The Australian Cyber Security Centre (ACSC) published its 2017 threat report in October, detailing some of the key cybercrime threats to the Australian community.
The report predicts that cybercrime will become increasingly prevalent due to the large profits generated combined with a low risk of identification and prosecution, as well as increasing cybercrime expertise that is being adapted to target specific businesses and industries.
We investigate some of the key cybercrime challenges identified in the ACSC 2017 report.
Ransomware is one of the most prevalent, financially motivated cybercrime threats worldwide, and continues to be a persistent threat to Australia. The primary purpose of ransomware is direct revenue generation; it blocks access to, or encrypts, a victim’s data, demanding a ransom be paid to restore access. Ransom payments are typically demanded in bitcoin due to the anonymity it allows. Ransom amounts vary, but often begin at under A$1000 for individuals. Higher ransom amounts are demanded from businesses, with the amounts specifically designed to be affordable based on the size of the business.
Some cybercriminals have expanded their operations to a pseudo-franchise model, dubbed ransomware-as-a-service (RaaS). RaaS provides entry to the ransomware market for anyone willing to pay, regardless of technical capability. RaaS developers write ransomware, build the infrastructure required to run a campaign and sell it through darknet markets. Purchasers are generally provided access to a darknet-based dashboard which provides a range of capabilities such as tracking of successful infections and ransoms paid.
Credential-harvesting malware poses an increasing threat to Australian networks, in particular to the financial sector, by stealing credentials, such as login details, from the targeted network’s systems. The ACSC predicts that credential-harvesting malware designed for smartphones will likely increase due to the amount of information stored on these devices, and their increased use for activities such as online banking and purchases.
Social engineering provides a way to bypass security protocols that cybercriminals may not be able to overcome via technical means. Cybercriminals use social engineering techniques to manipulate human trust and elicit information in support of network exploitation efforts.
Social engineering can range from broad phishing emails, through to targeted phishing emails, to individually tailored communications. Some of the most sophisticated social engineering involves simultaneous approaches through different communications platforms, including phone calls.
Social media is one popular method used by cybercriminals to obtain personal information to target victims.
Threats associated with outsourcing and supply chain
Sophisticated cyber activity against third-party vendors that provide services to a company has increased, as it has become more difficult for cybercriminals to directly compromise their targets.
Personally identifiable information
Malicious cybercriminals continue to seek access to repositories of large amounts of personally identifiable information (PII). Government and commercial bulk data repositories provide a single point of storage for valuable information on large numbers of Australians. Criminals regularly seek to acquire PII to commit financial crimes and identity theft. Basic information, such as name, birth date and address, is often enough for criminals to impersonate victims. Cybercriminals may also try to extort money from organisations and individuals by threatening to release PII.
Malicious use of leaked tools
The public release of computer network exploitation (CNE) tools by criminal groups improves the capabilities of malicious cyber adversaries.
Australian routers have been targeted by cybercriminals. Automated scanning identifies vulnerable routers, with the subsequent extraction of configuration files. A configuration file is data that stores various settings, including security settings and passwords. Accessing a router’s configuration file may ultimately allow a cybercriminal to modify the router settings, enabling control of internet communications on that device.
Distributed Denial of Service threats
A distributed denial-of-service (DDoS) attack is an attack in which multiple compromised computer systems attack a target, such as a server or website forcing it to potentially crash and shut down, thereby denying service to legitimate users. The ACSC predicts that DDoS activity will remain a threat to internet-connected systems for the foreseeable future.
Internet of Things (IoT)
An increasing number of consumer devices are now being developed with the capability to connect to the internet to receive instructions and transmit data back to online services and personal applications. Referred to as the Internet of Things (IoT), these devices range from simple sensors and CCTV cameras to whitegoods, lightbulbs, medical aids, household devices, and internet facing industrial control systems. Security in these devices is not always a top priority during the design process. A lack of standardisation and the absence of any agreed security baseline means the proliferation of these devices is introducing potential for significant security risks.
Cybercrime remains a pervasive threat to Australia’s national and economic prosperity. Cybercriminals have become more sophisticated and targeted in conducting their activities, utilising methods such as social engineering to bypass security protocols. Cybercrime will continue to be an attractive option for criminals due to the low risks involved and the potential for high profits.
Nyman Gibson Miralis provides expert advice and representation in complex international cybercrime investigations. Our expertise includes dealing with malware, phishing and computer hacking offences, bootlegging and tripping, Bitcoin and crypto-currency fraud, as well as offences relating to identity theft, spreading computer viruses and DDoS attacks.
Contact us if you require assistance.