Australian enterprises facing more cyber attacks

More than nine in 10 senior IT executives in Australia reported an increase in the volume of cyber attacks at their organisations in the past year, a study has found.

According to VMware Carbon Black’s 2020 Australia cyber attack landscape study, the attack volume jumped from 81% in February 2019 and 90% in October 2019, demonstrating a clear upward trend.

Rick McElroy, cyber security strategist at VMware Carbon Black, said in a report that the considerable leap in attack frequency and sustained increase in sophistication revealed in the study showed that even as Australian businesses are adapting to the intensifying environment, the cyber threat landscape is evolving faster.

For example, 88% of security professionals said attacks have become more sophisticated, while 16% of those said the attacks have become significantly more advanced.

“This confirms what VMware Carbon Black’s threat analysis unit research has been finding: adversaries are adopting more advanced tactics as the commoditisation of malware is making more sophisticated attack techniques available to a bigger cohort of cyber criminals. It’s not surprising that custom malware is the most commonly seen attack type,” he said.

The average number of breaches, however, has dropped to 2.05 from 3.78 in October 2019, according to the study which polled 250 Australian CIOs, chief technology officers and chief information security officers.

Island-hopping was the cause of 11% of breaches despite only being cited by 4% of respondents as the most common attack type experienced. Third-party application and web application breaches were also high with 18% and 13% respectively.

McElroy said island-hopping, in combination with other third-party risks such as third-party apps and the supply chain, is putting the extended enterprise is under pressure from cyber attacks.

When it comes to mitigating cyber threats, complex multi-technology environments appeared to be the norm, with cyber security teams using an average of over seven different tools or consoles to manage their cyber defence programme.

This indicates a security environment that has evolved reactively as security tools have been adopted to tackle emerging threats, the report noted.

McElroy said: “Siloed, hard-to-manage environments hand the advantage to attackers from the start. Evidence shows that attackers have the upper hand when security is not an intrinsic feature of the environment.

“As the cyber threat landscape reaches saturation, it is time for rationalisation, strategic thinking and clarity over security deployment.”

Besides enterprises, Australia’s critical infrastructure operators have also been targeted by cyber attackers amid the ongoing Covid-19 pandemic.

In May 2020, the Australian Cyber Security Centre (ACSC) offered guidance for critical infrastructure operators, including technical controls that organisations can use to respond to challenges associated with Covid-19, as well as to support operations staff working remotely, some for the first time.

The advice followed its earlier warning of advanced persistent threat (APT) attacks against healthcare organisations and medical research facilities by those seeking information and intellectual property relating to vaccine development, treatments, research and responses to the Covid-19 outbreak.

The ACSC had identified adversaries and cyber criminals as responsible for compromising email servers of health sector entities in Australia, which are then used to distribute Covid-19 phishing emails in an attempt to deploy malicious software, including ransomware, or to gain access to other targeted organisations.