silhouette of light house under gray dark sky
Business, Contributed

Vigilance is Crucial for Businesses in Dealing with Modern Malware

Leave a comment

In just the first four months of 2021, Trend Micro’s Research team detected 113,010 ransomware threats in Malaysia. Ever since the first detected case of ransomware infection in 2005 globally[1], ransomware has evolved. Over the years, ransomware has evolved and has resulted in the emergence of what is often termed modern ransomware; which is even more targeted and malicious in nature.

The recent attack on enterprise technology firm Kaseya[2], where hackers demanded US$70 million (RM290.92 million) worth of bitcoin in return for stolen data, is a stark reminder of the sweeping damage and disruption that modern ransomware is capable of. 

crop hacker typing on laptop with information on screen
Photo by Sora Shimazaki on Pexels.com

Traditionally, ransomware attacks were conducted through a “click-on-the-link” that leads to compromised websites or spam emails. This was typically aimed at a random list of victims to collect moderate pay-out.

Today, threat actors have evolved their strategies to inflict greater damage on a company’s reputation and potentially collect larger pay-outs from high-profile victims. This is what is becoming known as a “double-extortion” strategy in modern ransomware attacks. According to Trend Micro’s research[3], criminals take these steps to personalize the attacks:

  1. Organize alternative access to a victim’s network such as through a supply chain attack;
  2. Determine the most valuable assets and processes that could potentially yield the highest possible ransom amount for each victim;
  3. Take control of valuable assets, recovery procedures, and backups;
  4. Steal and threaten to expose confidential data;

In Malaysia, Trend Micro found that the industries most targeted by ransomware are government, healthcare, and manufacturing[4]. As these sectors continue to play a role in driving economic growth in the country, it is clear that a multi-layered cybersecurity defence system is necessary. These enterprises will need to create such a defence to defend their networks and protect their business-critical data to keep up with the ever-evolving ransomware landscape.

close up view of system hacking
Photo by Tima Miroshnichenko on Pexels.com

In order to keep up with the ever-evolving ransomware landscape, among the three most important must-dos for Malaysian organizations are: 

  • Maintain IT hygiene factors: Security teams should ensure that proactive countermeasures, such as monitoring features, backups, and trainings in security skills, are in place to enable early detection. Alongside that, everyone in an organization should also have the latest security updates and patches installed.
  • Work with the right security partners: Start by clearly defining the needs and priorities around enterprise security in an organization. Then, collaborate with a security vendor that aligns with these priorities to create a solid security response playbook to be used on an ongoing basis.
  • Have visibility over all security layers: In order for security teams to be able to detect suspicious activity early-on and to respond to cyber attacks quicker, organizations should utilize tools such as Trend Micro Vision One, which collects and automatically correlates data across email, endpoints, servers, cloud workloads, and networks. By putting the right technologies in place, enterprises can also help reduce the alert fatigue commonly faced by security operations centers (SOCs), with 54% reporting that they are overwhelmed by alerts[5].

In today’s world of constant attacks, cybersecurity should be a top priority for everyone across the entire organization; and not just be the sole responsibility of the security team. While an organization can eventually recover its data or financial resources post-attack, the loss of trust among customers and partners will be a difficult challenge to remedy. All stakeholders must collaborate, invest in proper resources, and take proactive steps to transform workplace culture and best practices in order to stop pernicious ransomware threats at the door. 

[1] Trend Micro, Ransomware, https://www.trendmicro.com/vinfo/us/security/definition/ransomware

[2] Trend Micro, IT Management Platform Kaseya Hit With Sodinokibi/REvil Ransomware Attack, 4 July 2021. https://www.trendmicro.com/en_my/research/21/g/it-management-platform-kaseya-hit-with-sodinokibi-revil-ransomwa.html

[3] Trend Micro, Modern Ransomware’s Double Extortion Tactics, 8 June 2021. https://www.trendmicro.com/vinfo/gb/security/news/cybercrime-and-digital-threats/modern-ransomwares-double-extortion-tactics-and-how-to-protect-enterprises-against-them

[4] Trend Micro, Trend Micro 2020 Annual Cybersecurity Report, 23 February 2021. https://www.trendmicro.com/vinfo/us/security/research-and-analysis/threat-reports/roundup/a-constant-state-of-flux-trend-micro-2020-annual-cybersecurity-report

[5] Trend Micro, 70% Of SOC Teams Emotionally Overwhelmed By Security Alert Volume, 25 May 2021, https://newsroom.trendmicro.com/2021-05-25-70-Of-SOC-Teams-Emotionally-Overwhelmed-By-Security-Alert-Volume

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.