Can Small APAC Firms Respond to Growing Ransomware Threat?Attacks on Small Businesses Could Cripple Asian Supply Chains, Experts Warn
A spate of high-profile ransomware attacks shows that the Asia-Pacific region is squarely in the crosshairs of cybercriminal groups, and some fear that attackers are turning to smaller, regional businesses even less prepared to defend themselves.
See Also: 2022 Unit 42 Incident Response Report
In recent months, attackers have targeted the manufacturing sector, most recently when the BlackCat group held Japanese watchmaker Seiko for ransom and then released the company's intellectual property on a data leak site. In July, LockBit 3.0 attacked the Port of Nagoya, Japan's largest cargo hub, and held up shipments of Toyota auto parts containers for two days. The groups previously attacked Toyota's Hino Motors and Daihatsu Motor Corp. plants, as well as an Indian rocket propellant manufacturer.
Smaller, regional organizations have also been hit by attacks, and recent figures indicate the Asia-Pacific's growing economic footprint and interactions with the West have made the region a treasure trove for financially motivated crime groups.
In a detailed analysis of ransomware group leak sites, Akamai observed a 204% surge in ransomware victims in the APJ region from Q1 2022 to Q1 2023, and the LockBit ransomware group was the dominant force (see: APJ Ransomware Victim Count Has Doubled Since 2022).
Though LockBit mainly targeted manufacturing, business services and construction companies, Akamai noticed a growing trend of ransomware groups heavily targeting smaller organizations in the region and earning an estimated $50 million in ransoms.
Small Businesses in the Crosshairs
Akamai said the most prominent ransomware groups target small businesses as much as they target larger, cash-rich businesses. "We surmise that smaller companies have limited security resources to combat the hazards of ransomware, which makes them more vulnerable and easier to infiltrate, and they have the capacity to pay the ransom," Akamai said.
A majority of ransomware victims in the region in recent months are businesses with revenue of up to $50 million. Small and medium-sized companies that suffered ransomware attacks were 10 times more likely to get hit than those with revenues exceeding $500 million.
Hyderabad-based data analytics company Netenrich in August identified a ransomware strain that's a spinoff of the Adhubllka ransomware family, whose operators targeted only small businesses and demanded ransoms of between $800 and $1,600.
Cyber investigations company Coveware also found evidence of ransomware operators targeting smaller companies that "are large enough to pay a 'big game' ransom amount but small enough to keep attack operating costs and resulting media and law enforcement attention low."
Small Business Need Capacity and Know-How
Jonathan Hung, board chairman at Singapore Space and Technology Limited, told Information Security Media Group that many small or medium-sized tech companies in Singapore handle sensitive data and face numerous threats including ransomware, data breaches and intellectual property theft, so it is essential for these companies to secure their data before they expand their operations.
But these companies do not truly appreciate various elements of connectivity, such as harmonizing data, having unified dashboards and conducting centralized data analysis. With a better understanding, they can design more secure systems but, unfortunately, today's technology companies are in a race against time to get to market and do not have the resources or the time to invest in cybersecurity, Hung said.
"Most medium-sized and small technology and space companies, especially startups, traditionally viewed cybersecurity as a separate division but due to limited personnel and the need to secure their IPs, cybersecurity is slowly cutting across more elements of the business and percolating into the organizational culture," he added.
Hung said small technology companies cannot afford cybersecurity products built for their larger peers, but the pace of innovation at technology companies is moving rapidly and smaller cybersecurity companies are also making their presence felt by offering solutions to the midmarket.
Why Most Ransomware Prevention Efforts Aren't Enough
Tithirat Siripattanalert, group chief information security officer at Bangkok-based True Digital Group, told ISMG that organizations - whether small, medium-sized or large - must realize that many vectors for cyberattacks exist and that they need a 360-degree approach to securing systems and data. "A 360-degree approach must include investments in two-factor authentication, awareness training, artificial intelligence-enabled capabilities to detect malicious attacks, extra protection and detection capabilities, and attack surface management," she said.
Siripattanalert said decision-makers cannot afford to prioritize one aspect of cybersecurity over the other, considering the varied ways in which cybercriminals attempt to bypass organizational defenses. For instance, no amount of cybersecurity education is enough if IT security teams lack visibility over peripheral internet-connected devices because of shadow IT.
Zero Trust to the Rescue?
Daryl Pereira, Asia-Pacific CISO and cyber lead at Google Cloud, said zero trust should be at the core of securing user accounts and devices. He also recommended dropping password rotation practices.
"Password rotation is one of the evils of digital account security," he said. "Human nature is to store passwords in sequence and these are very easy to break into. The decision to not change passwords frequently ensures that users remember their passwords and their passwords are more like pass-phrases that are longer and hence, stronger."
Another unique factor about password security, according to Pereira, is that the strength of a password is determined not by its complexity, but by its length. "NIST no longer recommends complex passwords that have upper cases, lower cases, symbols and characters. They recommend pass-phrases with an ideal length of 16 characters," he said.
All-Out Response Needed
The Asia-Pacific region, owing to increasing prosperity and geopolitical significance, could serve as the hotbed for ransomware operations in the not-too-distant future. Recent statistics point to increased attacks on manufacturing organizations and small-scale entities which, if not prevented, could devastate regional supply chains and destabilize economies.
The growing ransomware-as-a-service economy, which also incentivizes access brokers who sell access to breached networks, requires an all-out approach in which governments and the private sector work together to secure supply chains - even for the smallest and most vulnerable organizations.