Three everyday cyber threats facing Australian businesses
Cyber threats against organisations of all sizes increased dramatically in 2020 and are expected to continue into 2021. Here are three types of common cyber security threats facing businesses in Australia.
What is malware? Malware is malicious software designed to cause harm to a user’s device or organisation’s IT infrastructure and data. There are different types of malware, including viruses, spyware, keylogging, trojans, worms, etc.
It gains access to your devices or business network via a variety of routes and is generally after sensitive information, such as credit card details, customer details, bank accounts, passwords, etc.
Why is malware used? It’s typically used for financial profit, but it can also be used for other motives such as:
- Other serious crimes
- Businesses working with staff or 3rd parties who connect remotely, need to be aware that BYOD and unmanaged devices were increasingly targeted in 2020. These devices are more exposed and can put your business’s data at significant risk.
In this post we hope to help you to understand
The most common type of threats facing your business
How these threats target your business
What these cyber threats can do to your business
How to protect your business against common cyber threats
Who uses malware?
Malware can be created and deployed from anywhere in the world today, against any person or organisation. Malware tools range in complexity and are becoming more readily available on the dark web, to the point where cyber criminals are able to subscribe to a (MaaS) Malware As A Service which provides a botnet that distributes malware for them.
How to protect against malware
- Automatically update your operating system.
- Automatically update your software applications.
- Regularly backup your business’ data.
- Keep your business antivirus up to date.
- Train staff not to open suspicious emails.
- Train staff not to open suspicious links in texts, social media or online.
What is phishing? Phishing attacks usually come in the form of emails and are built to look like authentic correspondence from a business or person you may know or trust. Their aim is to get you to open a link or download an attachment in order to either install a piece of malware on your device or to request sensitive information such as bank account details. Modern phishing attacks have become very sophisticated and are more difficult to identify without the correct software.
Phishing is a numbers game. Phishing emails are usually sent to thousands of people in the hope that a small percentage will fall victim. Scammers can net significant sums of money through this method. A few common types of phishing include:
- Phishing (low sophistication, many targets)
Usually general emails with obvious warning signs, sent to thousands of targets
- Spear Phishing (high sophistication, less targets)
Fraudulent and sophisticated messages sent to a specific individual, usually the business owner, receptionist or finance and payroll manager
- Whaling (high sophistication, less and high value targets)
Spear phishing aimed at very big fish like CEOs
How are phishing attacks delivered?
Modern phishing attacks are no longer purely delivered via email. Other methods used include SMS, Instant messaging and social media.
Be cautious of:
- Requests for money, especially if urgent or overdue
- Bank account changes of suppliers
- Requests to check or confirm login credentials
What is ransomware? Ransomware is a specific type of malware that can lock down your business network, computers, files and/or entire IT infrastructure, until a ransom is paid. Ransomware attacks are typically carried out via a malicious but legitimate looking email link or attachment. When downloaded or opened, most ransomware encrypts a user’s files, then demands a ransom to restore access – typically payable using cryptocurrency, like Bitcoin.
Case Study: Lion
On June 9, Australian beverage giant Lion announced it had fallen victim to a cyberattack that forced the company to shut down its IT systems, limiting its manufacturing and order placement.
The attackers threatened to publish or auction confidential company information unless a ransom of $1 million was paid. Proof of stolen confidential files were posted on the dark web along with a ransom note:
“You have 5 days to contact us and pay, otherwise all your financial, personal information your clients and other important confidential (sic) documents will be published or put up for auction,” the attackers said.
A common method used to target Australian businesses in 2020 was for cyber criminals to use a combination of Emotet or Trickbot malware (spread via phishing emails) to gain access into a business network and then deploy Ryuk ransomware.
The Australian Cyber Security Centre rates ransomware as one of the greatest threats facing Australian businesses because:
- It requires minimal technical expertise
- Is low cost to the cyber criminal
- A large percentage of small to medium sized businesses are not sufficiently educated or trained to prevent these attacks.
- Ransomware can result in significant damage and financial loss to an organisation.
How to prevent and recover from Ransomware attacks.
- Update operating systems
- Update software
- Keep your corporate antivirus software updated
- Have an operational data backup strategy
Never pay a ransom. You are not guaranteed to regain access and may be vulnerable to future attacks.
Save money and prevent common cyber attacks
One of the most effective prevention strategies against cyber crime is using the services of a managed security service provider. At 9spheres Technologies, our clients can get on with business knowing that their IT infrastructure is constantly being monitored and maintained by a certified team of experts. Professionals who are up to date with the latest threats and response measures. We can put together a security plan and data backup and recovery plan that best suits your business needs and budget.
We’ve been helping businesses in and around Brisbane stay secure since 2009. Chat to us about your needs and we can work out a solution with you. Book a free consultation with us here.
Enjoy our blog?
Feel free to read more of our high quality, technical articles to improve your IT knowledge.