Beenu Arora, Cyble: “2022 might witness a 50% increase in ransomware attacks”
Cybercrime is gaining momentum, with more companies realizing the importance of preventing cyberattacks rather than dealing with their aftermath.
Understanding and mitigating potential threats might seem like a daunting task - especially, for SMEs with limited resources and small cybersecurity departments. However, there are tools that allow real-time visibility into potential vulnerabilities, such as those provided by Cyble, which offers a comprehensive perspective on your digital threatscape.
We talked to Beenu Arora, CEO and Co-Founder of Cyble, to discuss their approach to cybersecurity, the importance of dark web monitoring, and the role of the COVID-19 pandemic in the increase of attacks.
How did the idea of Cyble come to life?
The amount of activity - specifically, cybercrime - on the internet has increased exponentially over the past few years, with most taking place on the dark web. With cybercriminals compromising individuals, corporations, and even governments, the need to democratize visibility into the dark web became abundantly clear.
This translated into the idea that individuals and entities should be able to monitor whether their data was being leaked on the dark web and proactively take measures to improve their security infrastructure and develop resilience to malicious attacks. This was the seed for what eventually became Cyble.
At Cyble, you name minimizing one’s digital risk footprint as one of your top priorities. Can you briefly describe what that means?
In the 90s, an average internet user’s risk footprint started and ended with their email credentials – if even that. Today, however, the risk footprint of an average internet user can span from their social media accounts to their online banking information and much more. On a larger scale, this affects corporate ecosystems and sensitive data across multiple sites, apps, plugins, etc.
At Cyble, we do not think that having a broader risk footprint should be a liability for individuals and businesses from a cybersecurity standpoint. Through our platform and services, we try to minimize the incidence of risk for our clients while ensuring that they can conduct their operations and scale as per the market’s needs.
How does one’s data end up on the dark web in the first place?
To understand how data flows into the dark web, you must first appreciate the true extent of the deep web and dark web, respectively. It’s an established fact that the surface web forms less than 5% of the entire internet.
As such, there are many ways your data can make its way into the dark web. Targeted attacks by cybercriminals, phishing, ransomware attacks, fake apps containing malware and spyware, keyloggers, compromised networks – the list goes on.
Cybercriminals are constantly adapting to changing security ecosystems to breach private data. Cyble has observed, analyzed, and acted upon the evolution and sophistication of these threat actors.
How do you think the COVID-19 pandemic affected the way people perceive cybersecurity?
The internet has already been a significant part of most peoples’ lives in some shape or form for decades. From social media and entertainment to online banking and shopping, there has always been some level of daily engagement with the internet.
With the onset of the COVID-19 pandemic, however, the world had to adapt to a remote lifestyle where the reliance on the internet for work, education, financial transactions, etc., became much heavier. This naturally impacted the threat surface of individuals and organizations as WFH came with its own set of cybersecurity risks.
However, the public perception of cybersecurity has not scaled proportionally. We have seen a higher volume of cybersecurity incidents across the board. This is primarily due to higher threat actor activity and targeted attacks. Still, the individual perception of cybersecurity also needs to scale with the current risk environment – something that Cyble, as a thought leader, is committed to through our publications and research.
What do cybercriminals usually try to gain by attacking governmental entities?
In the 21st century, battlefields have expanded to cyberspace. It’s not uncommon for cybercriminals with a political agenda to target governmental assets and entities online to compromise their credentials, data, or reputation.
The perpetrators of these attacks can range from lone wolf hackers to state-sponsored threat groups, depending on their capabilities and level of sophistication.
At Cyble, we have recognized the growing risks posed to governmental agencies from these groups, which was the driving factor behind Cyble Hawk – our dedicated offering to assist Law Enforcement Agencies and governmental entities protect critical digital assets and data.
In your opinion, why do certain companies or individual users still fail to recognize the necessity of proper cybersecurity measures?
Firms often think they are simply too big or well-established to be victims of a cyberattack. The opposite is also true in the case of smaller firms, which don’t see themselves as lucrative targets for cybercriminals.
Individuals and firms also tend to have an overreliance on technology to secure their digital footprint, often forgetting that the human element is the most vulnerable target for cybercriminals – something we have observed with targeted phishing attacks, etc.
Firms need to balance their risk model around an enterprise risk mindset where cybersecurity is seen from both viewpoints:
Inside Out – analyzing what components, processes, and individuals could pose a cyber risk in the firm.
Outside In – factoring in the Threat Actors, supply chain risks, and ecosystem risks which could externally compromise the firm.
You have recently published your quarterly report on ransomware. What were the key findings, and what are your predictions for the upcoming year?
As major cyber threats go, ransomware has been getting a lot of attention recently – and for a good reason. Cyble observed that LOCKBIT 2.0 was the most active ransomware group for the last few quarters of 2021, followed by the Conti and Pysa groups. In Q4 2021, Cyble evidenced 837 victims and 75 countries being targeted by ransomware attacks, and these attacks are increasing in sophistication and scale every year in a linear manner.
If these attacks retain the momentum, 2022 might witness a 50% increase in ransomware attacks compared to 2021. Ransomware can create significant downtime for businesses, as witnessed in the Kaseya supply chain and the recent Kronos ransomware attacks.
New ransomware groups are emerging across the globe. Last quarter, we witnessed groups like Rook and Arvin Club emerge that specifically targeted former Soviet nations. We also encountered politically motivated ransomware groups, such as Moses Staff which targets Israel-based firms.
Besides ever-evolving ransomware strains, what other new threats have you come across?
Apart from ransomware strains, Emotet, a notorious malware as a service (MaaS) campaign, was back in action at the end of 2021 after a brief hiatus. Phishing attacks continue to be one of cyberspace’s most prevalent attack vectors. Multiple mobile banking spyware and botnets like Aberebot and Flubot malware were raised in 2021.
APT attacks and state-sponsored attacks are also an ongoing concern. Recently, we observed significant vulnerabilities, such as Log4j and Microsoft Exchange server vulnerabilities being extensively exploited by attackers. Threat actors are constantly testing different attack vectors to evade detection and establish persistence. Stealer malware such as Redline, Raccoon, etc., has turned to be a goldmine in this regard since it collects sensitive personal information such as name, email, password, and cookies in plain text form.
What does the future hold for Cyble?
Individuals, organizations, and governments are waking up to the full extent of cyber threats they face. It is a busy time for a cybersecurity firm – to say the least.
At Cyble, we want to provide actionable threat intelligence to our clients while continuing to be a pioneer and thought leader in the industry with our blogs, press releases, and webinars. The launch of Cyble Hawk, in particular, is a good indicator of how far we’ve come since we started out.
We plan to continue to deliver comprehensive cybersecurity solutions to our growing client base while expanding our global footprint through strategic partnerships with key players in the industry.