Cybercriminals give systems a drubbing while security teams go clubbing

CYBERCRIMINALS are shifting into holiday mode as the year closes - and going on the offence. Ransomware attacks, in which hackers lock up IT systems or steal data and demand a ransom, are increasingly occurring on weekends and holidays when most companies' security teams are off duty.

A majority of these teams took longer than usual to assess the scope of the attack, a study by cybersecurity company Cybereason found; in fact, 7 in 10 respondents admitted to having been intoxicated while responding to incidents.

Getting caught off guard wasn't the only weakness of these companies - almost half didn't have the right security solutions in the first place. Two-thirds of respondents lost significant revenue; a quarter had to temporarily close their organisations following the attack.

Ransomware has become a global crisis, with several governments, including the White House, mobilising nationwide resources to counter the threat. It is estimated that billions of dollars were paid in ransom globally last year.

Tech giants Acer and Apple each faced US$50 million ransom demands; attacks on fuel pipeline operator Colonial Pipeline and meat producer JBS disrupted US critical-infrastructure supply chains.

It appears hackers are getting more opportunistic. The Colonial Pipeline attack happened over the Mother's Day weekend; JBS was attacked over the Memorial Day weekend in the US, and a high-profile hack of IT company Kaseya took place over the 4th of July weekend in the US.

Eric Nagel, general manager for the Asia-Pacific at Cybereason, said: "Ransomware attackers don't take time off for holidays... The attacks in Singapore on a major insurer and a healthcare operator in the second half of this year reaffirm the shift in the attackers' approach, knowing they have the advantage over targeted organisations."

To understand the impact of holiday attacks, Cybereason commissioned an international study in September, entailing surveys of 1,206 cybersecurity professionals working in organisations with 700 or more employees, and which had been victims of a ransomware attack during a holiday or weekend in the last 12 months.

In Singapore, 68 per cent of previous attacks were successful because companies lacked cybersecurity coverage. But even after falling victim to an attack, the companies of 35 per cent of these respondents have yet to draw up contingency plans for weekends and holidays.

Cybereason said a number of steps can be taken to protect company systems on days off, including ensuring key response staff can be reached at any time. Where possible, critical accounts should be locked down during the weekend or holidays.

The company said: "The usual path attackers take in propagating ransomware across a network is to escalate privileges to the admin domain-level and then deploy the ransomware. Those highest privilege accounts in many cases are rarely required to be in use during the weekend or holiday breaks."

READ MORE:

• Heard of software as a service? Now there's a hacker equivalent
• Firms caught in ransomware should resist paying up: CSA