In Chinese culture, the number 8 is revered as it’s pronunciation is considered to invite great wealth. But in the cybersecurity industry, this number is plain unlucky simple because there was an 888% surge in fileless malware. How do we even begin to comprehend this figure?
Over the years, ransomware has seen an increase and the extent of attacks too has grown over the years. As technology progresses, cyber criminals too have upped their game. In 2015, it was targeted at individuals then three years later it progressed to targeting business and in 2017 to enterprise worm and finally in 2019 it reaches the status of tailored operations.
Chris Lee, a senior security engineer from BeyondTrust Singapore broke down ransomware into easy-to-understand terms simply in his presentation at the Cyber Security Asia 2021. Terming it as “Six Things to Know About Ransomware”, Lee started off his topic by explaining that it is simply malware, which is the is the collective name for a number of malicious software variants, including viruses and spyware.
According to Lee, ransomware is on the rise, and it doesn’t seem to be going anywhere. In 2020, ransomware attacks increased by approximately 150 % while there has been a 33% increase in ransomware families year-on-year. This increase could very likely be attributed to the third item in his “Six Things to Know About Cybersecurity”, where he explains that attack surface is vastly increasing. The increase is hugely contributed by more vulnerabilities, more remote access, more privileges, more shadow IT, and that the Covid-19 pandemic has resulted in more BYOD and BYOT trend. All these opens more attack surfaces that threat actors easily exploit.
Ransomware has also seen an uptake because it is a lucrative business opportunity. As a successful business model, ransomware is a hit as there are many trends that drive the win rates for it. Amongst them is the “naming and shaming” trend where the attackers often publicize an attack to a victim’s customers and the media to coerce the victim into paying up. Another trend is when the cost of downtime or reputational risk is too great, so the victims give in and pay. Other trends listed are cybersecurity insurance increase payout chances and that ransomware-as-a-service is increasing.
The fifth thing to know about cybersecurity is that paying the ransom doesn’t always end the threat. This is because there is no guarantee ransomware operator will give back access to data or in some instances, the malicious party may give back data access, but they could turn around and sell the data or even re-encrypt it. Another reason is if the root cause such as unpatched vulnerability or insecure remote access is not addressed, another savvy ransomware operator can and will exploit the same victim.
The last point made by Lee is that ransomware is not complex. As such, it can only run with the privilege of the user or the application that launches it.
Follow us on ESPC2GO for updates and news on Cyber Security Asia 2021.