30% of security incidents investigated by Kaspersky in the META region were related to Ransomware
Incident response (IR) implies companies calling in a team after a security breach to prevent an attack from spreading and limit the damage. In 2021, almost a third of the security incidents (30%) investigated and handled by Kaspersky in the Middle East, Turkey and Africa were connected to ransomware. The majority of cases investigated were related to government, IT and industrial sectors in the region.
Ransomware remains a major threat to the growth and security of key economic sectors. Ransomware operators have refined their arsenal, focusing on fewer attacks against large-scale organizations, as is evident from Kaspersky’s telemetry, where there is an increase of 2.5% in targeted ransomware attacks in the gulf region.
To start such high-level attacks, cybercriminals need to first gain access to their target. They use a variety of methods to first infiltrate organizations. To carry out complex attacks, more than often, vulnerability exploitation is a common initial attack method used to gain access. More than 53% of infiltrations globally took place through exploiting public-facing applications. This was followed by the usage of compromised accounts (18%) and malicious email (14%).
The majority of the cyberattacks that were investigated by Kaspersky’s incident response team had already been ongoing and remained unnoticed for weeks and months on end. This is particularly alarming since the more cybercriminals lurk in the network, the more damage they could cause. To avoid such instances, organizations should rely on intelligence-driven detection solutions that are able to detect abnormalities within a network – This will help in early detection and response and reducing cost and losses. Kaspersky experts spent 50 hours on average to identify, contain and eliminate the attacks.
“The dangers posed by high-level cyberattacks are not expected to be resolved soon. In 30% of the security incidents, attackers made usage of legitimate tools used by organizations. This goes on to prove that security controls need to have strong visibility and need to be managed efficiently. Organizations should employ a tool stack that can provide Endpoint Detection and Response capabilities, constantly check the reaction time of security operations with offensive exercises and assess and validate the usage of legitimate tools often used by cybercriminals to gain access to organizations,” said Ayman Shaaban, Digital Forensics and Incident Response Manager at Kaspersky.
For organizations to protect themselves against cyberattacks and intrusions, Kaspersky recommends:
- Implement a robust password policy and multifactor authentication.
- Remove management ports from public access.
- Set zero-tolerance policy to patch management or compensation measures for public-facing applications.
- Ensure employees maintain a high level of security awareness.
- Always back up data.
- Work with an Incident Response Retainer partner to address incidents.
- Invest in tools such as the Kaspersky Endpoint Detection and Response that provides greater visibility into your organization’s endpoints and continually monitors to identify suspicious activity and respond to malicious cyber threats in real-time.
- Continuously train your incident response team to maintain their expertise and stay up to speed with the changing threat landscape.