Ruslan Grumble - Fotolia

Research identifies organised cyber threat to Australia

Researchers have identified the profiles of cyber criminals and identified the one that is the biggest threat to Australian organisations

This article can also be found in the Premium Editorial Download: CW ANZ: CW ANZ: July 2016

Australia is being touted as a holiday destination for European “money mules” – individuals prepared to engage in online money laundering.

Sergei Shevchenko, senior security researcher, at BAE Systems Applied Intelligence, said that he had visited a Russian underground internet site that was advertising for money mules prepared to travel to Australia.

“They offered to pay for the trip, for accommodation, and needed the mule to stay for a month,” said Shevchenko. Applicants with EU passports (apart from Romanian or Latvian) would be required to open an Australian bank account and then transfer the five or six deposits of funds made into that account, each worth around A$20,000. 

Under current rules visitors can set up Australian bank accounts using just a passport for identification, as long as they do so within six weeks of entering the country.

While under anti money laundering and counter terrorism financing rules, Australian banks must report to the regulator, Austrac, any transactions of $10,000 or more – cyber crime gangs are clearly hoping that their mules will be able to swiftly transfer funds out of their Australian accounts without being detected before heading home.

Money mules are just one of the six cyber criminal types which have been profiled by BAE as part of a bid to help companies and boards better understand who they are up against, and their motivations in engaging in cybercrime.

Shevchenko said that cybercrime had moved on from opportunistic attacks to become a fully fledged industry.

While the company has identified six individual cyber culprits, no-one role was more important than another – they all make up the cyber crime ecosystem according to Shevchenko. He said. “It’s like in a bank robbery – is the safe specialist more important than the driver?”

Shevchenko said that companies needed to understand that security was no longer about keeping the perimeter safe but being ready to identify and combat cybercrime when it occured. “There is a big industrialisation of cybercrime,” he warned.

Ransomware and social media attacks

Symantec’s recently released Internet Security Threat report identified Australia as the leading target for ransomware attacks in the southern hemisphere, with the average number of daily attacks increasing 141% compared to last year.

Australia has also been ranked among the top 10 global targets for social media scams and targeted attacks.

Given the sophistication involved and sheer number of attacks now being experienced, Shevchenko said that it was important boards and security specialists understand the motivation behind attacks, which will give them the best chance of securing their organisations.

Read more about cyber security in Australia

Demand for people with the right mix of skills to keep organisations in Australia safe from cyber attack is far in excess of supply

The costs of cyber security breaches can quickly add up with fines, reputational damage and overhauls to network security all hitting the coffers.

Canberra is strengthening its cyber security response, but there is conflicting evidence about where the main threat is coming from

On occasions that might extend to playing the cyber criminals at their own game.

Thomas Heisler, worldwide vice president of engineering operations for LogRhythm, who was a speaker at the Australian Cyber Security Centre this month, said that sophisticated enterprises could consider setting up their own “honeypots” to attract the attention of cyber criminals. Once the criminal was inside the system, the organisation could learn a great deal about their modus operandi, including the tools they used, the payloads they installed, and their ultimate targets.

Armed with that insight the organisation could refine its protective policies and processes.

However, Heisler acknowledged: “It isn’t for everyone as you need to be a bit vigilant,” and he warned that cyber criminals would quickly identify and avoid crudely constructed honeypots. He said that only the top 10% or 15% of organisations have the capacity to take on this sort of defensive engagement, with banking and finance, health, government and energy sectors leading the way.

But as BAE’s Shevchenko warned, there is no easy way of stamping out cybercrime: “It’s always a cat and mouse game. As soon as you become effective the mouse just has to steal the cheese from a different direction.”

Read more on Web application security