Manufacturing sector worst hit by ransomware in 2023 in Malaysia, Asean: Palo Alto

PETALING JAYA: Manufacturing is the most targeted industry for ransomware extortion in 2023 in Malaysia and the wider Asean region, according to Palo Alto Networks’ Unit 42 recently released Ransomware Retrospective blog and Incident Response Report 2024.

According to Ransomware Retrospective, they studied 3,998 leak site posts from various ransomware groups. Leak sites are platforms where threat actors publicly disclose stolen data as a means of coercing victims into paying ransom.

Unit 42 saw a 49% year-on-year (y-o-y) increase in multi-extortion ransomware attacks from 2022 to 2023 globally.

Across the industries, Lockbit 3.0 was the most active group, with 928 leak site posts accounting for 23% of the global total.

Notably, within Malaysia, Lockbit 3.0 stood out as the predominant threat, with 12 victims falling prey to its operations followed by ALPHV (BlackCat) and ThreeAM.

Palo Alto Networks country manager Malaysia Sarene Lee said, “In Malaysia’s manufacturing sector, fuelled by a surge in foreign direct investment, operational technology (OT) innovation is reshaping the industry landscape. Yet, as automation revolutionises processes, we expect cybersecurity risks to escalate. We’re at a critical juncture where safeguarding OT systems is non-negotiable to ensure productivity remains optimum. There’s much to do to fortify Malaysia’s manufacturing backbone, ensuring the country’s economic progress isn’t undermined by cyber vulnerabilities.”

In a developing and vibrant economy such as Malaysia, where organisations are adopting information technology and artificial intelligence at a rapid pace, companies are constantly grappling with significant cybersecurity challenges. These include a persistent skills gap in cybersecurity professionals and regulatory hurdles in adapting to rapidly evolving technologies.

Organisations in Malaysia are becoming the focal point of cybersecurity vulnerabilities, with government entities, critical to national infrastructure, in urgent need of protective measures against persistent security breaches.

As further evidence, when reviewing the number of compromises reported by ransomware leak sites, sporadic spikes were observed. These loosely aligned with periods where ransomware groups began exploiting specific vulnerabilities.

Unit 42 analysed more than 600 incidents from 250 organisations for the 2024 Unit 42 Incident Response Report. This investigation went beyond ransomware leaksite posts into the overall casework volume. While phishing has historically been a popular tactic with attackers, the report found that it is declining, but only sort of.

From a one-third share of initial access incidents in 2022, phishing has dropped to just 17% in 2023. This indicates a potential deprioritisation of phishing as cybercriminals adapt to more technologically advanced – and perhaps more efficient – infiltration methods. More advanced threat actors are moving away from traditional and interactive phishing campaigns to less noticeable and possibly automated methods of exploiting system weaknesses and pre-existing credential leaks.

“As threat actors become more sophisticated, exploiting vulnerabilities and adopting advanced tactics, it is imperative that businesses and government entities take proactive measures to enhance their cyber defences. The time to act is now. Investing in robust security solutions, fostering cybersecurity awareness, and nurturing a skilled workforce are critical steps to mitigate the risks posed by these malicious actors. Only through a concerted effort can we fortify our digital ecosystems and safeguard our vital infrastructure from the relentless onslaught of ransomware attacks,“ said Lee.

Open Two Websites with Image

Clickable Image