When ransomware took centerstage a few years ago, we failed to anticipate its magnitude and severity. 2016 was the year when ransomware dominated headlines as it exploded to become one of the biggest security wakeup calls for CXOs. That year the FBI estimated that ransomeware could be a $1 billion source of illicit income for cyber criminals, and, a survey by Osterman Research showed that 39 percent of organizations in some of the world’s largest superpower countries were hit by a ransomware attack. Other reports show that Asia Pacific suffered more than 10 million ransomware attacks in the first half of 2016 alone.
And just when we thought we have become prepared to defend ourselves against desktop PC ransomware, cybercriminals have already expanded the battlefield and started targeting users through mobile phones, which hold an incredible amount of valuable data, including personal information.
Although Mobile ransomware is not new, it has gone unnoticed because it was overshadowed by its “big brother”, desktop PC ransomware. That said, mobile ransomware is growing fast and we will witness its rise throughout this year. Last year security experts warned of a 50 percent jump in mobile ransomware cases. With Asia Pacific home to more than half the world’s mobile subscribers and expected to have 3.1 billion mobile subscribers by 2020, the opportunity is there for mobile ransomware to proliferate - especially in the Asia Pacific region.
Mobile ransomware will see attackers use pre-authenticated tokens to disseminate malware and lock mobile devices remotely until the ransom is paid. For home-users, personal data including photos and videos – memories of your wedding party or your child’s graduation ceremony, and even passport and ID scans would all be held hostage. Just imagine, how much you would pay to recover your more cherished photos?
Businesses are also not spared as enterprises in this region focus on achieving digital maturity and making BYOD a part of their strategy and operations. According to IDC, Asia Pacific represents one of the fastest-growing markets for mobility in 2017. Given the number of connected devices in an enterprise network, cyber attackers can easily access critical business assets such as confidential database files. How are we going to defend against these cybercriminals, whom we seem to be always playing catch up to?
We need not treat mobile ransomware any different from the other types of cyber attacks. While it is good to strategize avoiding a cyber incident, we need to focus more on reducing the time we take to detect and respond to threats. And this should not be done without leveraging data to gain visibility into the enterprise network and identifying anomalies.
A machine analytics-driven approach can help organizations automatically detect shifts in behavior when systems and user accounts are compromised. Collected across the IT environment, organizations can leverage log and machine data comprising a record of activity across servers, applications, network communications, etc. to gain insight into what is happening and has happened. With this insight, businesses can then identify anomalies using machine learning and other behavioral analytics techniques.
On top of that, to achieve efficiency in real-time detection, organizations must adopt a machine-analytics driven approach. Automating analysis addresses the impossible tasks of manually monitoring and reviewing cybersecurity activity. While some organizations have dedicated staff to solely do this task, several others do not have enough manpower to do so manually or on a timely basis across large volumes of data. With machine analytics, organizations can make better sense of existing security event data by automatically qualifying events against environmental risk factors and applying corroborative analytics approaches to automatically reduce false positives while illuminating and prioritizing true positives.
Today’s cyber threats have grown more complex and sophisticated. Nevertheless, the bottomline remains: prepare and anticipate what is coming, minimize the time taken to detect and respond to a threat. We can do this efficiently with machine learning that automatically identifies any behavioral anomaly. The success of defending against mobile ransomware or any type of cyber attack is dependent on the level of preparation and tools deployed to monitor and shut down suspicious activity.