Search

SMEs and the Rising Tide of Ransomware and Targeted Cyber Attacks

In Australia, small and medium-sized businesses (SMBs) are increasingly finding themselves in the crosshairs of cybercriminals. These threats arising are not random but calculated and specific. Cybercriminals are honing their tactics to exploit vulnerabilities within businesses that often lack the cyber resilience of more giant corporations.

The OpenText Cybersecurity Global Ransom Survey revealed that nearly half (46%) of enterprises and SMBs admitted to having suffered a ransomware attack. That’s not a tiny number – your business could be the next victim.

So, in this article, let’s understand:

  • The Nature of Cyber Attacks
  • Impacts and Consequences
  • Emerging Threats in the Cyber World

Ransomware and Targeted Cyber Attacks - What Are They?

Ransomware is a cybersecurity threat involving attackers encrypting information on a system and demanding a ransom for a decryption key. Attackers have developed this attack method further to involve double extortion, where they not only steal data and move it to a different location but also threaten to release it if the company doesn’t pay the ransom.

With the rise of Ransomware as a Service (RaaS), it has become much easier for attackers to launch and maintain ransomware campaigns without developing their code. This allows almost everyone to become an attacker, meaning anyone holding malicious intentions can potentially harm your business.

These attacks are called targeted cyber attacks and have become increasingly sophisticated, often exploiting known vulnerabilities in unpatched systems or using phishing emails as a primary means of entry.

The impact of such attacks is profound; for instance, supply chain attacks extend the damage beyond a single victim, affecting a broader network of businesses and customers, as seen in the 2021 Kaseya attack.

Types of Targeted Cyber Attacks

Every seven minutes, Australian authorities report a new cybercrime. Of the almost 700,000 businesses that experienced cybercrime, 60% of the targeted attacks were against small and medium-sized enterprises.

The prevalence of these crimes has risen, with a 13% increase in cybercrime reports over the previous financial year. Ransomware tops these charts, hailing the most destructive cybercrime threat title due to significant direct and indirect costs to victim organisations and the broader public impact.

These involve sending fraudulent emails that resemble those from reputable sources to trick individuals into revealing sensitive information like passwords and credit card numbers.

A more targeted form of phishing is where attackers customise their approach to target specific individuals or organisations, often using personal information to increase their chances of success.

These spear-phishing types are targeted at high-profile individuals like CEOs, often involving extensive research and preparation to seem convincing. 

Attackers target less secure elements in a supply chain to compromise larger organisations or systems. The Kaseya attack of 2021 notably employed this method.

These occur when attackers intercept and alter communication between two parties without their knowledge, often to steal data or inject malicious content.

Here, attackers exploit vulnerabilities in data-driven applications to insert malicious SQL code into a database, allowing them access to sensitive information. 

These involve overwhelming a system’s resources to make it unavailable to users, often flooding it with excessive requests.

Involving malware that encrypts a victim’s data and demands payment for its release. This method has seen significant evolution with tactics like double extortion.

These occur when a user unknowingly visits a compromised website, leading to the automatic installation of malware onto their device.

Attackers exploit a security vulnerability on the same day it is discovered before you can implement a patch or solution.

3d image of a bug in the middle and icons around it including a padlock

Planning Cyber Resilience

  • Before charting a way forward, we need to know where you stand. Assess your cyber maturity by evaluating your organisation’s rules, processes, and preparedness.
  • Anchor your assessment using globally recognised frameworks like the NIST Cybersecurity Framework or ISO/IEC 20071:2022. Collaborate with cyber experts who can offer tailored recommendations based on these standards.
  • For those overseeing critical infrastructure assets under Australia’s Security of Critical Infrastructure Act 2018, ensure your strategies align with the Critical Infrastructure Risk Management Plan requirements.
  • The Australian Cyber Security Centre’s Essential Eight offers mitigation strategies tailored for Australian businesses. Don’t write it off as a mere checklist.
  • While the Essential Eight caters primarily to Windows-based networks, the digital world is vast. If your ecosystem encompasses cloud services or enterprise mobility, you must seek strategies tailored to these environments.
  • It’s not about ‘if’ but ‘when’ a cyber incident will occur. A response plan ensures that when the inevitable strikes, you’re not reacting but responding with a well-thought-out strategy.
  • While the KWM’s Cyber Response Guide is a good starting point, tailor your response plan to your organisation’s unique aspects, considering specific assets, stakeholders, and potential vulnerabilities.
  • A plan is as good as its execution. Regular testing makes sure that the theoretical strategies translate to practical effectiveness.
  • Engage in controlled, simulated cyber attacks. Such ‘war games’ test systems and decision-making capabilities under pressure, ensuring that when a real threat emerges, your organisation is battle-ready.
  • A cyber-resilient culture starts with its people. Regular training sessions should be the norm, especially on prevalent threats like phishing. Make cyber awareness an integral part of your organisational culture.
  • Ensure clarity on roles during a cyber incident. Everyone from the IT team to the C-suite should know their part, ensuring a swift and coordinated response.
3d photo of an animated dock with ships coming in and people standing around
3d design of a chess board with the title "intensifying the cyber wargame in australia"

Intensifying ‘Cyber Wargaming’ in the wake of rising threats

Australia is now under the spotlight for a vastly different reason – an intensified focus on cyber resilience. Recent cyberattacks on major Australian entities have underscored the need for bolstered defenses and heightened preparedness.

One of the cornerstone initiatives is the introduction of ‘wargaming’ exercises aimed at improving cyber resilience by using simulated cyberattacks involving major banks and institutions. It aims to test and refine response strategies in real-time scenarios.

Banking Sector

Banks are the primary wealth-keeping entity for an average Australian. They offer a protective vault for your financial wealth, fostering a deep sense of trust. As a result, one might keep a significant, if not the entire, portion of their wealth there. However, this very trust makes banks a prime target for cybercriminals. Your wealth – protected by a series of numbers in the form of account details and PIN codes, can be a few steps away from a major attack.

What it Looks Like
Overwhelming traffic sent to a bank’s website or online service.

Impact
It can crash the bank’s online services, preventing customers from accessing their accounts.

What it Looks Like
Highly Sophisticated, long-term cyberattacks.

Impact
Allows criminals to gain deep access, stealing vast amounts of financial data or funds over time.

What it Looks Like
Attackers can use malicious code to exploit database weaknesses.

Impact
It can give access to the bank’s database, potentially leaking large amounts of data.

What it Looks Like
Taking advantage of software vulnerabilities before the bank or software provider knows or can fix them.

Impact
Immediate and unexpected theft or damage, as defences aren’t yet in place.

3d image of a bank with the title "Banking sector"

The Latitude Financial incident, where 14 million customer records were stolen, further highlights the audacity and capability of cybercriminals. Although rejected in line with government policy, their ransom demands underline the urgent need for fortified defences.

Telecommunications Sector

Telecommunication providers like Telstra and Vodafone connect us to our loved ones, facilitate business and operations, and entertain us through various digital channels. Given the nature of this service, telecom providers have become the backbone of contemporary communication, yet their role also means they become attractive targets for cybercriminals. These attackers are drawn to the vast amounts of personal data, communication logs, and financial transactions processed by telecom networks.

What it Looks Like
Unauthorised interception of calls or messages.

Impact
Privacy breach, leading to the leak of sensitive personal or business information.

What it Looks Like
Attackers can deceive telecom providers to issue a new SIM card in the victim’s name.

Impact
The attacker gains control of the victim’s phone number, allowing unauthorised access to calls, texts, and two-factor authentication codes.

What it Looks Like
Physical or digital interference with telecom hardware.

Impact
It can cause network outages, slow services, or provide unauthorised access to sensitive telecom network parts.

What it Looks Like
Harmful software introduced into telecom infrastructure.

Impact
It can monitor user activity, steal data, or disrupt services.

3d image of a telecommunications tower hovering in the air

Optus, one of Australia’s leading telecommunications providers, experienced a significant cyber breach. Attackers accessed the personal details of approximately 10 million customers, including names, birth dates, phone numbers, and crucial identity documents. This prompted nationwide concern, leading to governmental involvement, discussions on privacy laws, and calls for increased cybersecurity measures.

Health Insurance Sector

Health insurance providers have somewhat of a dual role:
A. They must facilitate medical coverage and care for millions
B. They must act as guardians of highly sensitive personal and medical data.
This data, often including everything from basic identification details to comprehensive medical histories, represents a goldmine for cybercriminals. It can result in a lot of threatening production of non-regulated drugs and is overall a huge privacy issue.

What it Looks Like
Unauthorised access to databases, leaking private customer information.

Impact
Exposed personal and medical details of customers, risking identity theft and privacy invasion.

What it Looks Like
Malicious software locks out legitimate users until a ransom is paid.

Impact
Potentially halting medical services or access to patient data until demands are met.

What it Looks Like
Deceptive emails or messages impersonating the health insurer.

Impact
Deceived individuals might provide personal or financial data directly to criminals.

3d image of a diagram with the title "health sector" and a number of icons related to cybersecurity and data breach

In a recent and significant breach, Medibank faced a massive cyber attack, resulting in the personal details of nearly 10 million customers being exposed on the dark web. This included data from 9.7 million current and former customers, including:

  • 5.1 million Medibank clients
  • 2.8 million AHM clients
  • 1.8 million international clients

The breach led to a class action lawsuit by Backer McKenzie, spotlighting the company’s alleged failure to protect customer privacy.

Home Affairs Minister Clare O’Neil’s warning serves as a clarion call, emphasising the recent cyber incidents are mere glimpses of potential larger-scale threats. As Anna Bligh, CEO of the Australian Banking Association, rightly pointed out, the evolving nature of cyber threats now poses risks that transcend corporate boundaries, potentially jeopardising national security.

Conclusion

In essence, the emphasis on cyber resilience underscores the nation’s commitment to ensuring business continuity and protecting its citizens’ digital assets and information. The digital future is bright only if we do our due diligence. Want to make your company cyber-resilient? Talk to our experts at LEAP Strategies and pave your way toward a cyber-resilient future!

Customer Stories

Platataclogo

Platypus Outdoor Group

Platypus Outdoor Group is a Melbourne-based company that offers military, law enforcement, and emergency responder footwear, clothing and field gear for public and government purchase.

LEAP Strategies joined forces with Platypus in 2001 to implement and manage their technology solutions. Since the partnership began, LEAP has built a trusted relationship with Platypus through successfully establishing and maintaining their servers, network and security. Security is paramount due to their direct dealings with law enforcement and military forces in Australia and worldwide.

Bob Stewart: Our family serving you since 1925

Bob Stewart – A Spotlight on Success

Third generation family business, Bob Stewart is a hallmark retailer in the world of school uniforms around Australia.

Partner centric in our approach, LEAP Strategies has collaborated with Bob Stewart for 15 years, adapting technology solutions to suit evolving business needs.

Let’s Start the Conversation.

Transform your tech landscape with LEAP Strategies.

Reach out to discuss our innovative solutions