Rapid7: Ransomware Playbook - understanding cyber risk
The COVID-19 pandemic has accelerated digital transformation across several segments and the banking, insurance and finance sectors are no different.
As remote working becomes more commonplace and operations are integrated further with technology, the risk of organisations holding sensitive or valuable information grows exponentially and Rapid7 hopes to redress the balance by keeping companies informed.
“Victims of ransomware attacks suffer the impact of productivity and revenue loss due to work stoppage,” says the report. “Ransomware is a unique security threat where most of the security team’s effort is spent on prevention and response because once ransomware is detected, it's too late.”
Before expanding on the actions that can be taken, Rapid7 advocates a primer in the forms that contemporary cyber risk can take. The company puts forward this definition:
“Ransomware is malicious software that covertly encrypts your files—preventing you from accessing them—and then demands payment for their safe recovery.
“Like most tactics employed in cyber-attacks, ransomware attacks can occur after clicking on a phishing link or visiting a compromised website.”
Methods used to gain infiltration could include targeting a user through compromised email accounts that they have had legitimate contact with. Other techniques include:
- Spear phishing: sending targets a clickable link or attachment.
- Drive-by: exploiting a web browser vulnerability.
- Exploitation: embedding ransomware at a point of vulnerability and then allowing it to proliferate automatically.
- Replication: networked media which encrypts ransomware as it simultaneously infects the targetted user.
- Valid accounts: an ‘outsider from within’ approach, wherein the perpetrator has legitimate access to the system from the onset.
Once contact is made, the targeted user will be prompted to open a link, download some software or otherwise coerced into introducing malicious content to their computer.
Now that the ransomware has been embedded, it can be used to steal information or lock the legitimate user out of core systems, with the subsequent refusal to unlock it unless a ransom is paid - hence the name.
How has ransomware changed?
Previously, ransomware relied on unsophisticated mail merges which targetted large quantities of potential victims simultaneously.
Now, however, Rapid7 states that this is changing:
“Increasingly over the past few years, there has been a shift to "big-game hunting" threat actors leveraging access established by taking advantage of poor security controls in an environment like an unpatched externally facing server, unsecured remote access solutions, or an undetected banking trojan (such as TrickBot, Emotet, or Dridex).”
Described as a more ‘hands-on’ approach, the infiltrators are able to gain incremental control over a system until a business’ services are rendered incapacitated. This can be disastrous for banks, which not only have compromised their customer’s data but could also suffer long-term reputational damage too.
In our next article on Rapid7’s Ransomware Playbook, we will explore what actio ns enterprises can take to mitigate the threat and how Rapid7 can find the optimal solution for the prevention, identification and elimination of cyber risk.
Singapore FinTech Association launches new networking club
The Singapore FinTech Association (SFA) has announced the launch of a new SG FinTech Club, which will act as hub that enhances networking among local fintech companies based in Singapore.
The APAC nation, which is a leading regional centre for fintechs, accounting for 13% of Singapore’s GDP in 2020. More than 1,400 fintech companies are based there, employing an estimated 10,000 people.
Technology is a driving factor within the space, and the SG FinTech Club will act as a base through which knowledge, resources and connections can be shared, as a way to increase the level of expertise in the space.
According to reports, the SFA will also develop and curate the engagement programmes for the fintech ecosystem. SG FinTech Club members will benefit from hospitality privileges offered by Supporting Partners , such as co-working spaces, which they can leverage on for social engagements.
The club’s existing membership platform will also enable users to sign up for talent matchmaking sessions, industry expert mentorship programmes, and masterclasses organised by SFA.
SG Fintech Club partnerships
The initiative has attracted the attention of several global fintech leaders, including the Institute of Banking and Finance (IBF). J.P. Morgan has also joined the club as Supporting Partner and Corporate Partner, respectively, to develop skills and career development events.
Speaking about the launch of the new club, Shadab Taiyabi, President of SFA, explained, “We are proud to collaborate with MAS on the launch of SG FinTech Club, and play our part in contributing to Singapore’s thriving FinTech ecosystem.
“We hope that the Club would be the key platform for inspiration and innovation, where professionals in the financial services sector can come to exchange opinions, network, and explore endless ideas with other like-minded individuals.
He continued, “Through the Club, we strive to champion and bolster Singapore’s FinTech entrepreneurship growth, facilitate the sharing of insights, collaborations, discussions and advocate the importance of upskilling amongst professionals across the financial services industry.”
Image credit: Singapore FinTech Association event