Raj Samani, Chief Scientist. Image: Rapid7 New research study from cyber security firm Rapid7 has revealed the ransomware attacks that IT and security specialists are up versus in APAC are far from uniform, and they would be much better off tapping intelligence that clarifies attack patterns in their particular jurisdiction or sector.
Raj Samani, primary researcher at Rapid7, stated real ransomware risks often vary from assumptions based upon news coverage. Attack surface area research study exposed considerable existing vulnerabilities like open ports and storage buckets and dripped credentials, he included.
How ransomware dangers in Asia-Pacific vary by jurisdiction and sector
Rapid7’s research study on Asia-Pacific ransomware activity, performed during the last half of 2023, discovered differences based on business area and market, suggesting that organisations taking a blanket method to ransomware defense might be missing out on essential info.
For instance, the most common ransomware group targeting Australia was ALPHV, or BlackCat. The group was found to be mostly targeting the monetary sector, with some activity in the federal government and education sectors. The next greatest group was Trigona, followed by 8Base (Figure A).
Figure A
Ransomware groups targeting Australia by sector. Image: Rapid7 Japan was also assaulted most by ALPHV, though the biggest effect was felt by the tech sector, followed by manufacturing(Figure B). The next most significant attack groups for Japan were LockBit 3.0, again targeting manufacturing, and Royal, targeting monetary and innovation markets. Figure B
Ransomware groups targeting Japan by sector. Image: Rapid7 A side-by-side comparison of Australia with India shows that, although many hazard groups appear in both countries, there are distinctions in the prevalence of ransomware groups in various sectors; for example, LockBit 3.0 is big in India’s monetary sector however not in Australia’s (Figure C).
Figure C
Ransomware groups targeting Australia and India by sector. Image: Rapid7 More deviation in between sectors than expected by Rapid7 researchers Rapid7 concluded the breadth of danger groups was rather large for regionally-targeted ransomware campaigns, but the group that is most common different based on the targeted geography or sector. “We did expect more overlap in between risk stars between sectors,” Samani said.
“What was intriguing was the delineation and deviation in the typical hazard groups in the Asia-Pacific,” Samani explained. “We can see from the information there are active ransomware groups specifically pursuing private sectors or specific nations throughout APAC.”
Samani included that, while a CISO in Indonesia, Malaysia or China might be hearing a lot about LockBit or ALPHV, there may be other ransomware threat groups to fret about. “There are numerous other hazard groups that are hugely effective going entirely under the radar no one talks about.”
More Australia coverage
Attack surface area leaving organisations open to gain access to brokers
A concerning finding was how open organisations are to ransomware attacks. “We looked at the attack surface of sectors within markets like Australia, and asked if assailants were going to do reconnaissance and break inside for a ransomware attack, is this something that is simple to do?”
Rapid7 found that, while “the windows and doors” were not being left open for aggressors, they were being left “opened.” Samani pointed out the number of open ports and storage buckets, the access to and schedule of dripped credentials, along with unpatched systems in the area.
“These things are not attractive or amazing. However by taking a look at whether you have open or test systems on the web, or storage containers are locked down, you are starting to make it tough for access brokers, who are experienced at getting access and selling that on to danger groups.”
Rapid7’s analysis utilized device discovering to analyse the external access surface area of numerous sectors within the APAC region over the last half of 2023. It processed information readily available “beyond openRDP and unpatched systems,” including leak sites and compromised datasets.
Increase ransomware defence with an intelligence-based method
Ransomware attacks are on the increase in Asia-Pacific. A recent report from Group-IB discovered that, based upon companies with details published on ransomware information leak sites, regional attacks increased by 39% to a total of 463, with the most (101) occurring in Australia.
SEE: Cyber Security Trends to Enjoy in Australia in 2024
Rapid7 suggests organisations in the Asia-Pacific take a more intelligence-based, nuanced method to handling ransomware danger. Samani said they ought to not be prioritising or “hypothesizing based upon headings including organisations halfway across the globe.”
“Everyone talks about the same ransomware families. However no one has taken a seat to look and say, ‘Well, that does not truly apply here, what applies here is this group,'” Samani explained.
The firm argues that integrating external attack surface management and actionable intelligence to identify properties with vulnerabilities being exploited in the wild should take the greatest top priority, particularly when an attributed ransomware project is targeting the sector or location of the organisation.
“Getting that presence and intelligence is essential,” Samini stated. “That level of intelligence means you understand who you are up versus, and how to safeguard yourself.”