Covid-19 may be a relatively new disease, but the threat from Advanced Persistent Threat (APT) actors is not. Their activities continue, despite the pandemic, reads NTT Ltd’s Global Threat Intelligence Report. In an interview with BusinessLine , NTT’s Senior Director (Cyber Security), Asia Pacific, Neville Burdan, said that while the world is ‘distracted’ by Covid-19, APTs are attempting to garner intelligence on the virus, which in hindsight suggests that the threat actors are seeking intelligence over financial gain. The organisation has seen a huge rise in such threats in July. Excerpts from the interview:

Is India on a safe wicket?

No country is protected from people that are doing Advanced Persistent Threat and ransomware. And through this pandemic we have seen a lot of bad actors active, especially with companies setting up new equipment for Work From Home (WFH) and are focussed on saving lives. Spamming and phishing for APT is high. The strange nature of APT is that they don’t do damage straightaway. They start propagating through the client’s environment to collect information. APTs can last for years within the environment,

Has there been a rise in ransomware in the region?

Yes…Application-specific attacks and very advanced ransomware attacks through Remote Access Trojans (RATS), vulnerability worms, botnets, downloaders (all of which make up malware and ransomware variants) have been quite high. We are now seeing very advanced styles of ransomware, threatening to publish the data on the dark web.

One of the biggest protection (from ransomware) was to back-up the data, but now the threat actors are hijacking the data and linking trade secrets and publishing on the dark web; this requires another level of protection.

How are organisations preparing to tide over such threats while allowing employees to work remotely and with data going out of the network?

We have seen three or four trends in Asia such as Zero Trust, drive towards cloud-based infrastructure, demand for outcome-based security solutions, and the like. Traditionally, we have maintained a passive mentality. We would put a wall around our assets, put a firewall, put all the PCs inside that castle and protect that. That no longer gels with the new world and the pandemic. We have to put walls and visibility around information security, around every action and piece of information.

From looking at the traffic and logs coming in and out of the firewall, we now have to see how the cloud is behaving, how the workspace is behaving, and so on. In summary, the network architecture and the whole business architecture have changed in the last couple of years; the global pandemic is accelerating it.

There is a dire need to put new tools such as AI, machine learning and a host of other techniques to protect the new architecture and detect anonymous behaviour within the client’s environment.

APTs are there to eavesdrop and gain information. It is therefore important to have visibility, to understand what these threat actors are doing and finding them is the new world of cyber security.

Is the current infrastructure ready to take such high data loads as well as take care of cyber security?

Yes and no. In this pandemic, where everyone is pushed to work remotely, service providers’ infrastructure is being pushed to the brink. Instead of putting more firewalls inside the data centre (which they have not been able to do because people have all been at home), they have all turned to the cloud. We see a high uptake in cloud, in Microsoft services, Google services, collaboration services such as Teams and Webex, Zoom, etc.

Clients have also started to build up collaborative technologies; these need a high security posture and that’s where we come in, help them get deployed and run these decentralised postures.

All these have put a lot of strain on the IT and security departments.

How are the small enterprises, particularly those without an IT department, managing to cope with the current situation?

Mid-sized companies are starting to look for cloud-based providers and the traditional ones at cloud or managed services (which are turn-on service). Installation of equipment in the client’s premise is not required for turn-on service; these are not asset-based. A lot of companies are reviewing their budgets from hardware to subscription-based models, as these are affordable. Clients however will need to harden their security posture, but that is a business choice.

How about security spend.. has it gone up?

Security spend is on the rise, but users have started to look for cloud-based security products. The demand for traditional hardware security products has slipped; software by subscriptions is up.