Story image

Australia a hot target for BEC scams, malicious URLs and malware

12 Sep 17

More than a quarter of all business email compromise (BEC) scams around the world target Australia, putting the country at the top of the list in Trend Micro’s 2017 Midyear Security Roundup: The Cost of Compromise report.

Asia Pacific has been a heavy target for total attacks in the first half of this year. Out of 82 million ransomware attacks worldwide, 33.8% of those attacks targeted APAC.

The report also notes that 27.4% of all BEC attacks target Australia, making it one of the top threats that enterprises should look out for. Statistics from the US FBI put the total global losses attributed to BEC scams since 2013 have topped US$5.3 billion.

Globally, the top job title targets were CEO (41.8%), managing director/director (28.3%) and president (6.9%).

“The first half of 2017 undeniably saw cyberattacks becoming more diverse and sophisticated, with as many as 28 new ransomware families identified each month. Although businesses are more aware of the economic and reputational impact, cybercriminals are continuously evolving to outsmart enterprise,” comments Dr. Jon Oliver, senior security architect, Trend Micro.

Oliver says that evidence still points to vulnerabilities in IoT devices, such as routers. He says the WannaCry attacks demonstrate those vulnerabilities, as they affected speed cameras and red light cameras.

The company’s recent CLOUDSEC Sydney 2017 conference also found that 35% of attendees believed IoT is hyped and the risks are exaggerated.

“Enterprises need to prioritise funds for effective security upfront, as the cost of a breach is frequently more than a company’s budget can sustain,” comments Trend Micro CIO Max Cheng.

The report also highlighted that while there were 382 new vulnerabilities discovered in the first half of 2017, however the existing EternalBlue exploit took advantage of one major vulnerability (CVE-2017-0144), which spurred the WannaCry ransomware.

Australia also placed third for the highest number of malware detections in the first half of 2017, beaten only by the United States and Japan.

Most spam emails detected by Trend Micro contained malware.

Amongst the top five file types for spam attachments, .PDF files topped the list at 28.7 million worldwide, followed by .XLS (12.1 million), .JS (8.5 million), .WSF (5.1 million), and .DOCX (4.8 million.)

“Major cyberattacks against enterprises globally have continued to be a hot-button topic this year, and this trend is likely to continue through the remainder of 2017. It’s integral to the continued success of organisations to stop thinking of digital security as merely protecting information, but instead as an investment in the company’s future, brand and reputation,” Cheng concludes.

Symantec releases neural network-integrated USB scanning station
Symantec Industrial Control System Protection Neural helps defend against USB-borne cyber attacks on operational technology.
Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.
Gartner names LogRhythm leader in SIEM solutions
Security teams increasingly need end-to-end SIEM solutions with native options for host- and network-level monitoring.
Cylance makes APIs available in endpoint detection offering
Extensive APIs enable security teams to more efficiently view, enrich, and contextualise real-time intelligence collected at the endpoint to keep systems secure.
SolarWinds adds SDN monitoring support to network management portfolio
SolarWinds announced a broad refresh to its network management portfolio, as well as key enhancements to the Orion Platform. 
JASK prepares for global rollout of their AI-powered ASOC platform
The JASK ASOC platform automates alert investigations, supposedly freeing the SOC analyst to do what machines can’t. 
Pitfalls to avoid when configuring cloud firewalls
Flexibility and granularity of security controls is good but can still represent a risk for new cloud adopters that don’t recognise some of the configuration pitfalls.
Securing hotel technology to protect customer information
Network security risks increase exponentially as hotels look to incorporate newer technologies to support a range of IoT devices, including smart door locks.