Cyber-attacks have intensified in the last eight months of 2021. The Straits Times reported an increase of ransomware attacks on mid-sized enterprises across healthcare finance across Singapore.
In fact, the Cyber Security Agency of Singapore (CSA) figures showed that ransomware cases in Singapore surged 154 percent from 2019’s 35 cases to 89 cases last year.
Ransomware is no longer a sporadic nuisance, affecting a handful of machines. It has been transformed into a massive, systemic threat affecting entire networks of both large and medium enterprises. We spoke with Harsh Pant, Global Security Architect and Technical Director (for Products, Managed Security Services, Labs) from Trustwave, on what makes today’s ransomware attacks so dangerous to the health of an organization and how to protect your company from such an attack. Find the full interview below.
How has ransomware evolved?
Harsh: The global ransomware outbreak has bored four distinct characteristics exemplifying the evolution of ransomware activities. Firstly, shifting from indiscriminate, opportunistic attacks to targeting large businesses in the hope of higher ransom pay-outs. Secondly, the adoption of “leak and shame” tactics, whereby victims’ stolen data would be publicly leaked if ransom demands were not acceded to. Third, the rise in “Ransomware-as-a-Service” (RaaS) models, which made sophisticated ransomware strains accessible to less technically adept cybercriminals. Lastly, “double extortion”, whereby victims were demanded to pay a separate ransom to decrypt its locked files.
What are the common ransomware threats in Singapore?
Harsh: Ransomware strains detected in local ransomware cases, such as REvil, Netwalker and Altdos, were observed to both operate under the RaaS model and leverage leak sites to pressure victims into paying their ransoms. Revil, Avaddon and NetWalker are mainly seen in Asia in the last couple of quarters, but the region is also at risk to more sophisticated like Conti.
How to reduce the risk of being attack?
Harsh: To prevent and respond to ransomware, there is a need to constantly monitor for anomalous activities and behaviour within networks. The ‘zero-trust’ model is crucial to enhancing organisations’ cybersecurity posture against similar threats in the long run.
Regularly review the company’s data protection policies and processes, and conduct vulnerability assessment and penetration testing.
Does endpoint antivirus software give enough protection?
Harsh: By design, antivirus software can detect only known ransomware. The newest ransomware families will likely be left undetected. Antivirus solutions can detect some ransomware attacks but are unable to prevent ransomware from infecting your system completely.
How can organizations protect themselves against ransomware?
Harsh: The organisation must perform Security Posture Assessments, Continuous Vulnerability Assessments and ongoing Threat Hunting. The organisation must also ensure they can take an immediate response or isolation of endpoints and databases should a security incident occur. It’s critical to set up the right systems for detection and response along with a mature integrated SOC.
What is Managed Detection and Response?
Harsh: Managed Detection and Response (MDR) is an advanced managed security service that provides threat intelligence, threat hunting, security monitoring, incident analysis, and incident response. This is unlike a traditional managed security services provider (MSSP) offering, who only provide alerts from security monitoring.
The benefits of having MDR services are:
- Effective and timely, 24x7 threat detection
- Proven threat hunting capability
- Automation-enabled, expert response
- Support for hybrid operation
- Analyst-recognized service delivery excellence
Trustwave Fusion Platform
How Trustwave Can Help?
Trustwave provides fast and effective detection and response
Trustwave Fusion, our cloud-based Extended Detection and Response (XDR) platform, provides rich API integrations to your environment to drive fast and effective detection and response outcomes. Built-in Security Orchestration, Automation and Response (SOAR) functionality enables us to enrich environment telemetry with cyber threat intelligence and sync and resolve findings on your systems.
Rapid Automated Response - Driven by Clients
We work with you to understand your specific needs and establish ‘rules of the road’ to inform how we respond. These protocols enable our skilled analysts to make fast and effective response decisions based on your business context.
Download our Managed Threat Detection and Response datasheet to learn more about how Trustwave identifies and eliminates active threats in your environment.
Trustwave is recognized as a Top Leader in Managed Security Services by Gartner, IDC and Forrester and has more than 20 years of experience in securing data in government entities and large enterprises globally.
Talk to us to find out how we help to identify and eliminate active threats in your environment. www.trustwave.com