PHISHING ATTACKS ON THE RISE IN AUSTRALIA AMIDST COVID-19
Phishing attacks were listed at an all-time high for Australian businesses according to the latest data from the Office of the Australian Information Commissioner. Generally speaking, a phishing attack is listed as malicious cybersecurity attack and has been costing businesses billions globally.
Phishing attacks involve a 'threat actor' pretending to be someone senior in an organisation, and requesting a colleague transfer them across money or ‘secret' company information. Phishing is also a huge concern; many people don't question the 'from' field in the emails, even though there is no reason to trust the 'from' field.
Even if a company has a sophisticated email strategy, some phishing emails will always make it to the inbox.
A recent 6 month Notifiable Data Breaches Report from July to December 2019 states that reported cyber-attacks are up 19% in 2019 compared to the same time as 2018.
“Based off our experience with customers in public and private organisations in Melbourne, Sydney and Brisbane, we’re expecting phishing attacks to intensify this year as organisations move their staff into remote working environments, and more devices are used to access the company networks. This often involves an attackers sending a convincing email, pretending to be the CEO, CFO, or external vendor, and requesting a bank transfer or confidential information," comments Chief Executive Officer of Loop Secure, Patrick Butler.
The team at Loop Secure partner with the most elite of cybersecurity technologies, including CrowdStrike, to develop solutions that are ahead of market and ensure customer vulnerabilities are mitigated before they even arise.
Based off previous experience, the team at Loop predict that 2020 will see attackers to play off the recent COVID-19 epidemic or Australian bushfires threats and producing smaller, targeted and sophisticated campaigns to send malware through email, rather than rely on the high-volume, 'spray and pray'' techniques.
To combat this, it’s important to invest in technology that can detect and classify these phishing attacks by analysing the reputation of the email sender automatically rather than just focusing on training end users.
"Training will only take you so far. When someone in the HR department receives an email from a job applicant with a CV, they will most likely open this file. They are simply doing their job and through doing so, can put an organisation at risk. And if those staff are remote working, they don’t have an easy way to verify this threat by simply walking over to the IT staff inside the office," Butler says.
"Good detection systems are important but often will pick up the issue only after the fact. That leaves proactive protection. A good, all-encompassing cyber security infrastructure that takes into account training, procedures, systems patching and systems hardening is a smart move, although it’s not as good as advanced protection delivered through security monitoring solutions and end-point assessment tooling,” said Butler.
The two other major threats to corporations around Australia are commercial social media and password protection. With attackers piggybacking off corporate social media accounts, attackers can create fake social media accounts and reach out to customers that are seeking support. This way they can gain customer login details, identity information and financial data.
Password breaches are another major common threat with employees and consumers needing to be aware that using unique passwords is key to preventing major cybersecurity breaches.
If one employee is hacked, sophisticated hackers may then have the ability to hack their employers’ systems and gain access to confidential data and potentially funds. A new metric that the team at CrowdStrike are tracking is ‘breakout time’ which that measures the speed with which adversaries accomplish lateral movement in the victim environment after their initial compromise. Breakout time is important because it represents the time limit for defenders to respond to and contain or remediate an intrusion before it spreads widely in their environment and leads to a major breach.
“If an individual's bank account is hacked, generally there is a limit in the amount of money that can be transferred out of their account. Business accounts don't tend to have the same limits, so large amounts of cash or data can be stolen, which makes it crucial to understand an organization’s individual ‘break out’ time and how quickly we can respond to that intrusion,” concludes Butler.
Join us at our upcoming webinar on “The Critical Role of Endpoint Detection & Response for your Remote Workers” on Tuesday the 21st of April 2020 at 12.30pm