Kaspersky launches XDR platform to combat growing ransomware threats in Southeast Asia
- Kaspersky has responded to the increased risk of targeted ransomware attacks on businesses in SEA by introducing the Kaspersky Extended Detection and Response (XDR) platform.
- Kaspersky’s latest data indicates that Lockbit, a targeted ransomware group, attacked 115 businesses in SEA.
Digital kidnappers are targeting enterprises in Southeast Asia (SEA), and global cybersecurity company Kaspersky predicts that this trend will continue in the coming years, albeit in more sophisticated and targeted ways. Ransomware, a type of malware that locks computer and mobile devices or encrypts electronic files, is used by cybercriminals to demand a ransom in exchange for a decryption key or the return of data.
Ransomware has evolved as a threat since the first known attack in 1989; and since 2016, attackers have shifted from targeting users to larger enterprises. High-impact incidents, such as the WannaCry ransomware attack, have caused estimated damages of up to US$4 billion. Ransomware groups continue to target enterprises worldwide, including those in SEA, due to the high return on investment.
Kaspersky warns about the advancements in ransomware
Kaspersky is taking proactive steps to combat the escalating danger of targeted ransomware attacks on businesses in Southeast Asia. Its latest move is the introduction of the Kaspersky Extended Detection and Response (XDR) platform, which offers comprehensive protection against such attacks through its multi-layered defense mechanisms. Kaspersky reports that there has been a significant increase of almost 181% in daily ransomware attacks worldwide in the last year, resulting in approximately 9,500 encrypted files per day.
The attackers behind these attacks constantly improve their tactics and tools to demand higher ransoms and create a greater reputational impact. In 2020, Kaspersky warned of the rise of Ransomware 2.0, which employs highly targeted attacks and “pressure tactics” to achieve these goals.
Targeted ransomware groups have emerged as a new form of extortion in the past two years, using tactics such as reselling hacked data or files, conducting DDoS attacks, and launching targeted phishing campaigns. This tactic has been dubbed Ransomware 3.0.
Kaspersky’s latest data indicates that Lockbit, a targeted ransomware group, attacked 115 businesses in SEA. However, the affected enterprises prevented these attacks using Kaspersky’s B2B solutions. The Lockbit ransomware group, which operates as a ransomware-as-a-service provider, has successfully targeted major companies worldwide, including a major IT service provider (allegedly demanding a $50 million ransom), a private school in Malaysia, and a food manufacturer in Singapore.
Lockbit: The most active targeted ransomware group in SEA
This notorious group targets organizations with highly targeted ransomware and frequently updates their malware. The most recent version of Lockbit is Lockbit 3.0.
“Malicious actors, like Lockbit ransomware group, invest considerable time in up-front intelligence gathering to determine who they will target, how they will target them, and the optimal timing of their attack. This level of pre-planning makes attacks more sophisticated and, therefore, harder to catch. Combine this with their double and now the emerging triple-extortion models, modern targeted ransomware groups are set to disrupt more enterprises in SEA if we are not equipped enough to nip them on the bud,” warns Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky.
Yeo notes that malicious actors such as the Lockbit ransomware group invest significant time in gathering intelligence upfront. This process includes identifying targets, determining the best method to attack them, and selecting the optimal timing for the attack.
“This level of pre-planning makes attacks more sophisticated and therefore harder to catch. Suppose we need the necessary tools to stop them early on. In that case, modern targeted ransomware groups now employ double and even triple-extortion models that will continue to disrupt more businesses in SEA,” he warns.
Equipping organizations to combat targeted ransomware attacks
Yeo also mentioned that to assist enterprise security teams that are often overwhelmed and understaffed, Kaspersky has combined its various security tools into a unified security incident detection and response platform called Kaspersky Extended Detection and Response (XDR). This platform offers enterprises multi-layered protection and threat-hunting capabilities for their existing Security Operations Center (SOC).
Kaspersky’s XDR offers adaptability for organizations of all sizes and ease of use. In addition, it includes reliable threat intelligence data from Kaspersky Security Network (KSN) to enhance detection capabilities. The platform is a multi-layered security technology that provides solutions and cybersecurity expert services. It uses a proactive approach by coordinating various security tools into a unified security threat detection and response platform.
READ MORE
- 3 Steps to Successfully Automate Copilot for Microsoft 365 Implementation
- Trustworthy AI – the Promise of Enterprise-Friendly Generative Machine Learning with Dell and NVIDIA
- Strategies for Democratizing GenAI
- The criticality of endpoint management in cybersecurity and operations
- Ethical AI: The renewed importance of safeguarding data and customer privacy in Generative AI applications