Connect with us

Hi, what are you looking for?

HEADLINES

Targeted ransomware groups such as Maze spotted in Southeast Asia

An additional two to five hours have been added on top of the 8-hour daily surfing average of consumers in SEA. In terms of financial matters, 47% of the surveyed individuals have shifted their payment and bank transactions online due to the lockdown restrictions and safety precautions on their respective countries.

If there is one positive consequence brought about by the COVID-19 situation in Southeast Asia (SEA), it is to prove that the region has the capability to embrace digitalization. In fact, a 2020 research conducted by Kaspersky among 760 respondents from the region revealed that nearly 8-in-10 are currently working from home.

An additional two to five hours have been added on top of the 8-hour daily surfing average of consumers in SEA. In terms of financial matters, 47% of the surveyed individuals have shifted their payment and bank transactions online due to the lockdown restrictions and safety precautions on their respective countries.

Technology and the World Wide Web are stepping up as powerful tools which everyone can leverage to survive this period. Increased reliance on the internet, however, also open more vulnerabilities cybercriminals can exploit. With the combined digital aftermath of the pandemic and the geopolitical situation in the region, Kaspersky announces the top threats public and private organizations should watch out for.

“The year 2020 is not like any other. This year is not only the time of changes, but it changed the time itself. It changed the way we travel, the way we shop, the way we interact with each other. The computer threat model has evolved since COVID-19 started,” says Vitaly Kamluk, director for Global Research and Analysis Team (GReAT) Asia Pacific at Kaspersky.

Advertisement. Scroll to continue reading.

Rise of Targeted Ransomware

Targeted ransomware in Southeast Asia detected by Kaspersky in 2020

Through a virtual media conference with select journalists in SEA, Kamluk revealed how cybercriminals have added blackmailing on their arsenal to ensure that their victims will pay ransomware. He also confirmed the presence of top ransomware groups in the region targeting the following industries:

  • State enterprise
  • Aerospace and engineering
  • Manufacturing and trading steel sheet
  • Beverage company
  • Palm products
  • Hotel and accommodation services
  • IT services

Among the notorious ransomware families, and is one of the first to conduct such operation, is the Maze family. The group behind Maze ransomware has leaked the data of their victims’ who refused to pay ransom — more than once. They leaked 700MB of internal data online back in November 2019 with an additional warning that the published documents are just 10% of the data they were able to steal.

Aside from this, the group has also created a website where they revealed the identities of their victims as well as the details of the attack – date of infection, amount of data stolen, names of servers, and more.

Maze Ransomware’s Website

Back in January, the group was involved in a lawsuit with a cable maker company. This resulted to the website being shut down.

The attack process being used by this group is simple. They will infiltrate the system, haunt for the most sensitive data, and then upload them to their cloud storage. After that, these will be encrypted with RSA. A ransom will be demanded based on the size of the company and the volume of the data stolen. This group will then publish the details on their blog and even make anonymous tips to journalists.

Advertisement. Scroll to continue reading.

“We are monitoring an uptick on Maze detections globally, even against a few companies in Southeast Asia, which means this trend is currently gaining momentum. While the public shaming part of the attack adds to the pressure of bowing to the demands of these cybercriminals, I strongly advise companies and organizations not to pay ransom and to involve law enforcement agencies and experts during such scenarios. Remember that it is also better to have your data backed up, your cybersecurity defenses in place, to avoid falling victims to these malicious actors,” adds Kamluk.

To remain protected against these threats, Kamluk suggests enterprises and organizations to:

  • Stay ahead of your enemy: make backups, simulate attacks, prepare action plan for disaster recovery.
  • Deploy sensors everywhere: monitor software activity on endpoints, record traffic, check hardware integrity.
  • Never follow the demands of the criminals. Do not fight alone – contact Law Enforcement, CERT, security vendors like Kaspersky.
  • Train your staff while they work remotely: digital forensics, basic malware analysis, PR crisis management.
  • Follow the latest trends via premium threat intelligence subscriptions, like Kaspersky APT Intelligence Service.
  • Know your enemy: identify new undetected malware on premises with Kaspersky Threat Attribution Engine.

Advertisement
Advertisement
Advertisement

Like Us On Facebook

You May Also Like

White Papers

When compared to 2023, Sophos saw a 51% increase in abusing “Living off the Land” binaries or LOLbins; since 2021, it’s increased by 83%.

HEADLINES

Someone illegally acquires or uses personal information such as bank account or credit card numbers of another person to obtain money, goods or services....

HEADLINES

To stay ahead of these challenges, organizations need to invest in AI-driven defenses, transition to quantum-safe encryption, and adopt a Zero Trust approach to...

HEADLINES

There was a 121% Year-on-Year (YoY) increase in identity fraud in 2024 across the region, with significant surges recorded in Singapore (207%), Thailand (206%)...

HEADLINES

As part of RCBC’s 2024 Cybersecurity literacy program, the webinar aims to help Filipinos level up their online banking safety by providing them with...

White Papers

The survey found that CXO’s feel less prepared than their global peers. Less than half or 48% in APAC said they felt completely prepared...

HEADLINES

On average, a single organization in the Philippines experiences 4,003 attacks per week, significantly higher than the APAC average of 2,870 attacks per week.

White Papers

Exploiting this vulnerability, cybercriminals craft deceptively authentic phishing emails that align with current trends, exploiting human emotions to invoke urgency and trick recipients into...

Advertisement