Security report: Know the cyber criminals’ weapons of choice
Cyber security is firmly established on company leadership agendas after a year when some of the largest data breaches in history were disclosed. Yet even as the awareness of cybercrime penetrates into everyday life, its nature evolves.
The growing scale of cyber crime
Cybercrime is a lucrative business according to Berin Lautenbach, Telstra’s Asia Pacific Chief Information Security Officer. “Some industry sources estimate cybercrime damages will cost the world a staggering US$6 trillion dollars annually by 2021, up from US$3 trillion on in 2015.”
TM Ching, Security Chief Technologist, ANZ at DXC Technology, said that in the first 3 months of 2018, DXC Technology responded to more security incidents than the whole of last year. Telstra’s own research found that 60 per cent of Australian respondents report that their business has been interrupted due to a security breach in the past year.
Attackers’ methods will depend on their motives. Some want to conduct short, public attacks, while those attempting to steal intellectual property try staying undetected within a system for as long as possible.
One of the main tactics for monetising breaches is crypto-locking. Crypto-locking and ransomware, the malicious software that enables it, can have a huge impact on businesses of all sizes. “There are small businesses which have had to close because their data has been held hostage,” Berin said.
Crypto-locking is evolving too. “It started out as stopping organisations accessing their data. Now it is moving into disrupting systems. For example, the attack might be to attempt to stop a utilities company from running their supply operations,” Berin explained.
Email threats and phishing
Berin says that email continues to be one of the major attack vectors. “Malicious emails were the weapon of choice in 2017. To execute a successful email-based attack, the attacker doesn’t have to rely on vulnerabilities but simple deception of the victim into volunteering their personal and company related information. The better the deception, the higher the chances of the victim sharing valuable data.”
Phishing can be used to gain access to corporate networks, with employees deceived so that attackers are able to bypass security parameters, distribute malware in targeted environments or even gain access to highly confidential information.
In Australia, the number of attacks via phishing and malicious emails is steadily rising. Among the subset of organisations (those that have been interrupted due to a security breach), Telstra research found that 11 percent of Australian enterprises reported incidents on a weekly basis in 2017, with 25 percent reporting incidents on a monthly basis.
Business email compromise
Not all attacks require malware. Criminals are increasingly using social engineering to hijack accounts and trick organisations into wiring large amounts of money into their accounts. These Business Email Compromise (BEC) attacks are among the highest security risks for IT departments in Australia with nearly a quarter of respondents surveyed for the 2018 Telstra Security Report saying their business has been targeted at least once a month. Government figures suggest BEC attacks cost Australian businesses more than $20 million in 2016.
According to DXC Technology’s TM Ching, BEC attacks can in part be attributed to the growing use of Software-as-a-Service cloud services. “At least half of the breaches we dealt with in the first three months of 2018 were linked to cloud services. In one example, attackers had succeeded in setting up a ‘copy/redirect’ process so they could receive every email sent to, and by, the company’s CEO”.
Anticipating and responding to new vectors
“Even if an organisation has the best tools for detection and prevention, eventually, a motivated attacker will find their way into its network, either via social engineering techniques and/or a zero-day exploit, for which there is no signature available for detection,” said Vinod Muniyappa head of Infosys’s security practice.
TM agrees that the days of prevention are over. “It’s statistically likely that organisations will suffer a breach. Every business should establish good incident response capabilities and consider how to mitigate the financial effect of attacks. That is one reason why DXC Technology is starting to offer is starting to offer cyber security insurance business support for our insurance clients.”
Berin agrees that business continuity arrangements are vital. “Make sure you have backups. Businesses can go out of business after cyber attacks if they don’t have offsite backups that enable them to access their data.”
In addition to business continuity and incident response, Telstra’s 2018 report includes several other best practices such as regular reviews of your ICT architecture, implementation of multi-layered defences, and education and training programs for staff.
To read more about security best practice, visit the Telstra website.