Top cyber threats for Australia in 2020
COVID-19 scams, ransomware attacks, mobile adware and fleeceware, stalkerware and deepfakes were the top cyber threats that impacted Australian and global businesses in 2020.
This is according to new findings from Avast, the digital security and privacy products provider.
According to Avast, ransomware grew by 10% in Australia and 20% globally during the height of the pandemic in March and April, in comparison to January and February this year.
Some major Australian companies that unfortunately experienced ransomware attacks this year included, Australian aged-care provider Regis Healthcare, Australian transportation and logistics firm Toll Group, Australian beverage giant Lion, and Australian media monitoring company Isentia, among others.
Aside from ransomware attacks on businesses, phishing attacks were very widespread this year, Avast states.
While COVID-19 related phishing attacks surged in March, with 7.9% of phishing scams using themes related to the virus in that month, the impact on overall phishing numbers was small, with Avast’s data showing that less than 1% of global and Australian phishing attacks used COVID-19 as a theme throughout the year.
Australians also experienced an increase in Government impersonation phishing scams around tax and superannuation, and online shopping and package delivery phishing scams targeting people doing their Christmas shopping, Avast states.
Spyware and stalkerware
The Avast Threat Labs discovered a 51% increase in spyware and stalkerware globally from March through June, in comparison to the first two months of the year.
Across the year, Avast detected over 647,000 spyware and stalkerware attacks globally and over 6,200 in Australia.
However, out of all Android threats Avast detected in 2020, adware was the dominant malware globally, with a share of nearly 50% in Q1, over 27% in Q2 and 29% in Q3.
In Australia, over 18,500 users were attacked by adware on mobile this year, with Avast seeing peaks in February, April and May.
More deepfakes also appeared in 2020, including explicit deepfakes of TikTok users.
In a talk at Avast's Cybersec & AI, Connected virtual conference Professor Hany Farid of UC Berkeley noted that technology is evolving quickly, making it easier and easier for video and audio deepfakes to be created, and the rate at which deepfakes can spread is also increasing due to social media, creating challenges for security researchers around detecting them.
Cybercriminals in 2020
Avast security evangelist Luis Corrons says, “The past year has been defined by the COVID-19 virus affecting the entire world, including the cyberworld.
“Avast observed cybercriminals use the pandemic to their advantage, spreading scams and attacks to exploit people’s weaknesses during trying times. Ransomware attacks, in particular, continued to thrive this year, pitilessly attacking medical institutions with ransomware, like Maze.”
Corrons says, “With millions of workers around the world and in Australia using Remote Desktop Protocol (RDP) daily to remotely access their business network, this tool also became a strong cyber attack vector in 2020 and Avast monitored a rise in attacks specifically designed to exploit RDP in order to execute widespread ransomware attacks.
“Certain types of threats, including stalkerware, which is a growing category of malware with disturbing and dangerous implications, and adware, also flourished due to people being forced into lockdown and likely spending more time on their mobile devices.”
He says, “What’s alarming is that cybercriminals began to promote mobile adware and fleeceware more heavily to younger audiences via popular social platforms like YouTube, TikTok, and Instagram this year, just like regular marketers would, to increase the number of app downloads.”
Corrons says, “Looking back, the pandemic did not slow down cybercriminals, instead they seized the opportunity of people spending more time online to adapt old tricks to spread various types of fakes, scams, and to target major businesses with ransomware.
"While technology today is a great resource for us all to stay connected and keep up communications and work, people need to stay extra conscious and cautious about what they see online and verify things they come across before trusting news, apps, links, sales offers, and even video content, as they could be manipulated.”