertisement -