Asia is witnessing an alarming surge in the case of AI-powered cyberattacks, and the most popular choice is deepfakes. The UNODC, or United Nations Office on Drugs and Crime, has recently published a report mentioning different types of AI threats affecting Asia, specifically the Southeast parts. Threat actors are leveraging generative AI to come up with polished, error-free phishing messages in different languages.
Fake documents, social media, and chatbots are also being used prominently to manipulate victims into sharing their sensitive data. Threat actors are getting increasingly sophisticated—one cyberattack at a time. As per the UNODC, in 2023 alone, the victims of cyber scams across Asia have lost somewhere between $18-$37 billion.
Asia is eventually emerging as the breeding ground for transitional cybercriminal networks that are constantly on the lookout to diversify their online scamming business. As per UN researchers, threat actors have their operation bases spread across the Golden Triangle region, which comprises Myanmar, Thailand, and Laos.
As mentioned above, deepfake attacks are emerging as the new trend in the cyberthreat landscape. In the past 5 months, there has been a whopping 600% increase in mentions of deepfakes in different cybercriminal communities, forums, and channels. Cybersecurity experts are already prepping up for a wave of AI-driven cyberattacks.
A recent survey throws light on concerning data. For instance, as per the survey results, around 50% of the participants believe that AI will be used effectively to crack sensitive passwords as well as encryption. 44% of the respondents think that AI can even encourage DDoS (Distributed Denial of Services) attacks. While 47% of participants feel that AI can add to social engineering and phishing attacks, 40% of respondents believe that AI will only worsen instances of deepfake attacks and lead to severe privacy breaches.
A recent example of a deepfake attack that grabbed global attention involves Arup, the British engineering firm in Hong Kong. One fine morning, an employee received an email allegedly from the organization’s CFO.
The email instructed him to carry out a secret financial transaction. The employee also joined a video meeting headed by the CFO and other senior leaders of the organization. But soon, Arup management found out that it was all purely a deepfake attack. Unfortunately, it was too late, and Arup had already lost around 25 million USD.
Another point of concern is that deepfakes of major global leaders have become a new normal. The fake audio and video of the Singaporean PM and deputy PM created a lot of sensation. In July 2024, a deepfake video went viral where a Southeast Asian head of state was portrayed with possession of illicit drugs. Similarly, in Thailand, a female police officer became the victim of a deepfake attack.
UNODC has zeroed in on 10+ deepfake software vendors who work closely with threat actors in Southeast Asia. They have some of the most advanced deepfake tech, such as Google’s MediaPipe Face Landmarker, the You Only Look Once (YOLOV5) object detention model, and so on.
Why is Asia the breeding ground of AI-powered cyberattacks?
AI-based cyberattacks have become a global threat. However, there are reasons why Asis is eventually emerging as a favorite pick for these threat actors. One of the major reasons is that English is not the first language of majority of the Asian population. So, certain telltale signs of scams may go completely undetected because of the language barrier.
Also, there are so many people who are in dire need of money and jobs. So, there is a higher chance of them getting scammed out of their desperate attempts to earn a living. Poverty is a major contributing factor behind the steep rise in AI-backed threat attacks in Southeast Asia. Also, lack of awareness is a big reason why Asian people still fall for the simplest of cyberscams.
The huge population across some Southeast Asian countries is also a reason behind the lack of proper cybersecurity systems. There is no adequate cyber protection mechanism available on a wide scale because of the widespread population in these Asian nations. As a result, scammers can get away easily after committing online fraud.
The UNODC team also issued a warning earlier. According to their claims, cybercrime syndicates are heavily investing in developing sturdy networks that compromise extensive physical infrastructure and advanced internet communication technology. These syndicates also leverage their network of underground banking, casinos, and money laundering to divert authorities’ attention.
Cybersecurity experts believe that all countries must unite to combat these cybercriminals and reduce AI-driven cyber risks, including enhanced phishing protection. They also emphasize that ongoing cyber syndicates must be dismantled permanently; otherwise, they will resurface on new platforms and forums. These threat groups maintain extensive backup databases, allowing them to continue their malicious scams even if their current operations are disrupted.