Intelligent CIO APAC Issue 03 | Page 55

FEATURE : DATA SECURITY
Ransomware-as-a-Service variant known as REvil . This malicious code is offered as a service and CrowdStrike observed it to be the most widespread ransomware code during the second quarter of this year .
The Carbon Spider adversary group has also been created by sophisticated cybercriminals , who make use of DNS tunnelling to spread code . The code can also be distributed on devices such as USB keys in the hope that staff within a target organization will insert it into a networked PC . To date , the group has tended to target point-of-sale ( POS ) devices to extract details of credit cards .
More recently , Carbon Spider , a group primarily focused on attacking organizations using point-of-sale terminals , has been observed using the REvil ransomware from Pinchy Spider . This has allowed them to extract ransom payments in addition to their normal modus operandi of favoring large organizations that process high volumes of credit card transactions , including large retailers , hotels and casinos .
A third group , named Wizard Spider , previously used a family of ransomware code known as Ryuk until March this year . They have returned on the scene with Conti Softwarek , a code designed to identify and encrypt files on hosts within a local area network . The adversary leverages multiple , highly sophisticated techniques for attempting to deploy ransomware enterprise-wide , hoping for a huge payday .
Another recent group , Sprite Spider conducts low-volume , targeted big game hunting . It exclusively deploys Defray 777 ransomware in-memory on victim systems and because its actor footprint remains small , investigations have proven difficult post-ransom .
The wide variants of threat actors currently active in the market shows how quickly cybercrime , and ransomware in particular , is evolving . Many organizations that fall victim find they have little choice but to pay the ransom , thereby encouraging the groups to extend their activities even further .
Security in a COVID-19 environment
While the initial wave of attacks related to COVID-19 appears to have declined , it ’ s likely activity will rise again as interest grows in the potential vaccine candidates currently being developed around the world . Attackers are likely to mount phishing attacks using emails that appear to offer details about vaccines and how soon they could reach the market .
For this reason , it is now more important than ever for strong security measures to be in place across your organization .
The CrowdStrike Asia Pacific and Japan State of Cybersecurity Report found that 74 % of respondents across APAC believe that enhancement of their cybersecurity measures should be the top priority in coming months .
Accept the 1 – 10 – 60 challenge
Combating sophisticated adversaries requires a mature process that can prevent , detect and respond to threats with speed and agility . CrowdStrike urges organizations to pursue the ‘ 1 – 10 – 60 rule ’ in order to effectively combat sophisticated cyberthreats :
• Detect intrusions in under one minute
• Investigate and understand threats in under 10 minutes
• Contain and eliminate the adversary from the environment in under 60 minutes
Organizations that meet this 1 – 10 – 60 benchmark are much more likely to eradicate the adversary before the attack spreads from its initial entry point , minimizing impact and further escalation . Meeting this challenge requires investment in deep visibility , as well as automated analysis and remediation tools across the enterprise , reducing friction and enabling responders to understand threats and take fast , decisive action .
Ultimately , consider how successful your existing protective measures are with a distributed workforce and put in place additional tools to increase defenses . It ’ s going to be many months before APAC returns to anything that resembles normal , but the threat of cybercrime will remain . Taking the time now to understand how threats are evolving will ensure you are best positioned to prevent an attack . •

CONSIDER HOW SUCCESSFUL YOUR EXISTING PROTECTIVE MEASURES ARE WITH A DISTRIBUTED WORKFORCE AND

PUT IN PLACE ADDITIONAL TOOLS TO INCREASE DEFENSES . www . intelligentcio . com INTELLIGENTCIO

55