September 12, 2024
Kaspersky Industrial Control Systems Computer Emergency Response Team (ICS CERT) reported in Q1 2024 that a total of 30 incidents were confirmed by victims from transportation and logistics, utility, energy, engineering and mining. And, the most recent on our shore, a public transportation operator confirmed that it has experienced a cyberattack.
While the public transportation operator did not share the details of the cyberattacks, but the industry observers have noted could be linked to ransomware.
Ransomware remains a formidable cybersecurity threat and continue impacting be it large or small companies and individuals globally. Kaspersky research uncovers a concerning trend, where every third cyber incident in 2023 was attributed to ransomware attacks.
Kaspersky researchers have observed a significant 23% surge in attacks targeting vulnerable Windows drivers during the second quarter of 2024. These exploits can be weaponised for a variety of malicious activities, including ransomware and advanced persistent threat (APT) campaigns. BYOVD (Bring Your Own Vulnerable Driver) attacks leverage vulnerabilities in system drivers to circumvent security controls, escalate privileges, and execute malicious payloads like ransomware. These attacks are often employed by advanced threat actors to establish persistent footholds for sabotage operations.
According to Yeo Siang Tiong, General Manager of Southeast Asia at Kaspersky, despite being a legitimate software, system drivers can harbour vulnerabilities that malicious actors can exploit.
“Attackers employ diverse techniques to install these vulnerable drivers on target systems. Once loaded by the operating system, these drivers can be weaponized to bypass the kernel’s security protections and execute malicious code,” says Yeo.
According to Kaspersky Security Network, servers hosted in Malaysia reported 358,788 incidents during Q2 2024. In the same period, Kaspersky products detected 4,620,534 local incidents on the computers, where worms and file viruses account for most of such incidents.
Kaspersky products also detected 9,730,685 different internet-borne cyberthreats in Q2 2024.
“We praise the Malaysian government swift and decisive response with the Cyber Security Act comes into forces recently. This act will bolster cybersecurity measures in the country. As ransomware-as-a-service offerings proliferate and cybercriminals launch increasingly sophisticated assaults, the cybersecurity landscape faces a growing threat. To counter this pervasive threat, companies must prioritise robust cybersecurity defenses.” adds Yeo.
Kaspersky experts encourage companies to follow these best practices that help safeguard against ransomware:
- Always keep software updated on all the devices you use to prevent attackers from exploiting vulnerabilities and infiltrating your network.
- Focus your defence strategy on detecting lateral movements and data exfiltration to the internet. Pay special attention to outgoing traffic to detect cybercriminals’ connections to your network. Set up offline backups that intruders cannot tamper with. Make sure you can access them quickly when needed or in an emergency.
- Enable ransomware protection for all endpoints. There is a free Kaspersky Anti-Ransomware Tool for Business that shields computers and servers from ransomware and other types of malware, prevents exploits and is compatible with already installed security solutions.
- Set up a security operation centre (SOC) using an SIEM (security information and event management) tool like Kaspersky Unified Monitoring and Analysis Platform (KUMA), which provides real-time analysis of security events generated by any data source, such as applications or network hardware. Provide your SOC team with access to the latest threat intelligence and regularly upskill them with professional training. All of the above is available within Kaspersky Expert Security framework.
- Install anti-APT and EDR solutions, enabling capabilities for advanced threat discovery and detection, investigation and timely remediation of incidents.
- Assess and audit your supply chain and managed services access to your environment. Kaspersky offers compromise assessment services.
- Use the latest Threat Intelligence information to stay aware of actual TTPs used by threat actors.
- To protect the company against a wide range of threats, use solutions from Kaspersky Next product line that provide real-time protection, threat visibility, investigation and response capabilities of EDR and XDR for organisations of any size and industry. Depending on your current needs and available resources, you can choose the most relevant product tier and easily migrate to another one if your cybersecurity requirements are changing.