FEATURE : RANSOMWARE
INDUSTRIES IN WHICH ORGANIZATIONS RUN ON SYSTEMS WITH OUT- OF-DATE SOFTWARE HAVE BEEN MORE HEAVILY IMPACTED .
• Singapore ranked only behind Thailand ( 28 ), and ahead of Indonesia ( 14 ), Malaysia ( 11 ), the Philippines ( 11 ) and Vietnam ( 9 )
Sean Duca , Vice President and Regional Chief Security Officer , Asia Pacific and Japan , Palo Alto Networks , said that – based on both Unit 42 ’ s data and Dark Web leak site data – high technology , manufacturing and professional and legal services remained the most targeted sectors in Singapore .
“ Industries in which organizations run on systems with out-of-date software have been more heavily impacted . When it ’ s difficult for organizations to regularly update or patch , threat actors have gained an opportunity to attack old vulnerabilities to initiate their exploits ,” he said .
“ The groups have taken advantage of the pressure organizations in Singapore are under to meet deadlines and produce deliverables , hoping this will lead them to pay quickly and in full . Lost revenue streams from operational downtime have pushed organizations to concede to threat actors ’ demands .”
Evidence outlines the impact of the Russia-Ukraine conflict in catalyzing the growth of Lockbit 3.0 in Singapore – a pattern across the APAC region as a whole .
As uncertain geopolitical times continue , ransomware groups are using these events to exploit the fear and curiosity of employees to lure victims . Among the beneficiaries is Lockbit 3.0 – also known as LockBit Black – a more modular and evasive variant than its previous versions .
Duca said Lockbit 3.0 has climbed to the top of the ransomware success pyramid by compromising targets at an unprecedented pace .
“ As per our report , in 2022 , the extortion group posted information about 801 breached organizations on their leak site , the highest victim count we have observed in the last two years from any one group . LockBit posted 409 victims in 2021 , meaning that in 2022 , we saw a 95 % increase in victim count compared to last year ’ s entries ,” he said .
“ Our recent report further asserts that future attacks from Lockbit 3.0 may target organizations in the APAC region , in retaliation for increased sanctions or other political measures against the Russian government .
“ These cybercriminals are no longer focused solely on chasing money . We recommend that all organizations proactively prepare to defend against this potential threat .”
Overall , the total number of ransomware attacks in APAC increased by 35.4 % to 302 .
Globally , ransomware demands continued to be a pain point for organizations this past year , with payments as high as US $ 7 million ( SGD 9.4m ) in cases that Unit 42 observed . The global median demand was US $ 650,000 ( SGD 873,500 ), while the median payment was US $ 350,000 ( SGD 470,300 ), indicating that effective negotiation can drive down actual payments .
Key trends from the report include :
Attackers add pressure with multi extortion
Ransomware groups have been observed layering extortion techniques for greater impact , with the goal of applying more pressure on organizations to pay the ransom . Some of these tactics include encryption , data theft , distributed denial of service ( DDoS ) and harassment . Data theft , which is often associated with Dark Web leak sites , was the most common of the extortion tactics , with 70 % of groups using it by late 2022 – a 30 % point increase from the year prior .
Leak sites drip with data
Every day , Unit 42 researchers see an average of seven new ransomware victims posted on leak sites – equating to one new victim every four hours . In fact , in 53 % of Unit 42 ’ s ransomware incidents involving negotiation , ransomware groups have threatened to leak data stolen from organizations on their leak site websites . This activity has been seen from a mix of new and legacy groups , indicating that new actors are entering the landscape to cash in as legacy groups have done . Established groups like BlackCat , LockBit and others contributed to 57 % of the leaks with new groups trailing close behind on 43 %.
54 INTELLIGENTCIO APAC www . intelligentcio . com