Cybersecurity company Sophos has recently released its Active Adversary Report for Tech Leaders 2023. The report highlights a few important findings about cyberattacks in the first half of 2023 as follows:
1) Decrease on Dwell Time
Dwell time is basically the attack detection speed of a computer security network. It is calculated based on the time from the start of a cyberattack to when it’s detected. Sophos found that the time it takes to detect a cyberattack has decreased. In 2022, it took an average of 15 days to detect an attack, but in 2023, this time has been reduced to just 8 days. For ransomware attacks, it’s even shorter, at 5 days.
2) Attacks on Active Directory
Active Directory (AD) is a crucial part of a company’s computer network. According to Sophos, attackers now take less than a day (approximately 16 hours) to breach and gain control of AD. This is a concerning trend because having control of AD gives attackers significant power over the company’s systems and data.
3) Ransomware Attacks
Ransomware attacks were the most common type investigated in the report, making up 69% of cases. Most ransomware attacks occurred outside of regular working hours, with 81% of them launching their final damaging actions outside of business hours.
4) Detection Timing
Interestingly, the report shows that the number of attacks detected increases as the week progresses, with a notable spike in ransomware attacks on Fridays and Saturdays.
5) Security Tools
The report mentions that while there have been improvements in security tools and technologies, attackers are still finding ways to infiltrate networks. The key to better security is not just having the right tools but also actively monitoring for threats.
In conclusion, this report serves as a reminder that cyberattacks are evolving, and businesses need to stay vigilant and invest in both advanced security tools and continuous monitoring to protect their data and systems.
You can find more detailed information in the full article on the Sophos’ website.
Did you know that Ransomware attacks started in 1989? At least that was the first known ransomware attack known to the modern world. It happened towards the end of the year in 1989 and it targeted the healthcare industry. No, not just a single healthcare institution that was attacked.
The First Ransomware
It was an industry wide attack initiated by a Dr. Joseph Popp, a PhD holder and AIDS researcher. He distributed 20,000 floppy disks (diskettes) to AIDS researchers around the world spanning 90 countries. He claimed that the disks contain a risk analysis program for AIDS via a questionnaire. The program does exist. Alongside the program though is also a malware that remains dormant in a PC making its source difficult to pinpoint back then. After the PC is powered on 90 time, the malware locks the PC and displays a message demanding a payment of US$ 189 and another US$ 379 for a software lease. This, the first ransomware in the world, was called the AIDS Trojan.
The Evolution of Ransomware
In 2020, Ransomware 2.0 became a thing and Kaspersky saw it. Attacks become even more targeted. Attackers employ threatening tactics that could increase the impact of the attack. They even pressure targets by threatening their public reputations. In that case, attackers can even demand for higher ransom.
In 2022, the world of Ransomware evolved again, and you now have Ransomware 3.0 or Lockbit. Instead of just locking the target’s data, they now control the target’s data. They have the liberty to sell these data to the highest bidders. They can even conduct DDoS or phishing attacks that targets their target’s clients or staff members of their target. Of course, the ransom goes up again. Lockbit has been identified as the most popular ransomware used in at least 115 known attacks in Southeast Asia.
Lockbit is not just used by a single group of attackers though. Lockbit is a group that also sells their services and ransomware program to other attacking groups. The latest known version of the program is Lockbit 3.0, and it is updated regularly to foil early detection, and even more targeted than ever before.
We Are NOT Safe
As it is, while Ransomware has been a term that has been thrown around for the past couple of years, it is a more serious problem than plenty thinks, especially with Lockbit 3.0. More ransomware attacks have occurred than we know. Most of them are reported too late too, meaning they have been attacked and would have to pay the ransom. While the healthcare industry is still one of the most targeted industry for ransomware attacks, the attacks also affects the education sector, manufacturing sector, and even motorsports. It is a serious problem, not just after you have been targeted, but even before; every one of us are vulnerable.
So how do you prevent an attack, or even foil one? There are a few methods that larger corporations employ that you can work with as well. One of them is to create data backups regularly. You can either get a cloud provider to do that for you or store your backup data in a physical server location within your premises. The physical option can cost a lot of money though, you have been warned.
Kaspersky’s Solution
Source: Kaspersky
If not, why not just prevent it altogether with an early detection program for your entire digital infrastructure? That is what Kaspersky’s Extended Detection and Response (XDR) program aims to do.
Kaspersky’s XDR program is not just another anti-virus or cyber security program for the masses. It is a highly sophisticated program that should cover all your bases in terms of a system-wide cybersecurity measure. It is a sort of early detection and prevention platform that should offers multi-layered safety nets in your vast digital network.
While it is not a one-stop-shop solution for cyber security, Kaspersky’s XDR aims to cover most of your cybersecurity concerns from a single place. The platform aims to offer more visibility in the user’s cybersecurity network, simplify the processes and programs into a single space, and even foil new threats that are yet to be known to the wider industry. The question is ‘how’?
Kaspersky’s XDR is not just tailored to specific users. It is also a part of a bigger network that they call Kaspersky Security Network (KSN). While most of the data within the network cannot be specifically shared with Kaspersky’s clientele, data collected from each user is used within Kaspersky to form better understanding of upcoming and occurring threats. That also allows the program to understand threats better across industries and react accordingly based on the data it collected from previous known attacks.
It also simplifies the investigation processes by consolidating large volumes of alerts and incident reports into smaller clusters with differing priorities. On top of that, each incident report now comes with context that also ensures that the information provided is not just relevant, but also important to the investigation. It quickens the investigation process by streamlining the process and in turn also makes it more precise. Beyond that, Kaspersky’s XDR offers response options to attacks for better protection in the future. All of these should be accessible from a single interface by Kaspersky as well.
Doing More, Not Less
Again, the Kaspersky XDR platform is not a one-stop-shop or the only cybersecurity solution out there that could prevent the next big ransomware attack in your organization. As of 2023 though, Kaspersky’s platform has prevented the most ransomware attacks in the Southeast Asia region. In 2022 alone, Kaspersky has detected and prevented more than 130,000 ransomware attacks in Indonesia alone.
There are other things, in our opinion that you should also do to prevent an organization-wide ransomware attack. First, you must be aware; quite obviously. You also want to make sure that you do not respond to suspicious emails, or pick up any random drives and insert them to your work PC. We also recommend that you keep backups of your important data in a few locations, including cloud, and keep them separate and safe. But you can never be too safe, therefore having extra layers of security with Kaspersky’s XDR could also be that differentiating factor between paying a large ransom, or getting through your Monday like any other Mondays.
If you are interested in Kaspersky’s XDR program and even other services by Kaspersky, you can visit their website for more information. You can also email them directly for all your inquiries. Or, if you are more concerned with personal protection, you can still go to their website for your own end-point protection plan.
