Current cyber threat environment
As the economy and society move online and we become more sophisticated in our use of technology, technology becomes more sophisticated – but so too does crime.
Whenever there's a significant crisis, we find the volume of scam messages and cyber intrusions increase.
When people are anxious, there's an urgency - they want information – and they're more likely to click on a malicious email. It's a time when people aren’t always thinking properly.
Unfortunately, criminals take advantage of that vulnerability and they exploit people during these times. We often see coming up to Christmas and the festive season there are more scams out there.
In our recent conversation Abigail Bradshaw highlighted some of the most common threats in the cyber landscape.
Internet of Things (IoT) devices
The proliferation of Internet of Things (IoT) devices (think Alexa, Siri, your smart fridge). These devices are collecting data with applications to just about anything. Abigail explains this creates what we call an “increase in the threat surface” bad online actors can target.
“When you have an increase in the threat surface, there's far more opportunities for criminals and malicious cyber actors to prosecute,” Abigail says.
“And of course, that's been propelled forward by COVID-19, when so many people have been forced online to provide and obtain information or services, or just to continue their lives or work from home or do home schooling online,” she says.
Business email comprise
Cybercrime is the biggest threat to Australian small and medium-sized businesses. ACSC cybercrime reports submitted via ReportCyber last year recorded self-reported financial losses of more than $33 billion (AUD) in the 2020-21 financial year.
“We received 67,500 cybercrime reports - that's about one every eight minutes, says Abigail.
“This represents an increase of nearly 13 per cent from previous years.”
“As far as small and medium businesses go, we're concerned about the increase in what we call business email compromise.
We saw a massive increase in business email compromise last year, and the average amount of each one of those attacks was $54,000 (AUD). That can really wipe out a small business.”
The other major trend – one that has become a high profile global issue – has been ransomware.
“It's very bad when a ransomware attack hits a critical infrastructure provider. We've seen big attacks overseas in the United States hitting a meat manufacturer and a fuel line - it can be absolutely devastating if a ransomware attack impacts a small business and wipes out their customer records, their financial records,” Abigail says.
“Last year, we had 500 ransomware attacks reported to us in the extreme, an increase of 15 per cent compared to the previous financial year.”
Out of date software/devices
We’ve all become reliant on apps which acquire our data to obtain services and information. All of those apps have software which needs to be updated frequently. As the software on your phone or devices becomes out of date, people find bugs or loopholes or mistakes in the code that need to be corrected.
Abigail says in the past the ACSC team has observed cybercriminals prosecuting those weaknesses and vulnerabilities in software within weeks to months. Now that’s getting worse.
“In the last 12 months, we've noticed the criminals are really good at prosecuting those vulnerabilities within days and sometimes hours of there being a public disclosure. We've got a really big emphasis at the moment in encouraging businesses to have great patching practises,” she says.
“What that means is when you get that little message on your smart device that says there's an update ready, do you want an update now or later? Always say now. Always put the default to automatic updates and have your phone or your device plugged in and patch as quickly as you can.”