Research covers the 18 months from the beginning of 2020.

vietnam, singapore, philippines, cyber security, ransomware

Credit: Dreamstime

Vietnam, Singapore and the Philippines appear to be fending off more than their fair share of ransomware attacks, according to new research.

The three ASEAN nations rank among the top countries globally to submit ransomware samples to Google-owned crowdsourced intelligence platform VirusTotal.

VirusTotal, part of Google Cloud’s threat detection platform, Chronicle, aggregates over 70 antivirus scanners and URL/domain blocklisting services, analysing suspicious files and URLs to detect types of malware and sharing the data with the broader security community.

At the beginning of October the company launched its first Ransomware Activity Report, providing a holistic view of ransomware attacks by combining more than 80 million potential ransomware-related samples submitted over the past year-and-a-half – from the beginning of 2020.

Of the 140 countries that submitted ransomware samples, Israel was by far and away the leader, in terms of volume, with the highest number of submissions and close to a 600 per cent increase in the number of submissions compared to its baseline.  

However, the remainder of the top 10 most affected territories based on the number of submissions to VirusTotal included no fewer than three ASEAN nations: Vietnam, Singapore and the Philippines.  

Altogether, the top 10 globally were, respectively: Israel, South Korea, Vietnam, China, Singapore, India, Kazakhstan, Philippines, Iran and the UK.

vietnam, singapore, philippines, cyber security, ransomware

Credit: Google/VirusTotal

According to Google, the company saw peaks of ransomware activity in the first two quarters of 2020, primarily due to the ransomware-as-a-service group GandCrab, whose prevalence decreased dramatically in the second half of that year.  

Another sizeable peak occurred in July 2021, driven by the Babuk ransomware family – a ransomware operation launched at the beginning of 2021 that was behind an attack on the Washington DC Metropolitan Police Department in the United States.

All up, at least 130 different ransomware families were active in 2020 and the first half of 2021, grouped by 30,000 clusters of malware that looked and operated in a similar fashion, Google security engineer and VirusTotal threat intelligence strategist Vincente Diaz noted in a blog post.  

Claiming 6,000 clusters, GandCrab was the most active family, followed by Babuk, Cerber, Matsnu, Congur, Locky, Teslacrypt, Rkor and Reveon.

vietnam, singapore, philippines, cyber security, ransomware

Credit: Google/VirusTotal

“While these big campaigns come and go, there is a constant baseline of ransomware activity of approximately 100 ransomware families that never stops,” Diaz said in his post. “Attackers are using a range of approaches, including well-known botnet malware and other remote access Trojans (RATs) as vehicles to deliver their ransomware.  

“In most cases, they are using fresh or new ransomware samples for their campaigns. This broad collection of activity provides vital insights into ransomware growth, evolution and impact on organisations of all sizes, and provides the breadcrumbs needed for businesses and governments to be much more proactive in building cyber security into their infrastructure,” he added.

The report comes as Singapore works to bolster its cyber security posture, with the country releasing its new Cybersecurity Strategy 2021 on 5 October.

Arriving five years after the launch of the first Singapore Cybersecurity Strategy in 2016, the new strategy works to simplify cyber security for end-users while developing deeper partnerships with industry to adapt to the changes in the cyber operating environment.

In the words of the Cyber Security Agency of Singapore (CSA), the new strategy outlines Singapore’s plans to take "a more proactive stance" against threats, raise the overall level of cyber security across the nation and advance international norms and standards on cyber security.

“As Singapore harnesses digital technology to improve lives and livelihoods for all, cyber security has become a necessity and key enabler for Singapore’s digital economy and Singaporeans’ digital way of life,” the CSA said in a statement.

“Developed in consultation with ministries, government agencies, industry and local and overseas academia, the updated strategy...seeks to address new and emerging cyber threats in the wake of strategic and technological shifts.

“These shifts include the opportunities and cyber risks brought about by emerging technologies, such as edge computing and quantum computing, that are potentially disruptive; growing cyber-physical risks as cyber disruptions can spill over to the physical domain; ubiquitous digital connectivity that expanded the attack surface; and increasing geopolitical tensions in cyberspace,” it added.

Internet Explorer Channel Network


LATEST NEWS

NEWS RELATED

How deepfakes enhance social engineering and authentication threats

Cyber criminals are investing in deepfake technology to make social engineering and authentication bypass campaigns more effective.

Read more: How deepfakes enhance social engineering and authentication threats

Cloud security not keeping pace with changing APAC landscape

McAfee report shows that four countries in the region – India, Australia, Japan, and Singapore – are the most vulnerable in 2021, and it may get worse due to talent shortage

Read more: Cloud security not keeping pace with changing APAC landscape

Fortifying DNS security can better protect the healthcare sector

The large amounts of patient and insurance data used in healthcare has made the industry attractive to cyber breaches. DNS is one of the mostly commonly used attack vectors. How can we prevent them?

Read more: Fortifying DNS security can better protect the healthcare sector

3 steps partners should take to mitigate against renewed Nobelium threat

Nobelium has been attempting to replicate the approach it has used in past attacks by targeting organisations integral to the global IT supply chain.

Read more: 3 steps partners should take to mitigate against renewed Nobelium threat

Reddit CISO Allison Miller builds trust through transparency

Miller joined the social media company in February 2021, assuming a range of responsibilities, from security and privacy to trust and safety, that reflect broadening of the CISO position itself -- a role she summarises as “keeping shenanigans from impacting a good user experience".

Read more: Reddit CISO Allison Miller builds trust through transparency

Should APAC businesses start moving to Zero Trust now?

The Zero Trust framework will enable an organisation to have full visibility of their networks and detect any unusual activity in a timely manner.

Read more: Should APAC businesses start moving to Zero Trust now?

Decline in ransomware claims could spark change for cyber insurance

New research indicates that ransomware attack and payment claims are in decline as resiliency takes priority for organisations.

Read more: Decline in ransomware claims could spark change for cyber insurance

Server-side request forgery attacks explained and how to defend against them

Server-side request forgery attacks can grant unauthorised access to web servers or cause damage and disruption. Defending against them can be relatively easy.

Read more: Server-side request forgery attacks explained and how to defend against them

Microsoft's very bad year for security: A timeline

How shape-shifting threat actors complicate attack attribution

Chinese APT group IronHusky exploits zero-day Windows Server privilege escalation

‘Bug bounty ‘set up to improve 5G commercial products

Twitch breach highlights dangers of choosing ease of access over security

October is high season for cyber attacks as attackers exploit natural disasters

7 deadly sins of Salesforce security

Why device identity is the overlooked insider threat

OTHER NEWS