Enterprises in Southeast Asia are becoming an increasingly interesting target for ransomware attacks, and this trend will continue this year and beyond, according to Kaspersky. Since ransomware has become the biggest online security threat to organizations, it will continue to increase and evolve with new variants creating sophisticated techniques and tactics to infect computers or networks, and demand ransom from owners.
Kaspersky revealed that last year, almost two-fold or an increase of 181% in ransomware has been encountered daily, which translates to 9,500 encrypting files per day globally. Behind this increase was the rise in targeted ransomware groups dubbed as Ransomware 3.0 which conduct extortion mode either through reselling the data or files they have hacked, conducting DDoS attacks against their victim of the victim’s customers, or using the same data to conduct follow-up attacks like targeted phishing.
The global security company also revealed Lockbit, a ransomware-as-a service provider being the most organized criminal, as the latest and most prolific targeted ransomware which attacked 115 unique businesses, including users of Kaspersky’s B2B solutions in SEA. This malware victimized enterprises globally and in SEA including a major IT service provider where $50-million was demanded as ransom, a private school in Malaysia, and a food manufacturer in Singapore.
With a goal of getting easy money through ransom demand and because this tactic works, cybercriminals continue to attack businesses in Southeast Asia. Data from Kaspersky showed 304,904 ransomware attacks eyeing enterprises in this region have been blocked by Kaspersky’s business solutions last year. Of the total, the Philippines recorded 21,076 attacks during the period, with Trojan ransomware as the most common type of threats that targets businesses in the country.
Apart from these ransomware attacks, there is also the cybersecurity talent gap that hinders fast detection and response. A study even logged a 2.1-million gap in available local security staff urgently needed in the greater Asia Pacific region.
“One of our fresh studies has already confirmed that three-in-five of businesses here have been victims of a ransomware attack. Some once, but half have fallen prey multiple times. Our 2022 data reveals this threat will continue to be a menace for enterprises in SEA because it makes good money for cybercriminals because some business executives think ransomware is just overhyped by the media, and because enterprise security teams are actually overwhelmed and undermanned to detect and respond against it,” said Yeo Siang Tiong, general manager for Southeast Asia.
Tiong notes that malicious actors, like the Lockbit ransonware, invest considerable time in up-front intelligence gathering to determine who they will target, how they will target them, and the optimal timing of their attack. This level of pre-planning makes attacks more sophisticated and therefore harder to catch. Together with the emerging triple extortion models, targeted ransomware groups are set to disrupt more enterprises in SEA if they are not equipped with the necessary security solutions.
To protect against ransomware that targets enterprises, Kaspersky launched its XDR (Extended Detection and Response) platform for businesses of all sizes to equip their security teams with expert detection and response tool that can help them build their cybersecurity capabilities.
Kaspersky’s XDR is a multi-layered security technology platform in the form of solutions and cybersecurity experts’ services and uses a proactive approach of coordinating siloed security tools into a coherent, unified security threat detection and response platform.
Some of XDR’s benefits include consolidating a large volume of alerts into a much smaller number of incidents that can be prioritized for manual investigation, providing integrated incident response options that provide sufficient context so that alerts can be resolved quickly, and providing response options that extend beyond infrastructure control points, including network, cloud, and endpoints to deliver comprehensive protection.