Malware has become a pervasive evil in 2021, branching out widely into a world of technology which is often ill equipped to deal with it. Malware protection has simultaneously become significantly more complex. Advanced Persistent Threat malware and ransomware attacks are two of the biggest threats facing enterprises today. According to DataProt.com, there are over 1 billion malware programs available, and more being created daily, with trojans accounting for over half of all computer malware. There are a few sources CIO’s look towards for information on threat and malware protection, such as law enforcement organizations like the FBI for those within the USA, but where does the EU look for information on the latest threats to their cyber safety?
What is Europol?
Europol, the European Union Agency for Law Enforcement Cooperation, is a law enforcement agency, founded 1998, to gather intelligence that could help protect EU citizens from domestic and international organized crime and terrorism. Europol cooperates with 21 EU member states, and non-EU partner states across the world, to collect intelligence, making Europol a valuable source of information on all organized crime, including cyber-crime and ransomware groups. A few of the crimes Europol focuses on are:
- Cyber crime
- Drug trafficking
- Human trafficking
- Intellectual property crime
- VAP fraud
- Counterfeit Euros
- Mobile organised-crime groups
- Terrorists & motorcycle gangs
What is SOCTA?
SOCTA, or the Serious and Organised Crime Threat Assessment, is a report created by Europol using data and intelligence from across the EU and the globe to report on known criminal networks and their operations in EU member states and abroad. The latest threat intelligence is compiled into the SOCTA 2021, focusing on specific criminals, their processes, and providing a better understanding of how organized crime works to reduce its effect and make law enforcement curtailment of their activities easier and faster. In addition to SOCTA, Europol releases other threat analysis publications including the EU Terrorism Situation and Trend Report (TE-SAT), Internet Organised Crime Threat Assessment (iOCTA), and the Europol Review. It is critical for organizations like Europol to compile information, like what is found in SOCTA, to help network security solution developers and IT decision makers deploy the best malware protection available.
Why Does SOCTA Track Cyber-Crime like Malware?
The SOCTA 2021 report focuses heavily on cyber-crime, as “the threat from cyber-dependent crime has been increasing over the last years, not only in terms of the number of attacks reported but also in terms of the sophistication of attacks. Cyber-dependent crime is likely significantly underreported.” Businesses have experienced both significant financial reputation losses due to cyber-crime in recent years, while the impact of cyber-crime can even lead to loss of life, as with the cyber-attack on a German hospital which resulted in the loss of a female patient.
If this were not scary enough for Europol and SOCTA to take notice, COVID-19 created a massive swell in the number of cyber-attacks experienced by every enterprise from the largest multi-national, to the smallest branches and independent businesses, and made ransomware-as-a-service and crime-as-a-service as recognizable as any brand name. And organized cybercriminals do not differentiate between ordinary citizens, global enterprises, or critical infrastructure that daily lives depend on. SOCTA 2021 gives information on DDoS attacks, online child sexual exploitation, non-cash payment scams like business email compromise (BEC), SIM Swapping, online investment fraud, and of course, malware and ransomware attacks.
Why is Malware Protection Important?
Ransomware and malware protection is essential in today’s digital world. Europol studies and statistics say “The use of corruption and the abuse of legal business structures are key features of serious and organised crime in Europe. Two thirds of criminals use corruption on a regular basis. More than 80% of the criminal networks use legal business structures.” In terms of cyber-crime, corruption could mean insider threat, and legal business structures like Bitcoin are used to make anonymous ransomware payments.
The world was watching as the ill-fated Colonial Pipeline oil pipeline fell victim to ransomware, leaving the East Coast of the USA struggling to find gas for their vehicles, the primary mode of transportation in the USA. Gas stations in North Carolina were particularly hard-hit, with gas running out during the first day of the disruption, and many people panic buying gas in preparation for a long time without fuel.
The cybercriminals responsible for the attack quickly realized that they were no longer flying under the radar, disrupting travel and daily life for millions of Americans, and causing a national state of emergency. Communication from the attackers made it clear that they were aware that their attack had been ill-advised, as businesses who fail due to ransomware attack can no longer afford to pay massive ransom payments. Colonial Pipeline paid the hackers $4.4 million USD to recover their files and get back to business and still had to restore backups because the decryption tool the attackers provided was ineffective.
While ransomware and malware have been a constant presence in our lives for years, they are now in the forefront – and average citizens are taking notice. Indonesia is still a top target country in Asia for ransomware and cryptomining. Malaysia spent 2020 dealing with similar issues related to malware and the famous Anonymous Malaysia threat, a threat made in hopes of spurring Malaysian government officials and governing bodies to place more emphasis on the cyber-security solutions necessary to protect Malaysia’s citizens from cyber-theft of their information and money. While the police arrested 11 people thought to be associated with Anonymous Malaysia, the threat is far from over, as Anonymous is widely known to be a multi-headed hydra with far reaching and borderless capabilities.
The Best Malware Protection Options
With 350,000 new malware strains detected daily, you need the best security to keep even a portion of them from bypassing your existing traditional security protections. The best way to provide malware protection for your enterprise, is to deploy the right solutions from the right vendors.
Protection features businesses are deploying to provide much needed defence against ransomware and malware attacks include continuous threat detection, AI enabled malware detection, and on-premise or cloud-based sandboxing. Sangfor’s NGAF, which uses the XDDR security framework to directly integrate with Sangfor Endpoint Secure, Platform-X and Cyber Command, offers multiple solutions to provide the right 360-degree protection for both the internal network and endpoints against malware and ransomware. Click Here to learn more about how Sangfor’s integrated network security systems work together to keep enterprises free from cyber-attacks of all kinds.
Ransomware and malware protection comes in many forms, including Sangfor’s 1-stop disaster recovery solution based on Sangfor’s HCI enterprise cloud platform. HCI provides malware and ransomware protection features like 1-click failover and failback, optimal RPO, and visualized DR management and monitoring. In addition to local backup and CDP, Sangfor aCloud DR protects even off-site workers and devices with the granular protection enterprises like Colonial Pipeline and the Malaysian government need to protect those they are responsible for.
It’s critical to know when you have suffered a malware or ransomware attack, but many businesses are finding it takes hours, days and sometimes months or years to detect an attack or any malware in the system. Sangfor HCI also provides much needed continuous data protection, automating the mechanics of data, malware and ransomware protection, making it 24/7, 365. Continuous data protection provides an extra layer of security and stability for those who have experienced hardware failure, data corruption, data breach, malware, and human error.
Sangfor Technologies is an APAC-based, global leading vendor of IT infrastructure and security solutions specializing in Network Security and Cloud Computing. Visit us at www.sangfor.com to learn more about Sangfor’s Security solutions and ransomware protection, and let Sangfor make your IT simpler, more secure and valuable.
Source: Europol (2021), European Union serious and organised crime threat assessment, A corrupting influence: the infiltration and undermining of Europe's economy and society by organised crime, Publications Office of the European Union, Luxembourg.