Cyber Security - Threats
The Australian Government has defined cyber attack as a deliberate act through cyberspace to manipulate, disrupt, deny, degrade or destroy computers or networks, or the information resident on them, with the effect of seriously compromising national security, stability or economic prosperity. A recent global study has found that 80% of organisations agree that over the next three years, the proliferation of connected devices, the ‘Internet of Things’ and ‘Big Data’ will make them more vulnerable to a serious cyber-attack. Download the Infographic here.
The Government’s peak cyber agency, the Australian Cyber Security Centre (ACSC) released the 2016 Threat Report. The report highlights the growing prevalence and threat of cyber assaults across government, business and society. This will be one of the industry’s most influential and important reports that guide both private and public sectors on their decisions into cyber security. Download the Report here.
No organisation is immune from cyber-crime. While capital investment to build and implement a cyber security strategy may seem high, business leaders should consider the associated costs if a serious compromise occurs on their network. In the event of a network compromise, not only will organisations be faced with the cost of implementing these strategies to prevent further compromise, they will also incur both higher direct and indirect costs associated with remediation.
Threat to Government
Australian Government networks are regularly targeted by the full breadth of cyber adversaries. Attackers pose a threat to government-held information and provision of services through both targeted and inadvertent compromises of government networks with ransomware.
Attackers will continue to use low sophistication cyber capabilities – website defacement, the hack and release of personal or embarrassing information, DDoS activities and the hijacking of social media accounts – to generate attention and support for their cause. As such, issue-motivated groups pose only a limited threat to government networks, with possible effects including availability issues and embarrassment. Some attackers intend to cause more serious disruption and may be able to exploit poor security to have a greater impact.
Threat to Private Sector
Australian industry is persistently targeted by a broad range of malicious cyber activity, risking the profitability, competitiveness and reputation of local businesses. Activity ranges from online vandalism and cybercrime through to the theft of commercially sensitive intellectual property and negotiation strategies.
The ongoing theft of intellectual property from Australian companies continues to pose significant challenges to the future competitiveness of Australia’s economy. In particular, cyber espionage impedes Australia’s competitive advantage in exclusive and profitable areas of research and development – including intellectual property generated within our universities, public and private research firms and government sectors – and provides this advantage to foreign competitors.
Examples of Threats
Spear Phishing - Refers to emails containing a malicious link or file attachment. This remains a popular exploitation technique for many cyber adversaries, with methods used becoming more convincing and difficult to spot. As such, spear phishing emails continue to be a common exploitation technique used in the compromise of Australian industry networks. Attackers are targeting industry personnel in order to gain access to corporate networks; individuals with a large amount of personal or corporate information online make it easier for adversaries to target that individual or their organisation. Attackers also make use of publicly available industry information such as annual reports, shareholder updates and media releases to craft their spear phishing emails, and use sophisticated malware to evade detection.
Ransomware – Refers to a type of malware that prevents of limits users from accessing their systems. Ransomware encrypts the files on a computer (including network shared files and attached external storage devices) then directs the victim to a webpage with instructions on how to pay a ransom in bitcoin to unlock the files. The ransom demanded in Australia has typically ranged from anything up to tens of thousands of dollars.
Secondary targeting – Refers to cyber attackers attempting to gain access to enabling targets – targets of seemingly limited value but which share a trust relationship with a higher value target organisation. It is imperative that organisations understand that they might be targeted solely based on their connections with other organisations – the real target of these adversaries.
Keystroke Logging – Refers to the act of tracking and recording every keystroke entry made on a computer, often without the permission or knowledge of the user. Attackers deploy software or a hardware device on to target machines or networks. Each keystroke is recorded and re-routed to the attackers. Real-time alerts can be set up to enable attackers to receive instant updates on exactly what is being typed.
SQL Injection – Refers to a type of security exploit in which the attacker adds Structured Query Language (SQL) code to a web form input box to gain access to resources or make changes to data. An SQL query is a request for some action to be performed on a database. On a web form for user authentication, when a user enters their name and password into the text boxes provided for them, those values are inserted into a SELECT query. If the values entered are found as expected, the user is allowed access; if they aren't found, access is denied. However, most web forms have no mechanisms in place to block input other than names and passwords. Attackers can use the input boxes to send their own request to the database, which could allow them to download the entire database or interact with it in other illicit ways.
Bug Poaching – Refers to when an attacker breaks into a network and creates an analysis of the network’s private information and vulnerabilities. The attacker will then contact the corporation with evidence of the breach and demand ransom – similar to ransomware. Unlike a typical ransomware attack, once information is stolen, an attacker will extort the company for information on how their system was breached, rather than the stolen data itself.
Distributed Denial of Service (DDoS) – Refers to an attack in which a multitude of compromised systems attack a single target, thereby causing denial of service for users of the targeted system. The victim’s site struggles to address all traffic requests, which slows performance and eventually brings the site down. DDoS can act as a smokescreen for other threats.
Cross-Site Scripting – Refers to an attack which is carried out on web applications that accept input, but do not properly separate data and executable code before the input is delivered back to a user’s browser. An attacker loads malicious script via a webpage, which is then saved into a database. Valid site users then enter data into this database via webpage at which time a call back is made to the attacker with the relevant data requested.