Cyber Crime & Forensic Cyber Safety Daily News Threat Detection & Defense

XDR Key in Fighting Back Against Targeted Ransomware in Southeast Asia – Kaspersky

Izzat Najmi Abdullah February 20, 2023

3 minutes read

Ransomware is on the rise. Well, that’s nothing new but the numbers may just shock you. According to the global cybersecurity firm, Kaspersky, the number of ransomware attacks seen each day now totals 9,500 worldwide, almost double (181%) from the previous year.

As a result of the lucrative potential of ransomware attacks, cybercriminal gangs all over the world, particularly those in Southeast Asia, continue to target commercial enterprises. In fact, Kaspersky has just released statistics showing that its business solutions prevented 304,904 ransomware attacks targeting firms in this region in 2022 alone.

To break down the numbers: Kaspersky B2B solutions prevented the greatest number of attacks in Indonesia (131,779), followed by Thailand (82,438) and Vietnam (57,389). A total of 21,076 ransomware assaults were recorded in the Philippines; 11,750 were recorded in Malaysia; and 472 were recorded in Singapore.

Ransomware Targeting Businesses in Southeast Asia

The Ongoing Ransomware Evolution

The bad news is that the criminals who are behind these attacks are always improving their methods and tools so they can make more money. In 2020, Kaspersky warned about Ransomware 2.0, which are attacks that use “pressure tactics” to demand a larger ransom and exacerbate the damage done to the victim’s reputation.

Two years later, we see the growth of targeted ransomware groups that employ an additional extortion strategy, such as reselling the obtained data or files, launching DDoS assaults against the victim or the victim’s clients, or utilising the same data to launch subsequent attacks, such as targeted phishing – dubbed Ransomware 3.0.

Kaspersky’s most recent statistics show that Lockbit is the most common kind of targeted ransomware in Southeast Asia (SEA), having inflicted damage on 115 different firms there.

The Lockbit ransomware group, also a Ransomware-as-a-Service provider, has successfully targeted large corporations across the globe and in Southeast Asia, including a major IT Service Provider (from whom they allegedly demanded USD $50 million in ransom), a private school in Malaysia, and a food manufacturer in Singapore.

This notorious group frequently updates their ransomware, currently at the Lockbit 3.0 version, and uses it in highly targeted operations against companies and other groups.

“Malicious actors, like the Lockbit ransomware group, invest considerable time in up-front intelligence gathering to determine whom they will target, how they will target them, and the optimal timing of their attack. This level of pre-planning makes attacks more sophisticated and therefore harder to catch. Combine this with their double and now the emerging triple-extortion models, modern targeted ransomware groups are set to disrupt more enterprises in SEA if we are not equipped enough to nip them in the bud,” warns Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky at a recent media briefing.

A Unified Threat Detection and Response

In an effort to protect ASEAN businesses from the high costs of targeted ransomware, Kaspersky released its Kaspersky Extended Detection and Response (XDR) platform this week.

Kaspersky claims that this XDR platform is flexible enough for businesses of any size. In addition, “the user-friendly platform” is enhanced with reliable threat intelligence data from KSN (Kaspersky Security Network) for superior detection capabilities.

The platform uses a proactive strategy to integrate previously separate security products into a cohesive whole, allowing for the identification and mitigation of security threats in a streamlined manner.

Kaspersky XDR

According to Yeo, the many benefits of Kaspersky XDR for enterprises also include:

Consolidating a large volume of alerts into a much smaller number of incidents that can be prioritised for manual investigation.
Providing integrated incident response options that provide sufficient context so that alerts can be resolved quickly.
Providing response options that extend beyond infrastructure control points, including network, cloud, and endpoints, to deliver comprehensive protection.
Automating repetitive tasks to improve productivity.
Providing a common management and workflow experience across security components, creating greater efficiency.

The Kaspersky products and services that form its XDR are:

Kaspersky EDR Optimum.
Kaspersky EDR Expert.
Kaspersky Anti-Targeted Attack Platform.
Kaspersky Managed Detection and Response.
Kaspersky Incident Response.

“To help the overwhelmed and undermanned enterprise security teams, we consolidated our multiple security tools into a coherent, unified security incident detection and response platform – our Kaspersky Extended Detection and Response (XDR). This new platform provides multi-layer protection for enterprises, as well as threat hunting capabilities for their existing Security Operations Center (SOC),” Yeo stated, ending the unveiling of their best-ever XDR platform.