Cyber security watchdog warns mid-size enterprise at high risk of attack – Prevention better than Cure

Hackers are now increasingly targeting attacks at small to mid-range enterprises.

Why? Because it’s easy, and it gives cyber-criminals a better chance of infiltrating other bigger networks – including those of your clients – using your circle of trust.

That’s just one of the findings released in the latest Australian Cyber Security Centre (ACSC) threat report this month, which also states no organisation is too small, or too insignificant, to be immune to a cyber-criminal attack.

Unfortunately, according to ACSC, most of these criminal incursions succeed because the majority of companies haven’t incorporated basic cyber security precautions into their daily operations, believing it won’t happen to them.

“If you are relying on threat intelligence to respond to threats already discovered, it is too late for you and your organisation,’’ the ACSC report reads.

“In cyber security, prevention is always better than a cure.’’

Recorded attacks range in severity from vandalism, to corporate espionage, to distributed-denial-of-service (DDoS) attacks – all of which can potentially destroy smaller corporations.

By the time most cyber intrusions are discovered (sometimes months, or even years after malware is planted), the damage has already been done.

ACSC says in the last financial year alone Australia’s Computer Emergency Response Team (CERT) responded to almost 15,000 cyber security incidents against Australian businesses. It admits, however, that those figures are likely just the tip of the iceberg with most cyber-crime still unreported.

How does it happen?

Without appropriate security, every time your employees click on a website or open an email, you’re at risk. ACSC reports the most common incursions are through increasingly sophisticated Spear Phishing emails (malware-carrying communications from an apparent trusted source), and web seeding techniques (compromised reputable websites).

What does a compromise look like?

• The attacker gains an initial foothold through an innocent mouse click which causes a payload to be dropped on to your network. These days, it’s typically a low-level beacon that can reach out to a command and control server for further instructions. It might lead to the installation of keystroke loggers, encryption of your files, or exfiltration of data like emails and written documents.
• Very often, one of the first steps is to build new backdoors into your network to ensure ongoing access for the attacker if the first point of entry is discovered.
• Once the attacker is inside your network, they study it.
• They steal legitimate user credentials to gain administrative access.
• They execute their intent which could be anything from corporate espionage to using you and your circle of trust to gain access to a bigger organisation. That’s exactly what happened to Target in the US in 2013 when an airconditioning contractor’s credentials were used to commit a massive data breach.

What does it mean to you?

The repercussions are many and varied and can include:

• Lost productivity
• Intellectually property theft
• Brand damage
• Loss-of-service
• Massive expense both to fix the problem, and to prevent a repeat
• The potential destruction of your company

How can Computer One help?

We can put in place proactive security measures. These are actions that can defeat almost every kind of attack before it is launched. And they’re surprisingly simple.

First, we start with a risk assessment, to determine the level of your exposure and map out your company’s “attack surface”. Then, as recommended by the Australian Signals Directorate, we will roll out the four main breach mitigation strategies which immediately reduces your security risk by 85 per cent.

These are:

1. Application whitelisting: We lock down your network and stop any unapproved application from executing.
2. Patch applications: We apply security patches to known program flaws and plug any potential criminal incursion points.
3. Patch Operating System: We ensure your operating system is completely up-to-date and secured against known manipulations.
4. Minimise administrative privileges: We block anyone who doesn’t truly need power over your network from executing changes.

We can also add an extra layer of protection over your company by configuring Cisco Umbrella (formerly known as Open DNS). It’s a lightweight filter at a fundamental layer of communication that can ensure internet traffic is blocked from travelling to known bad IP addresses. Owned by Cisco, OpenDNS has a vast database of IP addresses and threat intelligence at its disposal and can quickly identify traffic that is caused by malware or other bad actors.

And of course, if your risk assessment determines a greater level of cover is needed, we can then tailor a package to suit the individual requirements of your company.

Prevention is the new battleground

There’s a good living to be made as a hacker these days. Whether it’s recruiting IoT devices for a DDoS attack, ransoming back encrypted emails, or acting for a third party under a semi-formal contract to infiltrate commercial networks, the rewards that are available mean that more research, development and training to compromise your network and others’ is happening every day.

Unfortunately, that means that attack frequency and ingenuity is only going to rise for mid-size enterprises. Proactively addressing the risks is the only way to stay in front.

2021 Update: OAIC Notifiable Data Breach Scheme

In force since the 22nd of February 2018, the Notifiable Data Breach (NDB) scheme requires any organisation or agency regulated by the Privacy Act 1988 to notify the Office of the Australian Information Commissioner (OAIC) and affected individuals of data breaches that are likely to result in serious harm to those involved.

Failure to comply with the requirements of the scheme may incur fines up to 2.1 million AUD.

The purpose of the NDB scheme is to combat the underreporting of cyberattacks, ensure transparency, and protect individuals or companies that may be affected by breaches. Additionally, the reports regularly published by the OAIC may help organisations regulated by the Privacy Act improve their defences.

Since the introduction of the NDB scheme, the OAIC has published Notifiable Data Breach reports on a semi-annual basis, covering data breach statistics and cybersecurity trends among reporting organisations.

Ransomware Evolves Into Data Exfiltration

As far as the most recent developments in cyberattacks are concerned, ransomware has seen a particular upsurge – both qualitatively and quantitively (that is, in terms of ransom demands).

When it comes to “qualitative” evolution, ransomware developers – beginning with the Maze group – started employing data exfiltration. Classical ransomware encrypts data on the affected computer and demands payment to restore access. Today, some ransomware groups steal data from organisations and threaten to publish it unless a ransom is paid.

As for “quantitative” progress, 2020 saw a serious increase in ransom payments. According to ZDNet, the highest attempted ransom demand in 2020 was 30 million USD – double the previous record of 15 million attempted in earlier years. On average, organisations across North America and Europe paid 312,493 USD in ransoms in 2020 – nearly three times more than in 2019.

It didn’t take very long for the 30-million record to be broken. In March 2021, computer giant Acer was hit by a REvil attack, with threat actors demanding 50 million USD – the largest known ransom to date.