A joint report coordinated by the cybersecurity authorities of the US, the UK, and Australia has warned of the increased global threat of ransomware attack and have advised organisations to take immediate precautions.
In the financial year 2020-21 the Australian Cyber Security Centre (ACSC) received more than 67,500 reports of cybercrime an increase of 13 per cent on the preceding year.
Released on February 9, the ACSC co-authored paper found that ransomware attackers increased their impact by targeting the cloud, managed service providers, industrial processes, the software supply chain, and by timing them on holidays and weekends.
The other co-authors of the report were the United Kingdom’s National Cyber Security Centre, and three American organisations, the Federal Bureau of Investigation, the Cybersecurity and Infrastructure Security Agency, and the National Security Agency.
A list of immediate recommendations for protecting against ransomware attacks in the report included providing training for employees against clicking on suspicious links, making an offline backup of data, using multifactor authentication, and securing the use of remote desktop protocols.
A full list of the recommendations can be viewed here.
Last year, the ransomware market became professionalised through the establishment of ransomware as a service. This was also fostered through the use of independent services for negotiation with and assisting victims to make payments, as well as to arbitrate between cyber criminals.
The ACSC observed a number of ransomware attacks targeted at perceived high-value organisations and those responsible for providing critical services.
This included a five-day ransom on the global operations of JBS foods, during which Australia’s meat supply chain was severely affected and resulted in a pay out of US$11.2 million.
Although in the second half of the year ransomware targets shifted away from “big-game” in the US, as to avoid public scrutiny, Australia still experienced attacks against firms of all sizes.
The report also found that the top three initial points of ransomware infection were the same as in 2020. These were namely phishing emails, exploitation of remote desktop protocols, and the exploitation software vulnerabilities. The paper supposes that this is the case due to the continued use of remote work and schooling through 2021.
Home Affairs Minister Karen Andrews told the Parliament that government was tightening defences in Australia through measures like the Critical Infrastructure Bill, and promised heavier punishments against cyber criminals under the ransomware action plan, introduced last October.
“There is absolutely no doubt that our nation is facing a very clear threat when it comes to cybercrime and both business, individuals and governments need to be resolute in tackling it,” Minister Andrews said.
“That suite of measures that we have introduced as a government is delivering very sound and a very clear message to anyone considering interfering with our critical infrastructure and our way of life. The messages are ‘you will not be successful’ and ‘you will face very tough penalties’,” she said.
The final tranche of the critical infrastructure bill was brought to parliament by Minister Andrews last week and will oblige critical infrastructure operators to undertaken a number of risk management programs.
The first half, which was passed last October, included “last resort” powers that allowed the Australian Signals Directorate or Australian Cyber Security Centre to take control of a company under cyber-attack.
Reacting to the ransomware threat warning, Brian Spanswick, the chief information security officer of data management firm Cohesity said organisations should be motivated by the report to look at their own information infrastructure.
“To help thwart these attacks and minimise their impact, organisations need to enhance their security postures by embracing next-gen data management capabilities that enable organisations to: utilise immutable backup snapshots, detect potential anomalies via AI/ML that could signal an attack in progress, and address mass data fragmentation challenges that can also reduce data proliferation,” Mr Spanswick said.
Do you know more? Contact James Riley via Email.