The Big Business Behind Ransomware

MALWARE as a Service or MaaS is a relatively new business model sweeping the cyber domain, where cybercriminals provide access to malicious software for a fee.

Named after its Software as a Service (SaaS) counterpart, MaaS lowers the barrier for others to enter the world of cybercrime, making their services available to anyone willing to seek them out on the dark web.

Ransomware as a Service is particularly prevalent, where a piece of software is unintentionally loaded into a machine, causing its data to become encrypted. The assailants typically demand payment for decryption, creating a sense of urgency by threatening their victims with further action if demands are not quickly met.

“Now this is evolving into double, triple, or even multi-extortion,” alerts Kelvin Chua, Regional Director at global, US-based enterprise-class cybersecurity company, Fortinet.

Ransomware is a big business, expected to get bigger.

Chua, who leads a team of engineers to ensure optimal application of technology and engineering resources to meet product development and customer requirements, expands on MaaS.

“Now they will not only say I have encrypted your drive, so pay me money to decrypt it. They will now say I have your data, give me the money within this timeframe or I will publicise your data, leak, or sell it. They try to create a sense of urgency for you to act as quickly as possible.”

What is even more surprising is the level of organisation exhibited by MaaS entities, who have been found to feature clearly defined internal roles, such as malware developers, system administrators, managers, and technical support.

Chua adds that MaaS entities often feature personnel resembling traditional finance, human resources, marketing, and business development departments.

“Like any business, the bad guys are trying to make it as structured, systematic, and profitable as possible. They also need to do this at speed. They need to have a finance and HR department to collect and distribute the ransom they collect.”

Malware Developers In Demand

This siloed and anonymous framework makes MaaS entities and even their clients difficult to catch. If one component is compromised, for example if one party is identified or arrested, the department can always be replaced, and the remainder of the business remains free to operate. 

In this complex jigsaw puzzle with replaceable pieces, all operatives become expendable, even the malware developers themselves.

MaaS affiliate programs are typically offered as a one-off service, by subscription, or for ransomware, on a fee-sharing basis, where the malware providers are entitled to a share of the stolen funds.

Clients or ‘affiliates’ engaging with MaaS services may be easier to identify, but historically, apprehending end-users has done little to deter the operations of service providers.

Kelvin Chua in the demo room where Fortinet’s capabilities are showcased.

Chua has observed that attacks are often financially motivated. “Banks are targeted, issuance companies. Go to a bank account and change a few zeroes, this can have big implications. Also, political motivation can jeopardise a government system, compromise information systems, reputation and the trust impact will be significant. Critical infrastructure, manufacturing, oil and gas, power, and utility are vulnerable to attack.”

Fortinet’s Singapore office features a miniature model of the Marina Bay area, featuring a dam, power plant and other critical infrastructure that could be vulnerable to cybersecurity attack. While the model is used for training purposes and demonstrations, it’s a physical reminder of the extent to which future threats need to be anticipated in this industry, and the cost of failure.

The idea of completely thwarting cyber criminals may be naïve. As long as lucrative targets exist, it will likely be impossible to completely disincentivise attacks. Traditional approaches such as harsher punishments will not deter criminals that cannot be identified.

Minimising the attack surface area may involve spreading an organisation’s resources and ensuring that compromise of an individual component doesn’t bring down entire systems. Where this is not possible, a more stringent digital solution may be required.

Fighting Fire with Fire

Fortinet’s main offering is an integrated security platform that can shield enterprises from a variety of digital threats. For over 20 years they have been developing security solutions to protect people, devices, and applications networks.

“As solution providers, we put a lot of innovation into identifying emerging trends in the landscape and market, and are constantly looking from a technology or solution perspective, how we can help organisations address some of the upcoming cybersecurity threats or problems they may face,” Chua says.

Yet, as criminals begin to operate with the structure of traditional companies, they have also begun to weaponise the latest technologies such as automation and AI. Likewise, Fortinet has integrated modern technologies to enhance the speed with which their platform can detect security issues and reinforce other aspects of their security matrix.

For example, Fortinet have found automation of threat detection to be the best way to increase response time, while also enabling their customers to keep up with the evolving threat landscape.

The average cost of corporate cybersecurity breaches has been estimated to be a staggering S$9.4 million.

Those deploying and properly implementing integrated solutions have been able to reduce the time taken to identify, investigate and remediate a cyber threat from 18.5 hours to an average of 10 minutes, while taking advantage of the cost savings. Notably some companies without an automated detection system never discover certain security breaches at all!

Alongside automation, integration of AI assists corporate IT departments in threat neutralisation by not only observing anomalies but also identifying the type of threat and suggesting steps to begin mitigation. Overall, the combination of automation and AI is not replacing technicians but can significantly reduce their workload by doing up to 60% of the grunt work, preserving their bandwidth for problem solving.

Learning From The Enemy

Fortinet attempts to learn from MaaS actors in other ways, featuring its own network of partners, around 400 providers, each with a specific use case to solve a specific problem. This composable, plug-and-play network enables Fortinet to adapt their fabric of partners to the ever-changing threat landscape.

Fortinet recommends companies only deploy a few carefully chosen integrated cybersecurity solutions, the advice stemming from the oversubscription of many corporate entities to 50 or even 60 providers in attempts to be comprehensive. 

“Utilising a handful of systems will help to increase your security posture and help to reduce the complexity of management,” Chua explains. Maintenance of so many systems, combined with training and retaining numerous staff members to keep up with dozens of systems is not only impractical and expensive, but also creates additional attack vectors, the very problem the solutions were deployed to prevent.

Keeping its ear to the ground, Fortinet also has a careful and strategic approach for monitoring activity on the dark web, which Chua admits is not easy. The bad guys are very careful and socialise in closed circles.

The Human Element

While each country is approaching cybersecurity at their own pace, government policy and regulation can help to encourage some basic protections for the average user. Those countries who have made significant investment in creating policy will likely remain ahead of the pack.

Earlier in February of this year, a financier in a multinational Hong Kong firm was tricked into sending HKD 200 million (over S$34 million) to fraudsters. The employee believed they were on a conference call with a UK-based CFO, and while initially suspicious of the request, they were reassured after conversing with several of their colleagues on the call, whose responses were also generated by AI.

Unfortunately, this was not a standalone incident. Chua expects that with widespread use of AI and automation, cybercrime will only become more common. 

In the 2023 Fortinet-IDC Asia Pacific SecOps Survey, 50% of industry leaders identified phishing and ransomware as their top concern, with identity theft trailing close behind. 

In a post-covid world of remote work, the potential for insider threats is greater than ever, with insufficient training and inadequate communication identified as the main reasons for such human error. The breakneck pace of development in AI will continue to expose the average person to unprecedented threats, and the need for greater individual awareness will continue to grow.

According to Singstat, in 2022 there were nearly 600 scams and cybercrimes per 100,000 people in Singapore. With AI that number is likely to grow.

Statista reports that in 2022, some 5.5 billion malware attacks were detected globally, with the bulk of them occurring in the Asia-Pacific region. The most frequently blocked malware attacks were worms, viruses, ransomware, trojans, and backdoor. 

Against this grim backdrop, it is unavoidable that a truly thorough approach to cybersecurity must also involve training employees across the hierarchy; from secretary to the C-suite.

In this light, the other vector of Fortinet’s cybersecurity offerings is their training programmes. In addition to offering highly technical courses for those who wish to obtain certifications, Fortinet also works in parallel with educational institutions to ensure that their knowledge and skillset are shared with the wider community as much as possible.

See also  Fixing Your Digital Insecurity — WED WEB CHAT


Please enter your comment!
Please enter your name here