Australian enterprises a popular target for ransomware attacks

Australian businesses suffered a disproportionately high rate of ransomware attacks in 2014 compared to other countries, a new report has found.

Symantec’s 20th annual Internet Security Threat Report (ISTR) found Australia was ranked seventh globally for ransomware attacks, while placing number one in the Asia Pacific and Japan region. Overall, ransomware attacks grew 113 per cent, and the vendor believes this figure would be “slightly higher” for Australia.

“Being seventh globally for ransomware is rather disturbing when you think about it,” said Nick Savvides, Symantec security specialist. “I think it speaks to the fact that the attackers go where the money is and Australia’s a fairly wealthy country, so there are a lot of opportunities for the attackers to extract revenue out of this market.”

Attacks in Australia came mainly from the United States, China and India, the same as in 2013. The report also revealed five out of six large companies were targeted by attacks in 2014, a 40 per cent increase over the previous year.

Sixty per cent of global targeted attacks were sent to small- and medium-sized organisations (fewer than 250 employees), along with 40 per cent of targeted attacks in Australia. Meanwhile, large organisations (2500 employees and above) were struck by 30 per cent of targeted attacks in Australia.

It was also a record year for zero-day vulnerabilities, with 24 discovered in total, taking software companies an average of 59 days to create and roll out patches – up from only four days in 2013. In total, the top five zero-days of 2014 were actively exploited by attackers for a combined 295 days before patches were available.

ITSR also shows advanced attackers continued to breach networks with highly-targeted spear-phishing attacks, which increased a total of eight per cent in 2014, but attackers became more efficient, deploying 14 per cent less email towards 20 per cent fewer targets.

Symantec said the latest pattern of attacks demonstrated a tactical shift as cyber criminals seek to infiltrate networks by hijacking the infrastructure of major corporations and using it against them.

“Attackers don’t need to break down the door to a company’s network when the keys are readily available,” said Kevin Haley, director, Symantec Security Response.

“We’re seeing attackers trick companies into infecting themselves by ‘trojanizing’ software updates to common programs and patiently waiting for their targets to download them – giving attackers unfettered access to the corporate network.”

Australian organisations need to work on their incident response, changing the mindset from assuming you’re safe from attacks to acknowledging that you probably are going to be compromised, added Savvides.

“Bad things will happen and you need to be able to respond to them, and respond quickly … enterprises should have an actual incident response plan in place.”