Petaling Jaya: Palo Alto Networks Unit 42 recently announced that manufacturing will be the most targeted for ransomware extortion in Malaysia and the entire ASEAN region in 2023. ransomware retrospective Blog and Incident Response Report 2024.
according to ransomware retrospectivee, they investigated 3,998 leak site posts from various ransomware groups. Leak sites are platforms where attackers publicly release stolen data as a way to force victims to pay ransoms.
Unit 42 found a 49% year-over-year increase in multi-extortion ransomware attacks worldwide from 2022 to 2023.
The most active group across the industry was Lockbit 3.0, with 928 posts on leak sites, accounting for 23% of the global total.
Especially within Malaysia, Lockbit 3.0 stood out as the main threat, with 12 victims falling prey to its operations, followed by ALPHV (BlackCat) and ThreeAM.
“In Malaysian manufacturing, operational technology (OT) innovation is reshaping the industry landscape, driven by a surge in foreign direct investment,” said Saleen Lee, Malaysia Country Manager at Palo Alto Networks. Ta. However, as processes are transformed through automation, cybersecurity risks are expected to increase. We are at a critical juncture where securing her OT system is non-negotiable for optimal productivity. There is much work to be done to strengthen Malaysia’s manufacturing backbone and ensure that the country’s economic development is not undermined by cyber vulnerabilities. ”
In a developing and vibrant economy like Malaysia, where organizations are rapidly adopting information technology and artificial intelligence, businesses are constantly grappling with critical cybersecurity challenges. These include persistent skills gaps in cybersecurity professionals and regulatory hurdles in adapting to rapidly evolving technology.
Malaysian organizations are the focus of cybersecurity vulnerabilities, and government agencies critical to the nation’s infrastructure urgently need safeguards against sustained security breaches.
As further evidence, when looking at the number of breaches reported by ransomware leak sites, we observed sporadic spikes. These roughly coincide with the times when ransomware groups started exploiting certain vulnerabilities.
Unit 42 analyzed more than 600 incidents from 250 organizations for the 2024 Unit 42 Incident Response Report. This investigation extends beyond postings to ransomware leak sites to the entire casework. Phishing has historically been a popular tactic for attackers, but the report says it’s on the decline, but only one kind of decline.
In 2022, phishing accounted for one in three initial access incidents, but in 2023 this has decreased to just 17%. This indicates that phishing may become a lower priority as cybercriminals adapt to more technologically advanced and perhaps more efficient methods of entry. More sophisticated attackers are moving away from traditional, interactive phishing campaigns to unobtrusive, automated methods that exploit system weaknesses and existing compromised credentials.
“As threat actors become more sophisticated, exploiting vulnerabilities and adopting advanced tactics, it is imperative that businesses and government agencies take proactive steps to strengthen their cyber defenses. Now is the time. Investing in robust security solutions, increasing cybersecurity awareness, and developing a skilled workforce are critical steps to mitigating the risks posed by these malicious actors. Only through this can we strengthen our digital ecosystem and protect our critical infrastructure from the relentless barrage of ransomware attacks,” said Lee.