SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Story image
Australia primary target for cyber attacks
Tue, 12th Jul 2016
FYI, this story is more than a year old

Australia has been a primary target for a major ransomware infection over the past two months, according to findings from Trend Micro.

According to the security specialists, the April-May period saw more than 224,000 ransomware attacks, of which a majority was the result of the Angler Exploit Kit.

The high volume of exploit kit ransomware attacks in Australia, second only to Japan in the same period, is due to a ransomware infection vector move toward URL and Exploit Kits, Trend Micro says.

Around the world, more than 66 million ransomware-related threats have been detected/blocked by Trend Micro from January to May of this year, with almost 700,000 of those in Australia and more than 19,000 in New Zealand.

“With the growing threat of ransomware attacks specifically aimed at Australian organisations, we recommend that enterprises and small businesses are more vigilant than ever,” says Indi Siriniwasa, enterprise sales and channel director for Trend Micro Australia and New Zealand.

“The new ransomware families have sophisticated delivery and evasion techniques such as self-destructing after they successfully complete their routine. The best way to defend against this sophistication is to use a multilayered security approach,” she says.

“Australia has really been targeted by cybercriminals with this Angler Exploit Kit and it is Australian consumers that will suffer,” adds Tim Falinski, consumer director, Trend Micro Australia and New Zealand.

“Consumers should make themselves aware of the threats and ensure all their devices – from smartphones to PCs to connected smart devices – are protected,” he says.

According to Trend Micro, 64% of ransomware threats were seen at the email layer. This is due to ransomware being largely distributed via spam, either as a macro or JavaScript attachment, or via a clickable link in the message body.

The report found 34% of ransomware-related threats are blocked in the URL layer. These URLs are usually compromised sites, malvertisements, or landing pages that host exploit kits leading to ransomware. A very small percentage (2%) of ransomware-related threats are ransomware detections blocked at the file layer.                   

From January to May 2016, Trend Micro has so far seen 50 new ransomware families. Of these, 19 ransomware families arrived via spam, while six of these new ransomware families arrived via exploit kits. All of these new families still encrypt files and drop ransom notes.