Cyber Attacks changing integrated endpoint security with detection and response landscape.

Ransomware is the new scam affecting millions of businesses and end users globally today. So severe is the problem that in July 2021 Interpol called for police agencies worldwide to form a global coalition with industry partners to prevent a potential ransomware pandemic!

Many organizations across Southeast Asia think they are either "immune" to ransomware, or a "below the radar" of these hackers … but this is not the case. Examples include global insurance company AXA where, in May 2021, ransomware had targeted its Asia Assistance division, impacting IT operations in Thailand, Malaysia, Hong Kong and the Philippines.  All organization everywhere are at risk to becoming victims of ransomware, due to the different approaches being taken by the threat actors.

A recent IDC study indicated that 32% of organizations across Asia Pacific had experienced a ransomware attack in July 2021, but by December 2021 the same study indicated this number had increased to 60% of organizations. In Southeast Asian markets the number of organizations that had experienced a ransomware hack doubled between July and December 2021.

Other examples from the regional press include.

·       Thailand suffering a major ransomware outbreak in September 2020,

·       Indonesia is reportedly the fifth most target country for ransomware with Bank Indonesia being hit in January 2022

Software supply chain attacks also emerged in 2020/1 as a new threat vector for criminals. This is where a trusted software vendor has their production systems hacked and, as updates are sent by the vendor, malware is embedded into what is anticipated to be trusted software.

More than 20 such attacks were identified in early 2021, indicated a new, more sophisticated approach by the criminals responsible. A real problem with this type of attack is that the ingress point is trusted, and not until the malware detonates is there an opportunity to neutralize it, this requires a far more sophisticated level of monitoring and response than many have in place today.

The problems are real, present, and growing – so what can, and should organization do to try to reduce the impact of such threats moving forwards?

Critically, integrated endpoint security with detection and response can help mitigate the most common type of attacks and slow down the effectiveness of some of the more targeted approaches due to improvements in detection techniques and automation of alerts across systems. But this also requires a level of automation and skill, which many organizations are currently unable to hire to address. An alternative is to take a managed detection and response approach, allowing the professionals in the IT security industry to handle much of heavy lifting required here, so that internal resources can be used more effectively elsewhere.

Whilst its not a panacea, integrated endpoint security with detection and response, where automated or managed, is certainly the frontline in a war that Interpol sees as the new criminal pandemic and is something that all organization, large and small, should review in light of the data on hand.