How Australia fared through the state of cybersecurity in 2017
FYI, this story is more than a year old
As the end of 2017 quickly approaches it means the implementation of the federal government’s Mandatory Data Breach Notification legislation will soon be in effect. With less than 90 days to go before 22 February 2018, time is certainly of the essence to make any changes to security setups to ensure companies’ networks and systems are secure. In order to do this effectively, it is crucial to look back on 2017 and learn from what impacted businesses the most in the cybersecurity environment.
When IT professionals around the world look back on 2017, WannaCry and NotPetya are two words that will accurately summarise the year. 2017 was the year of global ransomware attacks with over 400,000 machines infected by WannaCry. In addition, numerous other systems were affected by NotPetya crippling businesses across at least 65 countries.
It was also one of the first times IT professionals have seen organised cyber-crime syndicates operating like a business, supported by a small number of groups. Throughout the year, IT teams have seen a considerable rise in ransomware, malware, and phishing scams that pose a significant risk to organisations. If security professionals can be aware of the major threats from 2017, they could set themselves and their organisations off to a more secure 2018.
Ransomware can be debilitating to the financial health of a business and its reputation. From the year 2015 to 2016, researchers at Secureworks witnessed the number of ransomware variants swiftly rise from 90 to 200, an increase of 122%. This number has continued to increase in 2017 along with the number of victims being affected.
New ransomware variants can be broken down into three different types: well-designed, poorly-designed, and rebranded. Well-designed forms of ransomware are apparent in how they are distributed. This form of ransomware will be distributed through spam or exploit kits and often times will go through multiple release iterations.
Poorly-designed variants are generally distributed by low-skilled operators who are under-resourced. These forms can cause problems to businesses for the most part but won't distribute over a long period of time. Lastly, rebranded ransomware is generated through kits purchased from the dark web. Each individual variant might have a unique name or encrypted file, but in the end, it will function exactly like all the other variants from the same kit.
With the increase of organised cyber-crime groups, Australia has seen the increase of malware, specifically banking malware, which can target specific institutions with a specific purpose. Malware attacks can range from intrusive attacks against high-value targets to massive banking Trojan botnets which are distributed to the masses which offer hackers a good return on their investment.
Further research conducted has shown what many would expect - that online banking and money transfer sites were targeted. However, what might come as a surprise is that less obvious targets, such as payroll sites and superannuation accounts were also targeted.
Malware as-a-service is also something that drew attention throughout 2017. Less experienced hackers were able to purchase spam botnets off the dark web for as little as $265 AUD per million messages. This provided criminals with a low-risk point of entry, that could potentially pay off dividends for the hacker.
Similarly, mobile malware is turning out to be just as bad, with more people relying on mobile devices for banking and corporate emails. Malware can easily affect an android device and spread through unsuspecting victim’s networks. Whether the malware is being delivered through an SMS or an email, this year has seen an increase in malware related incidents and will continue to see the effect it takes in Australia.
Many cyber-criminal groups will use email as a method of delivering ransomware or malware to victims. By physically altering emails so that they appear to come from a trusted co-worker or boss it becomes substantially easier for hackers to trick people into clicking on a link that will inject malware or ransomware onto a personal or work computer. With many companies embracing a “Bring Your Own Device” to work plan, a compromised phone or laptop at home will ultimately lead to a compromised office network, which can have global repercussions.
Between 2015 and 2017, business email compromise and business email spoofing attacks raised 2,370% globally. It is expected that these sorts of attacks will continue to climb as we go into 2018 as the attack constitutes a low risk high reward payoff for criminals. Hackers are able to purchase mass email lists off the dark web for under $5AUD, meaning the reward, outweighs the risk significantly.
Bring on 2018
As 2017 comes to an end, it is important to understand that the cyber-criminal community is alive and thriving. Across the dark web, tools and people can be found in order to carry off a multitude of debilitating attacks. As criminals continue to evolve in their attack strategies, it is important to educate businesses on the inner workings of the various threats out there, so as to be better prepared for the future. Ransomware, malware, and phishing scams are only three tools that hackers are using to instil financial damage, and data breaches.
If we can eliminate these three attack variants, businesses will be safer and find themselves a lot less likely to be on the wrong side of the federal breach notification legislation when it comes to action this upcoming February.
 WannaCry Ransomware Statistics: The Numbers Behind the Outbreak
 'Petya' Ransomware Hits At Least 65 Countries; Microsoft Traces It To Tax Software
Article by Alex Tilley, senior security researcher CTU, Secureworks.