DUE to the pandemic, people and organisations all around the world have increasingly relied on the internet and their devices to continue working remotely.

While a godsend to businesses everywhere in terms of continuity, unfortunately this new level of connectivity has also opened the floodgates for cyber attacks.

Sophos, a global leader in next generation cybersecurity, has identified ransomware as an increasingly damaging and costly type of malware attack in the last 18 months. Based on its research, the cybersecurity firm believes ransomware shows no signs of slowing down in 2022.

Ransomware is here to stay

Last year in July, the Malaysian Employers Federation (MEF) suffered a ransomware attack involving its encrypted accounting data causing its servers to be down for three days. Another attack also took place in September 2021 when a Malaysian web-hosting service was the target of a ransomware attack demanding US$900,000 in cryptocurrency.

According to the Sophos State of Ransomware 2021 Report, 59% of Malaysian organisations that avoided being hit by ransomware in 2020 expect to be hit in the future.

To help keep cybersecurity defenders up-to-date with what to expect in 2022, Sophos has released the Sophos 2022 Threat Report.

What to look out for in 2022

The report says that over the coming year, the ransomware landscape will become both more modular and more uniform, with attack “specialists” offering different elements of an attack “as-a-service” and providing playbooks with tools and techniques that enable different adversary groups to implement very similar attacks.

During 2021, Sophos researchers saw how attacks by single ransomware groups gave way to more ransomware-as-a-service (RaaS) offerings. Some of the most high-profile ransomware attacks of the year involved RaaS, including an attack against Colonial Pipeline in the United States by a DarkSide affiliate.

Established cyberthreats will continue to adapt to distribute and deliver ransomware. These include loaders, droppers and other commodity malware, increasingly advanced human-operated Initial Access Brokers, spam and adware.

Additionally, multiple forms of extortion by ransomware attackers to pressure victims into paying the ransom are expected to continue and increase in range and intensity.

In 2021, Sophos incident responders catalogued 10 different types of pressure tactics, from data theft and exposure to threatening phone calls and distributed denial of service (DDoS) attacks.

Sophos Malaysia cybersecurity expert Wong Joon Hoong

“Ransomware continues to thrive because of its adaptability and innovation. For instance, while RaaS offerings are not new, in previous years their biggest impact has been bringing ransomware within the reach of lower-skilled or less well-funded attackers. Now RaaS developers are creating sophisticated code and determining how best to extort the largest payments from their victims. They’re now outsourcing the tasks of finding victims, installing and executing the malware, and laundering stolen cryptocurrencies.

“Unfortunately, this is changing the cyberthreat landscape and common threats – such as loaders, droppers, and Initial Access Brokers that were around and causing disruption well before the ascendancy of ransomware – are being sucked into the seemingly all-consuming ‘black hole’ that is ransomware,” said Sophos Malaysia cybersecurity expert Wong Joon Hoong.

Sophos also expects that cryptocurrency will continue to drive cybercrimes such as ransomware and malicious cryptomining, which will continue to develop until global cryptocurrencies are better regulated by the authorities.

Start the new year with defence

To counter such evolving cyberthreats, you need well-trained and well-equipped counter-cybercrime and cybersecurity professionals. However, in Malaysia, there continues to be a significant lack of cybersecurity experts and mismatched skills. Understanding the landscape and its challenges, Sophos has a solution for this: The Sophos Managed Threat Response (MTR) team.

This team of experts proactively hunts, detects and responds to cyberattacks in real-time. It neutralises ransomware and other advanced threats before they can compromise your data. The ultimate round-the-clock service can rapidly identify and neutralise sophisticated and complex cyber threats that could otherwise go undetected.

“The stakes have never been higher and organisations need human eyes and hands to detect and respond to these business-crippling attacks. The service fuses machine learning with human analysis for an evolved approach to proactive security protection, helping IT teams to stay ahead of the attacks because no company – regardless of size – is immune to cyberattacks,” concludes Wong.

For more information on Sophos Managed Threat Response, visit https://www.sophos.com/en-us/products/managed-threat-response