- More than 76 million malicious URLs were accessed in the Philippines last year
- Global ransomware detections fell 14% as alternative attack strategies evolved, yet an increase in incidents was seen in Southeast Asia
MANILA, May 6, 2024 – Trend Micro Incorporated (TYO: 4704; TSE: 4704), a global cybersecurity leader, revealed a 10% annual increase in total threats blocked in 2023, as detailed in its latest report, Calibrating Expansion: Annual Cybersecurity Threat Report. The report warns that attackers are using more advanced methods to target fewer victims with the potential for higher financial gains.
Ian Felipe, Trend Micro Philippines Country Manager: “We’re blocking more threats than ever before for our customers. However, adversaries showed a variety and sophistication of tactics, techniques, and procedures (TTPs) in their attacks, especially in defense evasion. As our report demonstrates, network defenders must continue to proactively manage risk across the entire attack surface today. Understanding the strategies favored by our adversaries is the foundation of effective defense.”
Trend Micro blocked 161 billion threats overall in 2023, compared to 82 billion threats five years ago. Some of the key global findings include:
- Email malware detection surged by 349% year-on-year (YoY), while malicious phishing URL detections declined by 27% YoY — suggesting a trend for more using malicious attachments rather than links directly included in emails
- Business email compromise (BEC) detections increased 16% YoY
- Ransomware detections dropped 14%, however, there was a 35% increase in threats blocked under Trend Micro’s File Reputation Services (FRS)
These findings suggest that firstly, threat actors are becoming more prudent about selecting their targets, and secondly, becoming more skilled in bypassing early detection layers. In the case of malicious emails, for instance, instead of launching large-scale attacks that rely on victims clicking on malicious links in websites and emails, cybercriminals are targeting a smaller pool of higher-profile victims with more sophisticated attacks. This approach helps them evade network and email filters, which could explain the surge in file detections at endpoints.
Similarly, in the case of ransomware, the increase in FRS detections suggests that threat actors are getting better at evading primary detection via techniques such as Bring Your Own Vulnerable Driver (BYOVD) and zero-day exploits, among others.
The report also illuminated threat developments in Southeast Asia in 2023. While Southeast Asia saw an overall increase in ransomware detections, making up more than half (52%) of the global number, this was largely attributed to significant detections within Thailand. Other markets such as Indonesia, Malaysia, Singapore, and the Philippines saw a decline in ransomware detections, similar to the overall global trend. In the Philippines, the number of ransomware detections fell by 93%.
The report also delved into the Philippine threat landscape in 2023, which revealed that the government was largely targeted in Advanced Persistent Threat (APT) campaigns. Specifically, the report exposed that adversary groups Earth Estries (active from January 2023 to present) and Mustang Panda (active from August 2023 to present) have been targeting local government organizations.
Earth Estries is known to deploy cyberespionage campaigns and use multiple backdoors and hacking tools, while Mustang Panda utilizes components of legitimate software for Dynamic Link Library (DLL) sideloading to gather user information.
Looking at other threats studied, malicious URLs being accessed in the Philippines remain prevalent. Despite a 20% decline, detections remained high, totaling over 76 million. A similar trend is seen for other threats, with a high number of detections despite a YoY decline. These include email threats (27%), and botnet victims (27%). Meanwhile, malware detections increased by 12%.
In light of these findings, Trend Micro advises network defenders to:
- Work with trusted security vendors with a cybersecurity platform approach to ensure resources are not only secured but also continuously monitored for new vulnerabilities.
- Prioritize SOC efficiency by monitoring cloud applications carefully as they become more closely integrated into day-to-day operations.
- Ensure all the latest patches/upgrades are applied to operating systems and applications.
- Utilize comprehensive security protocols to safeguard against vulnerabilities, tighten configuration settings, control application access, and enhance account and device security. Look to detect ransomware attacks earlier in the attack lifecycle by shifting left in defenses during initial access, lateral movement, or data exfiltration stages.
To read a copy of the report, Calibrating Expansion: Annual Cybersecurity Threat Report, please visit: https://www.trendmicro.com/vinfo/ph/security/research-and-analysis/threat-reports/roundup/calibrating-expansion-2023-annual-cybersecurity-threat-report.
###
About Trend Micro
Trend Micro, a global cybersecurity leader, helps make the world safe for exchanging digital information. Fueled by decades of security expertise, global threat research, and continuous innovation, Trend Micro’s cybersecurity platform protects hundreds of thousands of organizations and millions of individuals across clouds, networks, devices, and endpoints. As a leader in cloud and enterprise cybersecurity, the platform delivers a powerful range of advanced threat defense techniques optimized for environments like AWS, Microsoft, and Google, and central visibility for better, faster detection and response. With 7,000 employees across 65 countries, Trend Micro enables organizations to simplify and secure their connected world. www.TrendMicro.com.
Appendix
Table 1: Threats detected and/or blocked by Trend Micro in Southeast Asia from 2022 to 2023
Threat type | YoY % change in no. of threats detected/blocked* |
Email threats | 34% decrease |
URL hosted | 48% increase |
URL victims | 7% decrease |
Botnet victims | 28% decrease |
Malware detections | 7% increase |
Online banking malware | 84% decrease |
Table 2: Threats detected and/or blocked by Trend Micro in the Philippines from 2022 to 2023
Threat type | YoY % change in no. of threats detected/blocked* |
Email threats | 27% decrease |
URL hosted | 34% decrease |
URL victims | 20% decrease |
Botnet victims | 27% decrease |
Malware detections | 12% increase |
Online banking malware | 46% decrease |
*Note: Percentages have been rounded to the nearest whole number
Table 3: Threat types and data descriptions
No. | Threat type | Unique/Non-unique count | Description |
1 | Email threats | Non-unique | No. of times an email threat was blocked by Trend Micro |
2 | URL hosted | Non-unique | No. of times a malicious hosted URL/s was blocked by Trend Micro |
3 | URL victims | Non-unique | No. of times a malicious URL/s being accessed by users was blocked by Trend Micro |
4 | Botnet victims | Unique | No. of botnet connections detected by Trend Micro |
5 | Malware detections | Non-unique | No. of times a malware was detected by Trend Micro |
6 | Online banking malware detections | Unique | No. of online banking malware detected by Trend Micro |