Story image

Australia a hot target for BEC scams, malicious URLs and malware

12 Sep 2017

More than a quarter of all business email compromise (BEC) scams around the world target Australia, putting the country at the top of the list in Trend Micro’s 2017 Midyear Security Roundup: The Cost of Compromise report.

Asia Pacific has been a heavy target for total attacks in the first half of this year. Out of 82 million ransomware attacks worldwide, 33.8% of those attacks targeted APAC.

The report also notes that 27.4% of all BEC attacks target Australia, making it one of the top threats that enterprises should look out for. Statistics from the US FBI put the total global losses attributed to BEC scams since 2013 have topped US$5.3 billion.

Globally, the top job title targets were CEO (41.8%), managing director/director (28.3%) and president (6.9%).

“The first half of 2017 undeniably saw cyberattacks becoming more diverse and sophisticated, with as many as 28 new ransomware families identified each month. Although businesses are more aware of the economic and reputational impact, cybercriminals are continuously evolving to outsmart enterprise,” comments Dr. Jon Oliver, senior security architect, Trend Micro.

Oliver says that evidence still points to vulnerabilities in IoT devices, such as routers. He says the WannaCry attacks demonstrate those vulnerabilities, as they affected speed cameras and red light cameras.

The company’s recent CLOUDSEC Sydney 2017 conference also found that 35% of attendees believed IoT is hyped and the risks are exaggerated.

“Enterprises need to prioritise funds for effective security upfront, as the cost of a breach is frequently more than a company’s budget can sustain,” comments Trend Micro CIO Max Cheng.

The report also highlighted that while there were 382 new vulnerabilities discovered in the first half of 2017, however the existing EternalBlue exploit took advantage of one major vulnerability (CVE-2017-0144), which spurred the WannaCry ransomware.

Australia also placed third for the highest number of malware detections in the first half of 2017, beaten only by the United States and Japan.

Most spam emails detected by Trend Micro contained malware.

Amongst the top five file types for spam attachments, .PDF files topped the list at 28.7 million worldwide, followed by .XLS (12.1 million), .JS (8.5 million), .WSF (5.1 million), and .DOCX (4.8 million.)

“Major cyberattacks against enterprises globally have continued to be a hot-button topic this year, and this trend is likely to continue through the remainder of 2017. It’s integral to the continued success of organisations to stop thinking of digital security as merely protecting information, but instead as an investment in the company’s future, brand and reputation,” Cheng concludes.

Avi Networks: Using visibility to build trust
Visibility, also referred to as observability, is a core tenet of modern application architectures for basic operation, not just for security.
Privacy: The real cost of “free” mobile apps
Sales of location targeted advertising, based on location data provided by apps, is set to reach $30 billion by 2020.
Myth-busting assumptions about identity governance - SailPoint
The identity governance space has evolved and matured over the past 10 years, changing with the world around it.
Forrester names Crowdstrike leader in incident response
The report provides an in-depth evaluation of the top 15 IR service providers across 11 criteria.
Slack doubles down on enterprise key management
EKM adds an extra layer of protection so customers can share conversations, files, and data while still meeting their own risk mitigation requirements.
Security professionals want to return fire – Venafi
Seventy-two percent of professionals surveyed believe nation-states have the right to ‘hack back’ cybercriminals.
Alcatraz AI to replace corporate badges with AI security
The Palo Alto-based startup supposedly leverages facial recognition, 3D sensing, and machine learning to enable secure access control.
Unencrypted Gearbest database leaves over 1.5mil shoppers’ records exposed
Depending on the countries and information requirements, the data could give hackers access to online government portals, banking apps, and health insurance records.