“Ransomware thrives because of its ability to adapt and innovate. For instance, while RaaS offerings are not new, in previous years their main contribution was to bring ransomware within the reach of lower-skilled or less well-funded attackers. This has changed and, in 2021, RaaS developers are investing their time and energy in creating sophisticated code and determining how best to extract the largest payments from victims, insurance companies, and negotiators,” said Chester Wisniewski, a principal research scientist at Sophos.

“They’re now offloading to others the tasks of finding victims, installing, and executing the malware, and laundering the pilfered cryptocurrencies. This is distorting the cyberthreat landscape, and common threats, such as loaders, droppers, and Initial Access Brokers that were around and causing disruption well before the ascendancy of ransomware, are being sucked into the seemingly all-consuming ‘black hole’ that is ransomware.”

That is one of the key trends highlighted in the recently released Sophos 2022 Threat Report. It contains a multidimensional outlook on the security threats and trends facing organisations next year by the security threat researchers, data science experts, threat hunters and rapid responders at Sophos, a global leader in next-generation cybersecurity with more than 30 years of experience. Ransomware, malware, mobile security, artificial intelligence, and the overall threat landscape are the five main topics covered in the report, with a special focus on the importance of balance between prevention and detection in cyber-defence strategy.

“The technology industry uses the term shift left to indicate that, when a business can tackle a problem early on, rather than letting it fester, that business can save itself a lot of time, money, and debt,” Sophos CTO Joe Levy wrote in the report. “You can’t effectively secure an application if you introduce security at the end of the development process, and you can’t effectively secure systems or networks if you surrender the idea that better prevention is achievable, or if you believe that either prevention or detection, alone, can solve modern problems in information security.”

Cyber adversaries have shown that they are upskilling their tech know-how and adapting their operations to be more effective and stealthier. Therefore, we cannot be complacent and must always be vigilant and continuously evolve our cybersecurity approaches and arsenal to be ahead of the game.

Wisniewski adds, “It is no longer enough for organisations to assume they’re safe by simply monitoring security tools and ensuring they are detecting malicious code. Certain combinations of detections or even warnings are the modern equivalent of a burglar breaking a flower vase while climbing in through the back window.

“Defenders must investigate alerts, even ones which in the past may have been insignificant, as these common intrusions have blossomed into the foothold necessary to take control of entire networks.”

The cybercriminals keep seeking out and abusing vulnerabilities in defence tools and mechanisms to their advantage. The threat report noted the presence of criminal distribution networks being used, among other things, to target and spread malware infections to infiltrate Android and iOS mobile devices and Linux systems. This includes a move from deploying either shotgun attacks or highly specific targeting of potential victims, to a hybrid of the two methods. In 2021, Sophos researchers reported on such attacks by Gootloader and BazarLoader, for example.

Next year, Sophos researchers expect cryptocurrencies to remain a mainstay, fuelling cybercrimes until digital currencies are better regulated worldwide. In addition, AI applications and powerful machine learning models will see accelerated use in threat detection and alert prioritisation. Cyberattackers will also start to use these technologies to craft more cunning techniques, from disinformation campaigns to spoof social media profiles and more.

A recent Europol-INTERPOL joint cybercrime conference stressed the importance of innovation and collaboration to counter emerging online criminal activities.  “Cybercrime is an urgent global security risk, costing trillions of dollars each year. To address what is a parallel crime pandemic, law enforcement and the private sector need to take strong, collective action,” said INTERPOL Secretary General Jürgen Stock.

Keeping up to date with the latest in the IT security industry and the online criminal community is an imperative component of prevention and detection measures against cyber intrusions. An in-depth view of the trends in ransomware services, commodity malware, attack tools, crypto miners and more is helpful when planning your organisation’s future cybersecurity strategy. Knowledge is power, and when the stakes are higher as more data is sent, received and stored online and in the cloud, one should never underestimate its impact. What you know and are prepared for could be your saving grace.

Read more on the trends in cybersecurity risks analysed and written by SophosLabs, Sophos Managed Threat Response, Sophos Rapid Response and Sophos AI teams in the Sophos 2022 Threat Report: Interrelated threats target an interdependent world.

Sophos products help secure networks used by millions of users in 150 countries and over 500,000 businesses. Sophos has support offices in the UK, US, Australia, France, Spain, Italy, Japan, and the Philippines, so you can access a support technician who speaks your language.

The post Shift left: Tackle cyberthreats at the start of the attack chain with prevention and detection appeared first on Tech Wire Asia.

Sophos’ The State of Ransomware 2021, which surveyed 5,400 IT decision-makers in 30 countries, provides a timely look into the impact of ransomware attacks on businesses around the world.

On average, 37% of companies fell victim to ransomware in the 12 months preceding the study. Of these, only 8% of organisations managed to get back all their data after paying a ransom, with 29% getting back no more than half.

Alarmingly, the study revealed that the global average total cost of recovery from a ransomware attack has more than doubled in a year, increasing from US$761,106 in 2020 to US$1.85m in 2021 with the average ransom paid being US$170k.

Chester Wisniewski, principal research scientist, Sophos, said, “Recovering from a ransomware attack can take years and is about so much more than just decrypting and restoring data. Whole systems need to be rebuilt from the ground up and then there is the operational downtime and customer impact to consider, and much more. Further, the definition of what constitutes a ‘ransomware’ attack is evolving.

“It is more important than ever to protect against adversaries at the door, before they get a chance to take hold and unfold their increasingly multi-faceted attacks. Fortunately, if organisations are attacked, they don’t have to face this challenge alone. Support is available 24/7 in the form of external security operations centres, human-led threat hunting and incident response services.”

Among the 3,353 companies in the survey that hadn’t suffered a ransomware attack in the last 12 months, 2,187 expected it would happen to them in 2021. Forty per cent of those thought it was “inevitable” they would be targeted. Be that a pragmatic or a pessimistic view, the advice given in the report’s conclusion is clear: assume you will be hit.

Fatalistic as it sounds, taking precautions doesn’t have to be a daunting as it seems. In fact, it’s akin to checking for traffic before you cross the road. After all, why wouldn’t you?

Like checking for traffic, helping lower the odds of being hit by ransomware involves several activities. Instead of finding a safe place to cross, looking both ways, listening out for traffic, and keeping alert while crossing, to avoid being victims of a cyberattack organisations should:

– Combine human expertise and technology to detect and prevent ransomware early on in its lifecycle.

– Deploy the above in multiple layers at different points: perimeter, email servers, cloud services, etc.

– Create a SOC or use a specialist cybersecurity company — see Sophos’ offering detailed below.

– Have a recovery plan in place that includes backups. Practise it. (The State of Ransomware Report shows that some of the sectors with no such plans were some of the most likely to be hit.)

– Don’t pay any ransom.

Some pragmatic solutions

In a climate where cyberattacks are increasing, it’s little wonder that expert cybersecurity staff are in short supply. In fact, according to Sophos’ The Future of Cybersecurity in Asia Pacific and Japan report, 62% of companies struggle to recruit people with the necessary cybersecurity skills. Creating that mix of technological and expert human protection is challenging for many organisations.

The Sophos Managed Threat Response (MTR) service is the perfect answer to address this problem. It combines dedicated, trained, expert personnel with the world’s best technology to identify threats and neutralise them before they are successful.

Detection is only a part of the battle; where MTR excels is the use of techniques, tactics and procedures to identify and take action against modern threats, all done according to users’ objectives.

Sophos MTR provides detail about any detected problem on which the correct level of remedial action can be taken — it’s down to context and the 24/7 support the Sophos experts provide in the event of any incident.

Sophos MTR helps to stop ransomware attacks before they start; ensuring proactively that security policies and incident response actions are in place to nullify any attempt at the data encryption or exfiltration that can cripple an organisation’s operations and brand.

The adage of “when not if” a cyberattack happens remains true, but so is the concept of “low hanging fruit.” Propagating ransomware is a numbers game and that’s why removing the organisation from the list of easy targets can reduce the chance of attack.

There are plenty more insights to glean from The State of Ransomware Report 2021, and, to learn more about Sophos’ Managed Threat Response service, click here.

The post Can your organisation survive the ransomware onslaught? appeared first on Tech Wire Asia.

In fact, reports of a new attack or breach every week in the media demonstrate just how susceptible every internet user is while going about their daily business. And, with the unusual circumstances of 2020, the ferocity and number of attacks have increased.

The Sophos 2021 Threat Report flags how fast-changing attacker behaviours and ransomware, from advanced to entry-level, will shape the threat landscape and IT security in 2021. The report provides a three-dimensional perspective on security threats and trends, from their inception to real-world impact.

The report points out some of the more alarming tendencies of bad actors that have had dramatic impacts on victims. Covering key trends, it reads as a canonical source of how malware threats have evolved, methods have changed and, by proxy, how cybersecurity specialists need to revisit their strategies.

The rise of ransomware

Right up there among the biggest threats to any organisation is ransomware. But as many attacks have shown this year, demands for money to decrypt frozen hard drives no longer seem sufficient for many cybercriminals. In some cases, ransomware criminals threaten to leak exfiltrated data from affected hardware in an attempt to extort further monies from victim organisations. This renders companies with even the most rigorous backup procedures open to a ransomware attack as they strive to stop sensitive information ending up on the internet.

In part, this trend is increasing as ransomware gangs collaborate to share tips and tricks with their cybercriminal counterparts. The Sophos report likens this collaboration to a traditional crime cartel in that disparate groups seem to be sharing the best methods to further all bad actors’ chances of success. After successful attacks, the fees demanded are also rising, making ransomware one of the most lucrative ways of extorting money on the internet today.

Collaboration to beat everyday threats

Collaboration among malware gangs is a relatively new development (instances of crime-as-a-service are on the up), but white hat companies are also working together more readily than ever before. A positive from the report is that many companies like Sophos pool information with their peers from other organisations. That has been especially valuable in light of the increased threats from bogus sites of Coronavirus information and the expanded attack surface of remote workforces.

The Sophos 2021 Threat Report also shows that many attacks are via common vectors, such as internet-facing RDP and VPN servers. While these systems are easily patched and protected, it doesn’t mean that IT teams are always on top of the most up-to-date requirements, effectively leaving the backdoor unlocked for the bad guys to get in.

In many cases, human action is still required to ensure loopholes are securely closed. The responsibility for that falls not just to cybersecurity professionals, but to every person within an organisation as they must be aware of the role they play in ensuring their own cyber vigilance. Once ransomware is established via whatever route, it is often too late for organisations to react proactively, the report notes, and the human element on any network remains the most common cause of data loss or breach. Teaching both end-users and cybersecurity teams best practices in online behaviour remains the best single way to address threats.

As threats and attack methods evolve, keeping up to date and protected is a daily challenge. Many organisations also deploy the element of continuous human involvement in the form of an around-the-clock team of experts, provided as-a-service. After all, getting notifications about security issues is one thing, but having someone act on these instantly, removes the logistical and resource problems that can follow.

After the doors have been firmly locked to keep out bad actors, security-as-a-service personnel could be regarded as virtualised security guards, ever-vigilant against new threats as they appear.

A multi-layered approach to protection

No single method of software — or hardware-based protection — is considered sufficient by any cybersec professional. What’s required is a multi-layered cybersecurity approach, where perimeter, endpoints, and network routes are all overseen by specialist tools or a single platform that comprises those multiple, focused, specialist parts. That type of multi-layered solution combined with human-led teaching about online hygiene is the best combination to thwart most attacks.

The Sophos 2021 Threat Report reveals that the main incentive for attackers by far is monetary gain, and, thanks to automation, bad actors are playing an effective numbers game. Easy targets will always be singled out as hackers do not want to work particularly hard for their income. With the right tools and training, organisations can remove themselves from the category of easy victim.

A lack of moral code amongst cybercriminals has been made even more apparent in 2020, with hospitals and caregivers during the year targeted just the same as any big company. Among many incidents, students in Singapore had their online lessons suspended after some inappropriate hacking instances occurred during the country’s lockdown. The unfortunate truth remains: nothing is sacred, and nothing is safe.

Acting now to better protect the network should be every cybersecurity professional’s new year’s resolution. You can learn more about what 2021 has in store in the Sophos 2021 Threat Report here, and the company’s training and education resources can be accessed by this link.

The post Educate, patch, survive, repeat — the 2021 Sophos Threat Report appeared first on Tech Wire Asia.

There are, it seems, many applications running over the enterprise’s infrastructure which are either unknown, unidentified or simply not monitored nor examined for possible malicious activity.

While the volume of network traffic has undoubtedly risen (VoIP and IoT data carried on the same infrastructure as server and endpoint activity, for example), what is more relevant is the increased use by malicious parties of cloaking methods. These include encryption, browser or well-known protocol emulation, and deployment of file-less malware.

Sophisticated network exploits which use this latter technique, such as MimiKats and EternalBlue, will indubitably continue, as well attacks which continue to use successful and increasingly refined vectors, such as email phishing.

Sophos’ XG Firewall adds deep-learning and sandbox technologies to its physical devices (and downloadable software version) to stop zero-day threats and malware of new, emerging and these refined, evolving types.

Using sandbox environments means that data-testing mechanisms can be highly aggressive with regards to memory use, network motility, and malware behavioural analysis. These methods of detection would not be viable with traditional firewalls as processor and resource overheads would be too high. However, by pushing potential problems to the cloud for such analysis, the protected organization is not affected – neither by security system overheads nor by infected payloads.

Sophos provides a fully integrated cybersecurity system which collates network-based attacks and endpoint threat mitigation into one overarching provision. This can stop advanced threats and prevent small, isolated incidents from turning into network-wide outbreaks.

Infected machines can easily be isolated, either manually or via automated rules, and the affected devices can then be treated quickly.

Sophos’ survey revealed that 3.7 days of working time are lost per month remediating infected machines in an averagely-sized network (100 to 1,000 machines), and the business imperative of ensuring increased system safety and uptime drive the Sophos business.

Sophos’ solutions include all traditional methods of network protection, including email threat mitigation (Sophos Sandstorm), IDS (intrusion detection system), application-layer packet filtering, in conjunction with continuous anomalous activity scans.

The majority of organizations agree that the lack of application visibility is a huge security concern, but Sophos’ survey revealed that nearly one in four IT managers could not identify 70 percent of the source in their network traffic.

It is perhaps not surprising then that the same managers (79 percent) wanted better protection from their firewalls, and there was a universal desire (99 percent of respondents) for firewall technology that can automatically respond to isolate infected machines, minimizing time spent remediating problems.

Sophos’ continuously-evolving security technology is powering the next-generation of IT security provision; the company pioneered the concept of synchronized security – intelligence sharing between network protection devices and endpoints.

The company’s network of SophosLabs helps it to provide predictive protection, improved detection and response times, and the necessary agility to prevent today’s stealthy and quickly-shifting threats.

While there has not been a dramatic increase in the total number of threat types in the last 12 months, existing threats are becoming more sophisticated and therefore more difficult to defend..

Cybercriminals are perfecting and honing their activities: for instance, choosing ransomware attacks and phishing emails for their proven results and refining them for effective reuse.

Only by unifying network & endpoint security measures and intelligent data monitoring can organizations’ digital backbones be protected from malware and unwanted activity.

“If you can’t see everything on your network, you can’t ever be confident that your organization is protected from threats. IT professionals have been ‘flying blind’ for too long and cybercriminals take advantage of this,” said Dan Schiappa, senior vice president and general manager of products at Sophos.

“With governments worldwide introducing stiffer penalties for data breach and loss, knowing who and what is on your network is becoming increasingly important. This dirty secret can’t be ignored any longer.”

The Dirty Secrets of Network Firewalls can be read in all its detail here, or viewed in condensed format here (also see the embedded video above). Get in touch with a local Sophos representative in your area to find out about how its next-gen cybersecurity solutions can help your organization.

The post Your network admin may be in the dark, but Sophos casts light on cybersecurity appeared first on Tech Wire Asia.

But what about everyone outside the US who wants to join in the fun?

On iOS, there’s not a lot you can do to install apps from alternative markets, because Apple only officially supports the App Store for downloads.

On Android, however, there’s an option called “Allow apps from untrusted sources” that opens up your phone to software from anywhere, not just Google Play.

So, millions of people all over the world are deliberately lowering their Android security settings to pirate Pokémon GO from unofficial download sites.

Is it safe to do this?

After all, millions of people have already pirated the app, apparently without anything bad happening, so surely the many millions who follow the crowd will be OK, too?

Cybercrooks love this sort of “herd risk taking,” because they can take advantage of it.

Indeed, we’ve already seen a modified version of Pokémon GO that looks and plays identically to the original, but includes Android spyware known as DroidJack that can watch you via your camera, track you via GPS, intercept your text messages, listen in to your calls, and more.

And the burning question is, “If you downloaded a hacked version of Pokémon GO by mistake, would you be able to spot the imposter?”

Google Play has seen enough malware sneak through recently to remind us that even the guys who make the rules can’t always tell the difference.

Check out our Naked Security article to understand the risks of “remixed” unofficial downloads, and why it isn’t always easy to tell good apps from bad ones, at least without expert help.

Our tips:

• Avoid apps with a poor or non-existent reputation. Don’t trust an app about which no one yet seems to know anything.
• Stick to Google Play if you can. Despite various recent failures, it’s still safer than unregulated Android markets where anything goes.
• Use an Android anti-virus. The Sophos Mobile Security product is free, and protects you automatically from malicious and low-reputation apps.
• Manage your business phones centrally. Sophos Mobile Control, for example, allows you to take control of options such as whether to allow untrusted app sources on phones used for work.

Oh – one more thing.

Pokémon GO requires you to walk around in real life while watching your mobile phone screen.

As the app itself reminds you, every time it starts up, “Remember to be alert at all times.”

The post How many of your staff installed a pirated copy of Pokémon GO? appeared first on Tech Wire Asia.