McAfee Enterprise, the US-based cybersecurity company, had recently released Advanced Threat Research Report: October 2021 that put a spotlight on cybercriminal activity. The report mainly focussed on ransomware and cloud threats in the second quarter of 2021.
According to the report, the government institutes were the most targeted sector in Q2 of 2021 with a 64% increase in publicly reported cyber incidents. The government institutes were also the most targeted sectors by ransomware in Q2 of 2021 followed by telecom, energy, and media & communications. Financial services were targeted the most among reported cloud incidents, followed by Healthcare, Manufacturing, Retail, and Professional Services. Q2, 2021 saw the emergence of Singapore as one of the top 10 countries with the most cloud threat incidents reported.
In order to learn more about the report and get some insights into the data source for the report, we talked to Jonathan Tan, Managing Director for Asia at McAfee Enterprise. The following are the responses from McAfee Enterprise-
We can understand why the Finance sector would be the most targeted by cloud threats, but what about the manufacturing, healthcare, energy and the telecom sector. What are the particular gains from cyber-attacks on these sectors?
It’s all about data – the ‘new oil’ of the digital economy today. McAfee Enterprise research previously found that 83% of organisations store sensitive information in the cloud, and 1 in 4 companies using public cloud services have experienced data theft by a malicious actor. In the dark web, such stolen data can be sold for a significant amount of money, such that data theft is now an increasingly lucrative trade for these sophisticated cybercriminals.
From the manufacturing to healthcare, energy and telecom sectors, all these industries hold sensitive data that has real value in dollars and cents. More than that, these industries have also seen a rapid increase in the adoption of cloud-based solutions as they find these alternatives cost-effective and flexible when compared to physical infrastructures The manufacturing industry finds the migration to the cloud necessary to support their system innovation and processes to store data, like warranty data and confidential engineering specifications. The healthcare industry, in particular, often stores sensitive patient data – a highly coveted asset among cybercriminals.
Another reason to target these sectors for their valuable data shifting cloud security to accommodate a more flexible pandemic workforce and the reality is that most organizations often only have basic security solutions which may introduce serious cloud security vulnerabilities. Organisations that have suffered major financial loss or disruptions are wake-up calls on why organisations should be investing more in security solutions for peace of mind for their businesses and the future.
According to McAfee Enterprise’s Cloud Adoption and Risk Report, the manufacturing industry saw the largest spike of 144% in enterprise use of cloud between January and April 2021, significantly higher than the average overall enterprise increase of 50%. In the same time period, there was also a 630% leap in external attacks on the cloud. With the rapid shift in the adoption of cloud-based solutions, organisations, especially those who are just moving to the cloud, were likely caught by surprise – turning them into prime targets for cybercriminals.
As per your observations, why was the government sector targeted for ransomware in Q2 of 2021?
Governments provide critical infrastructure that cannot afford disruptions that will bring these public services to a standstill. What’s more, the government houses highly sensitive information and a data breach could potentially escalate into an issue of national security. The high-stakes environment in which governments operate render ransomware a particularly powerful weapon against them, such that the government sector may be relatively more willing to pay a ransom than risk the fallout.
Governments also operate at a scale that is far greater than most organisations in the private sector. As government agencies move more and more mission-critical applications and services to the cloud as part of their ‘’cloud-first’’ agenda, and with the digitalisation of the public sector and its associated services, the extent of its attack surface is growing rapidly. Without the necessary safeguards in place, the government sector can easily become a vulnerable target for malicious actors.
That said, ransomware attacks in the government sector are not inevitable. Regulators and policymakers must take steps to mitigate such threats and put in place a comprehensive national cybersecurity plan. There needs to be a data-based discussion with leadership to decide how to balance the daily blocking and tackling of threats with limited complication to the continuation of operations. On a wider scale, governments will need to come together to share intelligence and take action against criminal groups. Singapore, for instance, is leading the way in ASEAN, with the launch of a new regional cybersecurity training centre that will facilitate conduct research, knowledge sharing and cybersecurity training among ASEAN member states. We believe that this is a step in the right direction towards building a safe and secure cyberspace in Asia.
Give us some instances of some dire consequences of ransomware and cloud threats in the recent period in Asia.
Ransomware attacks often result in data leaks that can damage an organisation’s reputation and have far-reaching consequences for affected individuals. Earlier this year, an insurance group in Asia was hit by a targeted ransomware attack, resulting in the theft of customer data such as medical records, screenshots of IDs and passport pages, as well as bank documents. In the worst-case scenario, malicious actors can use such personal information to commit identity theft.
Identity theft is often a stressful and traumatizing experience that can cause financial fallout and other long-lasting repercussions. For instance, malicious actors may use a stolen identity to get away with crimes like a traffic violation or misdemeanour. Left in the dark, victims may not even know that there is a criminal record tagged to their name, which could even affect their job applications or credit score.
Asia has also seen a few ransomware threats on critical public health infrastructure, with major hospitals in Indonesia and Thailand falling victim to such attacks. In Thailand, the cyber-attack damaged patient medical records, cut off the hospital’s landline telephone and rendered its patient database inaccessible. Such disruptions could delay the delivery of vital medical services, posing a serious risk to public health and safety.
Unfortunately, it is not only healthcare data that is vulnerable to attacks and poses serious risks. As the healthcare industry looking to invest in healthcare IoT devices and cloud adoption, they must first ensure that the security features built into the IoT devices are updated regularly. For example, McAfee Enterprise found critical vulnerabilities in two types of medical infusion pumps that are used to deliver medication into a patient’s body. With more than 200 million IV infusions administered each year globally, this has significant implications for the global healthcare industry. These vulnerabilities could be maliciously exploited to modify a pump’s configuration, posing the risk of an unexpected dose of medication being delivered to a patient.
Clearly, ransomware is a growing threat that can inflict significant damage on businesses and their customers. While it may be tempting to give in to a ransom demand, doing so would only reinforce the idea that ransomware is a viable business model – and even encourage more attacks in the future. In the long run, organisations need to address the root cause of ransomware threats by taking precautionary measures and keeping their cybersecurity systems up-to-date.
As per an email interaction with Ujal Nair