Not enough urgency to mitigate against ransomware: Sophos
By Edwin Yapp February 28, 2018
- Acknowledged as a serious problem, still enterprise still not fully protected
- Machine, deep learning the future of ransomware, cyber security protection
THE global prevalence of ransomware is on a sharp rise and small- to mid-sized businesses which are not properly protected against such malware are more at risk than ever before as they are being targeted repeatedly, according to a new study by Sophos Group Plc
Speaking to the media on Feb 27, Sumit Bansal, Sophos managing director for Asean & Korea, said 54% of organisations remain at high risk of ransomware globally, while 31% expect to be victims of an attack in the future. On average, respondents impacted by ransomware were struck twice, the poll noted.
“In our latest survey, almost everyone (98%) agreed that having anti-ransomware technology on the end-point is crucial but despite that, only 54% of organisation have anti-ransomware technology in place,” he claimed.
Culled from a survey of some 2,700 IT decision makers from mid-sized businesses worldwide last year, the study entitled ‘The State of Endpoint Security Today,’ Sophos commissioned Vanson Bourne to poll IT-decision making executives in organisations with between 100 and 5,000 users.
The study covered the United States, Canada, Mexico, France, Germany, UK, Australia, Japan, India, and South Africa.
In a separate study, Sumit revealed that the WannaCry ransomware in 2017 accounted for 90% of the attacks in Malaysia alone. This is followed by Cerber, which accounts for 8.9% of ransomware attacks locally, Sumit added.
Ransomware is defined as malicious software that is activated after being a target of phishing. Following the definition of the word, ransomware effectively holds a user's device or server hostage until a ‘ransom’ fee is paid. Phishing happens when a user takes an unwitting action, usually by clicking an attachment, which releases a ransomware malware into the IT system.
Besides this alarming trend, Sumit also revealed that some 69% of respondent in the survey were unable to correctly identify the definition of anti-exploit software.
With this confusion, he said it was not surprising that 54% do not have anti-exploit technology in place at all. This also suggests that a significant proportion of organisations have a misplaced belief that they are protected from this common attack technique yet are actually at significant risk, he added.
Asked whether these trends were also true in Southeast Asian (Asean) countries as the study essentially covered more advanced markets, Sumit clarified that although Asean countries weren’t specifically polled, these same trends are expected to hit here within three to six months.
“While these are statistics did not cover Asean, we will see that effect in the region very soon,” he argued. “We may not experience the same kind of ransomware types, but we will experience the same kind of issues.
“Some ransomware are country-specific. For example, CryptoLocker is popular in Singapore. Based on what I see in the region when speaking to customers, we will have the same challenges,” he said.
Sumit also argued that often, businesses which get hit by ransomware may not report it, but it doesn’t mean it’s not happening.
He was alluding to the recent case where ride-sharing giant Uber Technologies Inc hid the fact that it got hit by ransomware for more than a year before admitting to the breach. In that case, Bloomberg reported that hackers stole the personal data of 57 million customers from Uber, and paid US$100,000 (RM390,681) to the attackers in an attempt to redeem the captured data.
Machine, deep learning next
Sumit also revealed that some 60% of respondents admitted their endpoint defenses were not enough to block the attacks seen last year, and that only 25% have predictive threat technologies found in technology such as such as machine or deep learning.
This leaves some 75% of those surveyed vulnerable to repeated ransomware attacks, exploits, and evolving advanced threats, he added.
“While 60% plan to implement predictive threat technology within a year, yet confusion about it persists. Of those surveyed, 56% admitted that they do not have a full understanding of the differences between machine learning and deep learning,” he claimed.
Sumit said the use of machine and deep learning in end-point security is inevitable as today, signature-based detection is obsolete, given that there are some 400,000 of malware variants appearing every day, a figure too massive to track and address.
“Customers who are still using this method will face problems tracking malware,” he noted. “Additionally, hackers are using exploit techniques to trick people into downloading malware unknowingly.
“Thus, the only way to mitigate against this is to not just be evasive but to be predictive, and only employing machine and deep learning can this be achieved.
Machine learning has the ability to learn without being explicitly programmed, or in other words, it has self-adaptive learning. It gives computers the ability to change their algorithm automatically when exposed to new data
Deep learning is a subset of machine learning, in which a problem is treated in a multi-layer, hierarchical method rather than in a linear way. When a problem is fed with raw data in deep learning systems, it goes through a process that creates certain ‘answers.’
These answers are then passed on to another layer for analysis by a second layer in the hierarchy, which then yields another set of answers to be processed by the next layer, and so on. The multi-layer processing iterates across the network until the best output is determined.
Sumit said Sophos defines predictive security as the “ability to foretell with precision of calculation, knowledge or shrewd inference from facts of experience.”
He explained that being predictive meant being able to stop ransomware by blocking file, disk and memory attacks, and deny the hacker before they are able to exploit the user.
“Deep learning neural networks are the only way to do this,” he said.
Other noteworthy points the Sophos study revealed were:
- According to those impacted by ransomware last year, the median total cost of a ransomware attack was US$133,000 (RM519,605). This extends beyond any ransom demanded and includes downtime, manpower, device cost, network cost, and lost opportunities. Five percent of those surveyed reported between US$1.3 million (RM5.08 million) and US$6.6 million (RM25.78 million) as total cost;
- More than 77% of those impacted by ransomware were running up to date endpoint protection, confirming that traditional endpoint security is no longer enough to protect against today’s ransomware attacks; and
- While intrusions from exploits have been happening for years, they often go undetected for months, if not years. Once inside a system, cyber-criminals use complex malware that can hide in memory or camouflage itself. In many cases, businesses do not know they’ve been breached until someone finds a large cache of stolen data on the Dark Web.