sb-au logo
Story image

The real winner of 2019? Ransomware

Trend Micro today released its 2019 security roundup report, revealing an extremely successful year for ransomware and painting a bleak picture of the future of organisations' security landscapes if they do not act on it.

The report from Trend Micro analyses the most significant issues presented to businesses as a result of renewed cyber threats and outlines best practices to IT security teams aiming to protect their infrastructures. 

Despite other cyber threats being identified in the report as significant, one of the most devastatingly effective attack styles last year was ransomware.

Trend Micro discovered a 10% increase in ransomware detections, despite a 57% decrease in the number of new ransomware families. 

The healthcare industry was the hardest hit by this style of attack, with more than 700 providers targeted in 2019. 

In the United States especially, government agencies, both on state and municipal levels, also fell victim to ransomware.

"Digital transformation has been a business buzzword for decades, and the concept has yielded very positive results over time,” says Trend Micro head of consulting in Hong Kong Tony Lee. 

“But security is often an afterthought, which leaves digital doors wide open for cybercriminals.

"Despite the prevalent ideals of digital transformation, lack of basic security hygiene, legacy systems with outdated operating systems and unpatched vulnerabilities are still a reality,” says Lee.

“This scenario is ideal for ransomware actors looking for a quick return on investment. 

“As long as the ransom scheme continues to be profitable, criminals will continue to leverage it."

Ransomware was such a popular business model in 2019 that to improve efficiency, alliances were brokered between several high-profile ransomware groups around the world.

In one example, the group Sodinokibi launched coordinated attacks on 22 local government units in Texas, demanding a combined US$2.5 million ransom. 

This attack also demonstrated the 'access-as-a-service' trend, in which criminal groups rent out or sell access to company networks. 

The service can be lucrative, according to Trend Micro, with reported quotes for the services stretching from $3,000 to $20,000 in some cases.

Of the reported incidents, one of the most expensive packages included full access to a company's server hosts and corporate virtual private networks (VPNs).

One of the key factors in the success of coordinated ransomware attacks in 2019 is known or established vulnerabilities in organisations which go unchanged even after a breach.

The Trend Micro study reports there was a gigantic 171% rise in ‘high severity vulnerabilities’ in 2019 when compared with the previous year.

This underscores an increasing urgency for companies to patch their vulnerabilities – not doing so may result in the high-severity bugs becoming further weaponised by ransomware attackers.

To protect against today's threat landscape, Trend Micro recommends a connected threat defence across gateways, networks, servers and endpoints. 

Additionally, the company lists these best practices:
  • Mitigate ransomware with network segmentation, regular back-ups and continuous network monitoring.
     
  • Update and patch systems and software to protect against known vulnerabilities.
     
  •  Enable virtual patching, especially for operating systems that are no longer supported by the vendor.
     
  • Implement multi-factor authentication and least privilege access policies to prevent abuse of tools that can be accessed via admin credentials, like remote desktop protocol, PowerShell and developer tools.
Story image
Quantum extends Veeam partnership in a bid to protect against ransomware
“Quantum continues to expand its partnership with us and we are pleased to add ActiveScale object storage to a select group of S3 targets that can provide robust ransomware protection for our joint customers."More
Story image
Three security essentials for financial services
Financial services organisations must provide the best possible customer experience in terms of mobile and online application availability, performance and security, writes Gigamon country manager for A/NZ George Tsoukas.More
Story image
How organisations can extract value from IT investments with Living Systems
Technology is everywhere, but value is not. Twelve months after the first pandemic-related lockdowns began, many organisations have discovered that they’re just not getting the return on investment they expected. Why?More
Story image
IWD 2021: Talend CISO on empowering women in the workplace
"It’s time to break down barriers to equality. We need to feature technical women in a way that resonates with young female audiences."More
Story image
Dicker Data scores One Identity distribution agreement for Australia
Dicker Data has entered into a distribution agreement with One Identity, a Quest Software company specialising in identity-centric security. The agreement was effective as of 1 March 2021.More
Story image
Ingram Micro advances dedicated security practice with new hire
Lazarus has strong advice for all resellers. He says, “If you’re not talking security as part of every customer engagement, you're not having the right conversation.”More