Davis Kallukaran
Online criminal forums have existed for many years, but today those networks are thriving in part because of the unique circumstances brought on by the Covid-19 pandemic. They look more like a corporate network now. This is a real threat. With people increasingly living their lives online, fraudsters have never had easier access to potential victims. Covid-19 has only accelerated that trend. Indeed, business is booming for cybercriminals now focused on high-value organisations.
Paul Kilby, Editor in Chief of the ACFE Fraud Magazine, in an article published last November, noted: “The more fragmented workplace has gone hand in hand with increased inter-connectivity, what we call the Internet of things. Everything from fridges to home security systems and other devices in the houses are increasingly linked to the Internet and each other, which expands possible entry points for fraudsters. A whole ecosystem is now available to fraudsters seeking opportunities in cyberspace. “Ransomware-as-a-Service” or “Malware-as-a Service” (better known as RaaS and MaaS) are new names for businesses selling malicious software, passwords and other services on dark net marketplaces.”
The Kaseya story
In July last year, employees at US-based software company Kaseya started receiving reports of suspicious activity. Third parties, customers and Kaseya’s monitoring systems were noticing strange behaviour on their computer systems. Little did they know that this was the start of what would soon be described as the biggest single ransomware attack on record. As a precautionary measure, the company quickly shut down the servers that ran its remote monitoring and management software, which it sells to managed service providers. But the damage had been done. Kaseya executives soon realised that they were the latest victims of a cybercrime spree that has spread across the globe in the wake of the Covid-19 pandemic.
The breach only impacted about 50 of Kaseya’s 37,000 customers worldwide, but its reach was far wider. The ransomware coursing through Kaseya’s network had spread to around 1,500 businesses, and the hackers were demanding $70 million to restore all systems back to health. Victims included a pharmacy chain, a gas station chain, the state railway and public broadcaster SVT — all in Sweden — as well as IT services companies in Germany and the Netherlands. The cyberattack also brought down cash registers and self-service check-out machines at Swedish supermarket chain Coop, forcing it to close over half of its 800 stores. It even shut down a Maryland town’s Internet services
The Kaseya attack may have been exceptional in its reach and the amount of ransom demanded, but in the outbreak of the Covid-19 pandemic, the world has seen surges in cybercrime and cyber fraud as the shift to remote work better enables these offenses where they labour on less-protected laptops and in multiple locations.
We all have to take a step back and realise this is the world we live in, and it is forcing us to look at ourselves as well, recommitting ourselves to every possible consideration that is there. Robert Herjavec, Founder & CEO of Herjavec Group says “’E-commerce, digital infrastructure, cloud, the move to online, the move to remote network — we all knew this was the future. But no one knew though that the future would happen in 12 months. That’s what Covid did. This movement has accelerated our businesses and the overall security industry. The more people online, the more security required.”
This cybercrime world is now impacting the everyday world. In the past, you may have had a credit card stolen or been the victim of identity theft. Now cybercrime has matured to such a point that it impacts the general population. It is all over the media. It is no longer just isolated incidences.
Indeed, cybercriminals and fraudsters are becoming better at poking holes in cyber defences and spreading malware across multiple organisations through so-called supply-chain attacks. No matter how strong their defences, organisations that are part of a supply chain remain vulnerable as fraudsters seek to exploit the weakest link amid a network of companies that regularly conduct business with each other.
As companies have bolstered their defences, they have often overlooked the many third parties that regularly interact with them. Many of these third parties are smaller with limited security. The challenge is how you enforce your corporate standard on a third party that may not have the same resources or policies. The amount of fraud reported that goes through these channels is significant, especially from banks and large enterprises, and it is only going to get worse because of the hybrid and remote work models which have expanded significantly as a result of the pandemic.
The cost of a breach goes far beyond the ransom paid — its downtime, its brand integrity and loss, and loss of faith from consumers and partners. I think one of the key goals for security leaders should be to move away from a prevention mindset and to focus on early detection. (Davis Kallukaran is Managing Partner, Crowe Oman and Past President of ACFE Oman chapter)
Oman Observer is now on the WhatsApp channel. Click here
