This month in security: March 2020
Australian organisations take longer to resolve breaches and spend more to address them than their global counterparts
Cisco’s 2019 Asia Pacific CISO Benchmark Study revealed that 69% of Australian organisations receive over 100,000 security alerts every day, almost four times the global average.
Australian organisations have traditionally been slow to adopt security automation, costing them more time and money to resolve data breaches than their global counterparts. Cyber fatigue (defined as “having virtually given up trying to stay ahead of malicious threats and bad actors”) is already a serious problem, and as cyber threats become increasingly global, the risks facing Australian companies are getting bigger every day. Fighting off constant external attacks is hard enough, but internal IT issues at these companies are making matters worse. Under-resourced and time-poor, many cyber leads are already snowed in with day-to-day admin tasks like managing employee access to apps and company data.
While diving straight into cybersecurity automation may not be feasible for your business, taking a Zero Trust approach can really help counter the risk of human error, which is how 90% of all breaches happen in the first place. The right cyber training for employees and senior leadership is a particularly powerful tool and can offset many cyber risks at a relatively low cost. Getting senior leadership on board is key: they need to understand the magnitude of the risk the company is exposed to and get behind a robust cyber resilience strategy to weather crises like the current coronavirus pandemic.
Remote workers using free video conferencing platforms accidentally open their doors to trolls and hackers
Due to the open share features on free versions of some web-conferencing platforms, attackers have been able to gatecrash video conference meetings and harass other users.
Video conferencing platforms have quickly become the meeting venue of choice for post-Covid-19 remote workers as more and more work transitions to online channels. But the default settings of some of the most popular services are configured with the expectation of trust between participants, which has led to trolls and hackers having a field day.
Overnight, you’ve got senior executives and entire organisations using video conferencing software for the first time, sharing and sending sensitive data. It’s no surprise that this coincides with an increase of credential harvesting style emails targeting cloud services. You have a lot of staff working with unfamiliar systems, looking for emails with links to gain access to systems. This is the perfect storm for a hacker looking to take advantage of disruption. Anyone using video conferencing applications in your organisation needs to be fully aware of its security settings and have them set up accordingly.
But the risk doesn’t end there: the file transfer feature on some applications are switched on by default, and could potentially be an entry point for malware. Since it looks like working from home is going to be the new normal for quite some time, it might be a good idea to educate your team on how to use video conferencing applications safely and securely.
Hackers using Coronavirus fears to hijack routers and spread malware
Scammers are becoming more creative in how they exploit the COVID-19 panic, with at least 1,193 victims having been targeted by router DNS hijacking attacks over just a few days.
Taking advantage of the COVID-19 situation, attackers have been browsing the internet for vulnerable routers to hijack. When they find one, they change its DNS IP settings to redirect their victims to fake sites that display a message pretending to be from the World Health Organization (WHO) or other health authority. The seemingly-legitimate site tells users to install an app for further coronavirus information via a “download” button. If an unsuspecting user downloads the app, they’re immediately infected with information-stealing Oski malware, a relatively new infostealer that extracts browser credentials, user logins and passwords. This sort of attack illustrates how your risk surface can extend to IoT devices you may not have considered as possible points of entry, and why IoT security is a big deal.
Australian logistics company Henning Harders becomes the latest ransomware victim
The logistics provider was attacked by ransomware group Maze in mid-March. The attackers have already published 6.5GB of the company’s commercial data.
In an undated online post on its website, Henning Harders confirmed that it had detected an “organised attack” on its IT systems and notified some customers that commercial data may have been accessed. We’ve talked before about how attackers are turning to ransomware attacks to score bigger paydays, and if companies don’t wake up soon, they can easily find themselves becoming the next victims.
Australia’s cybersecurity ranking is improving, but we still have a long way to go
A new cybersecurity report may have placed Australia as the world’s 15th most-secure country globally, but data breaches and attacks are hitting record highs while many Aussie business leaders continue to ignore cybersecurity concerns.
Australia shot up by 12 positions in the latest global rankings, according to Information Age, which evaluated 76 countries’ cyber vulnerabilities. Despite the improvement, there are still glaring systemic deficiencies in our cyber-readiness, and Australian businesses by and large are still taking a dismissive ‘she’ll be alright’ attitude to their digital security. This attitude needs to change, and fast. Basic antivirus software and firewalls are no longer enough. Given the increasing sophistication of cyberattacks, companies need to be able to deal with network intrusions and advanced persistent threats. Cyber resilience measures like backups, incident response planning, cloud security and comprehensive staff awareness training are no longer just ‘good to have’s - they are business essentials.
Russian hackers turn their attention to Australian banks
According to the Australian Cyber Security Centre (ACSC), the Russian ransomware attackers known as Silence has been threatening to launch denial-of-service (DoS) attacks against Australian banks.
While the lax attitude of Australian organisations when it comes to cybersecurity is no secret, Aussie banks seem to have caught the eye of the Russian ransomware group known as Silence. Silence first emerged in Russia in 2016, and is believed to have stolen more than AUD $6.41 million from banks across Russia, Europe, Latin America, Africa, and Asia.
"The ACSC is aware of a number of DoS for ransom threats being made against Australian organisations, primarily in the banking and finance sector," the ACSC stated on February 25th, 2020. While the ACSC has been "unable to verify" the threat, it has advised financial institutions to stay prepared for any DoS attack.
DoS attacks can be difficult to stop once they occur, but there are some steps that can help. These can include blocking the offending IP address(es), temporarily transferring online services to the cloud, or bringing on board a specialist DoS attack mitigation service.