Spear-phishing and ransomware are the most common cyber techniques used to exploit Australians, a new cybercrime threat report has revealed.
The Australian Cyber Security Centre’s 2016 Threat Report applauds a growing cybersecurity awareness, but says misinformation about the severity of incidents is causing confusion.
The report says Australia continues to be a target of sophisticated and persistent cyber espionage.
But spear-phishing and ransomware (see below for definitions) lead the ACSC’s list of emerging exploitation techniques.
In one example, a government staffer clicked on an Australia Post-themed email and unknowingly infected their workstation with CryptoLocker.
“It wasn’t until three months later that IT staff realised that thousands of files needed for legal proceedings, which were stored on a file server, had also been encrypted with ransomware,” the report states.
Because so much time had lapsed, the backups also contained encrypted copies of the files, and it was far too late to pay the ransom.
According to the report, ransoms typically range from $500 to $3000 in bitcoin, the untraceable digital currency.
The report details other discoveries of cybercriminal techniques:
- Last August, CERT Australia, the national computer emergency response team, discovered that the websites of various Canberra-based businesses were hosting an exploit kit redirect which is the first step in a process to compromise visitors
- Late last year a payroll system used by various Australian companies was compromised, with personal data of employees obtained. The perpetrator used the stolen information to lodge fraudulent tax returns.
Who’s in the firing line?
In terms of numbers, CERT Australia noted that:
- The energy and communications sectors had the highest number of compromised systems
- The banking and financial services and communications sectors had the highest incidence of DDoS (Distributed Denial of Service) activity; and
- The energy and mining/resources sectors had the highest number of malicious emails being received.
The problem with reporting
“Some companies may be hesitant to report incidents to the government due to concerns the disclosure may adversely affect their reputation or create legal or commercial liabilities,” the report found.
“For example, in some cases victim organisations have sought legal advice before reporting an incident. Many cybersecurity incidents across the private sector are undetected or unreported.”
The report says the term ‘cyber attack’ is routinely used in the media, academia and by foreign governments to describe the gamut of malicious activity including common occurrences such as Distributed Denial of Service (DDoS), website defacement, spear phishing, social media hijacking, cybercrime, and the theft of personal data.
“The broad adoption of the term has seen it often used in a sensationalist way – similar to ‘cyber war’, ‘cyber terrorism’ and ‘cyber weapons’ – with the term ‘attack’ generating an emotive response and a disproportionate sense of threat.”
What exactly does it all mean?
Put simply, phishing is the practice of sending email to users with the purpose of tricking them into clicking on a link or revealing personal information.
“It’s like a fisherman casting a wide net to see what he can catch,” MailGuard CTO Jason Pearce explains.
Spear phishing is similar, but targets a select group of people. It might be employees of a specific company, customers of that company, or a specific person.
When somebody accidentally clicks a file containing ransomware, in can encrypt (convert to unrecognisable code) the files on their computer – and possibly the entire network. The victim or business can then be held to ransom, with a hefty fee usually demanded in exchange for a decryption key for recovery of the files.
ümlaut it is a partner of Mailguard, the world’s largest privately-held cloud email and web security provider, MailGuard delivers a full suite of security solutions across email and web to protect your business before threats reach your environment. MailGuard is consistently between 2 hours and 48 hours ahead of the market in preventing fast breaking attacks.
Contact us today to find out how to secure your business now !