The war on cybercrime is never-ending as the pandemic has shown the world the true force of cybercriminals. No industry is safe as we see the internet is littered with media reports and press releases depicting a wide range of attacks from ransomware to data breaches targeted towards all organisations regardless of their size.
“Ransomware as a threat is growing at pace and, with Ransomware-as-a-Service meaning malware of this nature is more easily available to attackers than ever, we can expect to see an acceleration of this trend.” Commented Jeffrey Kok, Vice President of Solutions Engineers of Asia Pacific and Japan at CyberArk. In the past few months, Singapore has been alerted to multiple ransomware attacks targeted at both the healthcare and financial industries. A significant threat to business operations, the Singapore Computer Emergency Response Team, has even released an advisory in June regarding the growing threat level of ransomware and how businesses can prevent such an unfortunate occurrence. Three major ransomware attacks were reported in Singapore in the following months, namely at Eye & Retina Surgeons, Tokio Marine Insurance Singapore and Pine Labs.
One speculated attack is the alleged ransomware attack orchestrated by BlackMatter targeted at the merchant platform company Pine Labs. Although the company has denied such an allegation, on August 11th, Cyble, a cyber threat intelligence company, published a report stating that it had discovered this news during a threat hunting exercise. Documents involved in the leak included agreements between Pine Labs and financial institutions, financial reports, and personal records. Although Pine Labs CTO Sanjeev Kumar has adamantly rejected the notion of a ransomware attack on the organisation, he does share that the evidence mentioned by Cyble are 2014 legal business contracts and may have been accessed through a user laptop or a sever.
Days after the Pine Labs incident, on the 16th of August, Tokio Marine Insurance Singapore (TMiS) released a press release regarding a ransomware attack toward the organisation on the 31st of July. At the time of the statement, TMiS reported that no confidential customer information had been compromised. The affected server had been detected and isolated to not affect the operations of the company. No further information has been released as of yet regarding the attack.
The most recent major ransomware attack in Singapore hit the healthcare industry as the nation’s Ministry of Health published a statement on the 25th of August regarding the attack on Eye and Retina Surgeons (ERS), a specialised medical clinic. On the 6th of August, the clinic was hit with a ransomware attack that affected the clinic's server and management systems involving the personal data of more than 73,000 of its patients. MOH has ordered ERS to work with the Cyber Security Agency to conduct a full investigation of ERS's systems and strengthen their cybersecurity in light of the attack. Taking the increasing number of cyber attacks seriously, MOH reminds licensed healthcare institutions to take the necessary precautions to enhance their cybersecurity.
Now you may wonder precisely why ransomware threat actors are so active in the current landscape. As we accelerate through the age of technology, cybercriminals have become more sophisticated with their tactics, refining who and how to target.
According to Jeffrey Kok, “It’s important to note as well that attackers are moving beyond “spray and pray” tactics, increasingly targeting specific organisations for very specific reasons, often using supply chain providers to help achieve their goals, as in the case of Kaseya. Attackers are putting in the work in advance, pooling resources, conducting lengthy reconnaissance on their intended victim, and carefully engineering specific individuals with direct access to critical assets and systems.”
Although threat actors are progressing, this does not mean that all hope is lost. Jeffrey Kok states, "There are mitigation strategies proven to be 100% effective against almost all variants of ransomware. Organisations should consider a multi-layer approach that includes: using anti-virus and EDR; backing up; restricting application read/write/modify permissions; only allowing approved applications; removal of local admin rights from standard users; elevating privileges only when needed; and – finally - assessing the file types that are of most value to the organisation.”
What organisations need to understand is no one is safe in the current volatile landscape. Cyber attacks can occur at any moment, and the more they are prepared, the better chance they stand against the threat actors present in the world.