McAfee’s Chief Scientist highlights evolution of ransomware attacks
CNME Editor Mark Forker managed to secure an exclusive interview with Raj Samani, Fellow and Chief Scientist at McAfee Enterprise & FireEye, to explore some of the key findings that emerged from its recent research on cybersecurity trends, how ransomware attacks have become more professional – and what differentiates McAfee from other security vendors.
In a comprehensive report recently compiled by McAfee, the global security behemoth took a closer look at some of the cybersecurity challenges facing enterprises in the UAE – and the report was damning in its conclusion that organisations in the UAE need to place a greater emphasis on their cybersecurity architecture.
Some figures that jumped off the page of the report was that 87% of enterprises were impacted by cyberattacks., with a staggering 83% of those experiencing downtime as a result.
When asked was the UAE more vulnerable to attacks compared to other developed nations, Samani rejected the notion that the country was at greater risk than other countries, however, he did concede that many businesses do not have the ability to detect when they are under attack.
“I do not think the UAE is on its own when it comes to experiencing cyberattacks, and I think all organisations to an extent are impacted by cyberattacks. However, the challenge becomes does every organisation know that, and have they got the ability to be able to detect? The reality is we have seen a high volume of attacks coming directly off the back of the COVID-19 pandemic. Every fraudster ranging from the not so capable to a sophisticated threat actor are leveraging all the uncertainty that has been created for many businesses as a direct result of the global health crisis,” said Samani.
Samani is one of the world’s leading computer security experts and is a special advisor to the European Cybercrime Centre (EC3) in The Hague, so there are few better placed to give their observations on the globally cybersecurity ecosystem.
Interestingly, he stressed that enterprises globally need to consider risk from a digital standpoint as we have never been more reliant on digital technologies as we are in today’s current climate.
“In my opinion, all organisations across the world need to consider risk from a digital perspective because businesses have never been so dependent on digital systems to function. They need to consider digital risk and be fully aware of the damage and disruption a cyberattack can have on their business,” said Samani.
Samani disclosed that he was recently engaged in a conversation with the CEO of a mutli-billion-dollar retail company that had just been hit by a DarkSide ransomware attack.
‘He wanted to know how he could resolve the issue, but I said to have there is no decrypt for it and you need to recover your systems. But he said, ‘Well we don’t really care about the data being encrypted, our issue is that they have stolen our information and they are threatening to publish it’. I think that is very reflective of the way we are seeing threat actors evolve their tactics, which historically was based all around encrypting your data. However, now the threat is they are going to steal the data and publish all your information too,” said Samani.
The Fellow at McAfee also highlighted how he observed a major change in the way cybercriminals operated and that they were investing in themselves to make them even more effective, hence why the attacks are always evolving.
“We are witnessing a big shift and change in the way that criminals operate, and that allows them to generate more revenue, and the money they make they put it back into innovation, which ultimately enables them to become better. In a game of cat and mouse you must keep up with your adversary, and that’s fundamentally the biggest challenge facing companies. In the past, you could buy a security product, install it, and walk away, but now there is much more to consider if you want to protect yourself,” said Samani.
Over the last 18 months we have seen some high-profile ransomware attacks such as Colonial Pipeline and JBS. The economic consequences for both businesses were huge, but Samani said that the actual volume of ransomware attacks had decreased, but what we are now witnessing a much more ‘professional’ approach to ransomware.
“We have the seen the introduction of a much more professional threat actor when it comes to ransomware attacks. We are seeing a reduction in the volume of what you would describe as run of the mill type of ransomware attacks. There is just a much professional approach nowadays, many of them would outsource a lot of the attack and find new tactics to extort higher demands and find new ways to get into the organisation,” said Samani.
The cybersecurity expert also illustrated how ransomware attacks have drastically changed over the last 5 years, both in terms of the approach adopted by the attackers and the level of extortion being demanded from the companies that have been hit by a ransomware attack.
“I think the ways in which we spoke about ransomware attacks five years ago does not bear any resemblance to the ones that we hear about today. Historically, you were sent an e-mail, you would click on the link, and it encrypts your data. Whereas now they are essentially finding ways to break into companies, they are gathering credentials and are learning more about the company – and once they determine what the businesses vulnerable points are they are going to extort the maximum payment from them. 5 years ago, the average ransomware was a couple of hundred pounds now companies are being asked in some instances for between $20-30 million, and the reality is businesses are paying the ransom, so it really is a huge problem,” said Samani.
When asked what he believes differentiates McAfee from other security vendors, Samani was reluctant to criticise other vendors, who he said where doing an excellent job, instead, he said his team are just fully focused on tackling the major challenges that currently exist in the security ecosystem, and they wanted to better understand the nature of the threats that were emerging.
“I run the advanced threat research division and our team focuses all our efforts on understanding the threat, and we actively work with law enforcement to disrupt criminal infrastructures and that’s what we do. That is not a negative reflection on other companies and what they do, as they also do a terrific job. However, what we are very good at is understanding the nuanced nature of the different security threats emerging and the challenges that are facing businesses every single day,” concluded Samani.