This article first appeared in Digital Edge, The Edge Malaysia Weekly on October 18, 2021 - October 24, 2021

Cyberthreat actors are constantly adapting to the changing security landscape as they upgrade their tools and amplify their strategies to exploit network vulnerabilities. With the implementation of remote work, businesses of all sizes have been the target of cybercriminals during the Covid-19 pandemic.

Employees connecting to corporate resources from often poorly secured home networks and devices have served as an entry point for ransomware attacks, and various social engineering techniques such as phishing and CEO fraud target this weakness.

According to a recent Global Threat Landscape Report from FortiGuard Labs, ransomware attacks increased sevenfold in the last half of 2020 and became even more disruptive. The report also shows a steady increase in ransomware attacks involving data exfiltration, which subsequently leads to extortion and threats to release the data if the ransom is not paid.

In Malaysia, the National Cyber Security Agency (NACSA) observed increasing incidents of cyberattack campaigns, including business email compromise, malware, ransomware, and phone scams. According to official statistics, a total of 1,122 cybersecurity incidents were reported to the Malaysia Computer Emergency Response Team in June — the highest figure in the last eight months.

Targeting a disrupted and unsuspecting remote workforce, cybercriminals trick users into divulging critical data such as access credentials or passwords and other personal identifiable information.

The attack sequence starts by exploiting people’s concerns about the pandemic, as well as other social events such as elections and major sporting global events.

Upon gaining access to the employee’s computer system, hackers will then deploy the malware, which spreads across the network. Once enough systems have been compromised, the hacker triggers the malware to encrypt all infected systems, rendering the files and data on those devices inaccessible to the organisation.

The hacker then attempts to extract a monetary payment from the organisation in exchange for the key needed to decrypt the compromised files. Anxious to regain control of their data and avert potential leaks of confidential proprietary information should hackers sell it on the darknet, some organisations cooperate with the perpetrators. As the attackers have the power to inflict reputational, financial and legal damage to the company, the victim organisations are compelled to negotiate with the attackers and pay a ransom. High-profile cases such as the Colonial Pipeline attack in May this year highlight the potential of cyberthreats in holding critical systems at ransom and hampering systems’ abilities to deliver essential goods and services.

Protecting organisations from a ransomware attack should involve keeping updated backups of critical files offline and scanning devices that are trying to access the network to offload malware. However, beyond these steps, companies should also understand how ransomware attacks work.

With remote and hybrid work set-ups, phishing is the primary starting point for other forms of cybercrime such as ransomware. Thus, cybersecurity awareness and training should not be limited to IT teams and must be extended to all employees to keep cyberattacks at bay. By providing employees with training on cybersecurity hygiene best practices and keeping them informed on the current security threats, businesses can improve their overall cybersecurity posture.

The primary goal of ransomware attacks is to encrypt the victim’s files. Rather than fight this process, IT security teams can beat cyberattackers at their own game by surreptitiously redirecting them to take over fake files intentionally created and placed on the network.

This allows organisations to create a fabricated network that automatically deploys attractive decoys that are indistinguishable from the traffic. This pseudo network is then seamlessly integrated with the existing IT and operational technology infrastructure to lure attackers to reveal themselves.

Once the ransomware compromises an endpoint and starts to encrypt local and network drives, the decoy can immediately detect its malicious activity and simultaneously isolate the infected endpoint to immediately protect the rest of the network. By using the ransomware’s encryption activity against itself, security teams can locate the ransomware, limit its movement and mitigate its impact.

To protect organisations both in the private and public sectors against cyberattacks, NACSA rolled out a CyberSecurity Strategy for 2020-2024. With this plan, initiatives to help boost cybersecurity will revolve around investments on upskilling and reskilling people, improving processes and ensuring that the innovation and technologies needed to establish a strong cybersecurity posture are in place.

By adopting an integrated approach, the strategy aims to strengthen the country’s capabilities to predict, detect, deter and respond to cybersecurity threats. This can be achieved through structured governance, a competent and robust talent base, established cybersecurity processes, and the deployment of effective technology. With cybersecurity initiatives in place, Malaysia takes the eighth spot out of 194 countries in the Global Cybersecurity Index published by the International Telecommunication Union.

However, it is also important to keep in mind that no sector or country is safe from ransomware. Ransomware will continue to be a hot topic for the rest of 2021 and beyond as cybercriminals continue to target organisations’ critical data and assets for financial gains. IT security teams should utilise all available technologies and methods to protect their companies’ networks against cyber intrusions.

Alex Loh is country manager of Fortinet, a US-based firm that specialises in cybersecurity solutions

Save by subscribing to us for your print and/or digital copy.

P/S: The Edge is also available on Apple's AppStore and Androids' Google Play.