Grudge purchase or not – cyber security is non-negotiable
Research into the global cyber security threat landscape shows a marked increase in threats to business services, an evolution in ransomware attacks and confirmation that emails are being used to send malicious documents and executables like infostealers and Trojans. Any business connected to the internet has no option but to have cyber security in place.
This is according to findings of cybersecurity company Trellix’ Threat Report: Summer 2022 and input from its Threat Labs (connected to healthcare and access control systems), which together reflect email security trends.
It also details the evolution of Russian cybercrime related to the conflict in Ukraine where new malware or methods have yet to be observed.
Among the key findings:
• Increased threats to business services: Companies providing IT, finance and other types of consulting and contract services were targeted by adversarial actors more often, demonstrating cybercriminals desire to disrupt multiple companies with one attack. Business services accounted for 64% of total US ransomware detections and was the second most targeted sector behind telecom across global ransomware detections, malware detections, and nation-state backed attacks in Q1 2022.
• Ransomware evolution: Following the January arrests of members of the REvil ransomware gang, payouts to attackers declined. Trellix also observed ransomware groups building lockers targeting virtualization services with varied success. Leaked chats from the quarter’s second most active ransomware gang, Conti, which publicly expressed allegiance to the Russian administration, seem to confirm the government is directing cybercriminal enterprises.
• Email security trends: Telemetry analysis revealed phishing URLs and malicious document trends in email security. Most malicious emails detected contained a phishing URL used to steal credentials or lure victims to download malware. Trellix also identified emails with malicious documents and executables like infostealers and trojans attached.
SA, Africa as vulnerable as global counterparts
Carlo Bolzonello, country lead for Trellix in South Africa, told ITWeb Africa that businesses of all sizes in South Africa are as vulnerable to all types of cybercrime as their counterparts anywhere else in the world.
“Threat actors don’t customise their attack methods to a country or a continent, apart from the rare instance that they have a specific target in mind, like the recent Conti ransomware attack on the government of Costa Rica. Typically, they focus on a particular vector, like email or ransomware. Their intentions remain the same: to steal and use information, such as bank account details or corporate information, for example, or to cripple an organisation’s infrastructure and demand a ransom to restore it.”
Bolzonello said that while there are no specific threat actors that focus on Africa or South Africa – no business or organisation that is connected to the internet in any way can afford to not have cyber security in place.
“Cutting costs on implementing sufficient cyber security protocols is likely to cost a business in downtime, damage to infrastructure and services, and even directly in money if they feel compelled to pay a ransom to have their services and infrastructure restored. Even then, there’s no guarantee that the cyber criminals will keep their word – chances are strong that everything will have to be replaced anyway, while business treasures like trust and relationships with clients will be irrevocably compromised,” said Bolzonello.
Bolzonello acknowledged that some businesses may not be large enough to afford their own specialist cyber security team and infrastructure, but in this case they should seek a managed solution from a security vendor partner, that offers the infrastructure and skills they need, without the direct expense.
“This is true for government as well. For example, none of South Africa’s key infrastructure and service providers have a redundancy option in place - if they are attacked and shut down by a cyber-attack, there is no Plan B. This was seen in the recent Transnet attack, where ports could not operate, ships could not dock, goods could not land, and the supply chain was disrupted. The consequences of critical government infrastructure being taken offline in a ransomware attack would be devastating,” he added.