“Ransomware and Zero-Day attacks are on the rise,” warned Sumit Bansal, managing director-ASEAN and Korea of Sophos, as he stressed that these are the top threats that will be deployed by cyber criminals worldwide in the next four months. “The biggest threat we see is ransomware is on the rise, about 47% of all threats, and around 33% are advanced malware – these are Zero-Day attacks or techniques that are being used to exploit or compromise devices.”
IMAGE FROM PIXABAY.COM
Bansal said ransomware are so many, with well-known WannaCry, Petya, Bad Rabbit and Cerber only samples and none of their customers is not affected by these as traditional antivirus solutions cannot stop these threats or attacks.
“Traditional antivirus software rely on signatures but with ransomware being much more tricky, it can imitate encryption software, making it hard to detect just by patch,” said Bansal, adding that if you don’t have next-generation signatures, technology becomes tougher.
There are other ways hackers used to get into a network or a device and compromise them. One of these is the exploit techniques which constitute 13% of malware. According to Bansal, there are 24 known exploit techniques hackers used to get in or compromise devices so they can deliver the actual malware that can cause the damage. “First is the penetration then the actual malware,” noted Bansal.
These exploit techniques, which run for years, are just being rehashed and truncated by adversaries. Bansal said these techniques can be bought with very little amount of money on a Dark Web. “All you need is a computer and a Tor Browser, (or a tool set that can help anonymize Web browsing and publishing, instant messaging and other applications that use the TCP protocol). You connect, open an account and you buy,” he said.
Bansal said with ransomware, hackers can make up to $400,000 a month. The best part is the fact that hackers don’t need to know ID codes, or pay codes. They can find the list, they can buy the list they want to target, and they can deploy it. And even if they don’t want to do any of that, they can actually hire someone, it is called the Ransomware-as-a-Service and they will take a commission from you for every list they get, according to Bansal.
Richer countries are most targeted for malware attacks because they can give money. “In the ASEAN, ransomware intercepted by the Sophos Labs in Singapore and Indonesia is quite high at 6.5% and 5.3%, respectively. The Philippines is at around two percent,” Bansal said. “In terms of industries, there is no specific industry that is targeted. Hackers will target where they think they will get the money.”
Meanwhile, the Philippine government is addressing these threats by creating the Philippines’ National Cybersecurity Plan (NCSP) 2022, a framework on how we and government-run organizations should put measures in place to prevent breaches against cyber attacks.
“It’s a good starting point but actions need to be decided on what needs to be done. Philippines is not the only country doing this, Singapore is also on the same track. They’re telling companies and organizations on what to do, and hiring high-level security advisers to help them ready for attacks,” said Bansal.
For its part, Sophos addresses these threats by coming up with a Synchronized Security Platform and Strategy which enables defenses to be as coordinated as attacks. The platform combines endpoint and network protection to operate as one integrated security system with security products that share a common interface and exchange real-time information in order to response automatically to threats.
