Australia a popular target for ransomware attacks

Cyber criminals are finding rich pickings in Australia with ransomware variants according to security experts.

Late last year, the Websense ThreatSeeker network detected 1.05 million instances of the ransomware CryptoLocker attacks globally with 60 per cent of attacks detected in Australia.

Websense Australia and New Zealand engineering manager Bradley Anstis said Australia was being targeted because the attacks were financially successful.

“The low Australian dollar is not helping and there has also been an increase in attacks sent within country. If someone sends a cyber crime attack from within Australia, they are a lot more likely to be successful and trusted than from overseas.”

For example, in 2013, attacks against Australian websites from within Australia were 1.75 per cent. In 2014, 15.47 per cent of attacks were from within Australia, said Anstis.

The latest targeted email has been designed to come from the Australian Federal Police (AFP).

In April this year, the AFP warned the public of an email scam circulating throughout Australia and internationally that requests payment for a bogus traffic infringement notice.

The scam email asks the recipient to pay an ‘AFP fine’ of approximately $150. If links within the message are clicked, the recipient’s computer is infected with malware which renders it inoperable.

At that point ransomware is activated where the recipient is asked to pay thousands of dollars to reactivate their computer.

“The main problem in Australia is that there is generally low level of security awareness. It’s a shame because the Australian Signals Directorate [ASD] has published a list of top mitigation strategies,” Anstis said.

The top four strategies are: application whitelisting, patching systems, restricting administrative privileges and creating a defence-in-depth system.

He recommended that businesses deploy these mitigation strategies to avoid ransomware.

According to Dell Software Australia and New Zealand managing director Ian Hodge, phishing attacks still remain one of the most successful forms of cyber crime.

“It works because people believe that “it won’t happen to me” or think they can easily spot spam mail. But cyber criminals are getting smarter and use official looking templates to hook businesses and individuals into clicking an infected link, document or download. One of the ways in which we can combat this threat is through awareness and educating staff, as well as consumers, as how to identify and report this activity,” he said.

For example, businesses need to ensure their staff understand and can identify cyber-threats, whether it is on email, online or social platforms.

“By being alert to the threats, businesses can notify their customers of attacks, such as fake email scams, before their brand reputation is damaged. Education is a vital part of any businesses multi-layer security and is one of the best ways to safeguard the company and your customers against phishing attacks.”

He said that proper staff education is especially important for companies who have or are thinking about implementing a bring your own device (BYOD) policy.

“Australian businesses need to ensure they have an effective policy in place to help protect their own data as the blurring of the lines between work and play become more pronounced and the risk of data breaches increase,” he said.

“Businesses need to be constantly vigilant and aware of threats, and how they might impact their business. There is no silver bullet solution or piece of software that will solve all problems. It is only by ensuring you take a holistic view to security that threats can be reduced. This comprises of having the right people, policies, software and hardware in place to ensure your organisation and your customers are as safe as possible.”

Hodge added that businesses should look at deploying next generation firewalls as they provide malware protection to companies by examining every bit of each file in the packets of every session at multi-gigabit speeds.

“It would enable IT administrators to know exactly what is coming in and out of the network, as well as block any malicious files trying to ‘phone home’ to install the destructive executable files,” he said.

Follow Hamish Barwick on Twitter: @HamishBarwick

Follow Computerworld Australia on Twitter: @ComputerworldAU, or take part in the Computerworld conversation on LinkedIn: Computerworld Australia

Copyright © 2015 IDG Communications, Inc.

How to supercharge Slack with ‘action’ apps
Shop Tech Products at Amazon