Best of 2020: Govt sector second most targeted in Australia
Attacks on the government sector accounted for 26% of all attacks on industry during the year, placing the sector behind technology (35%) but well ahead of finance (13%), education (11%) and professional services (8%).
While government was also the second most targeted sector globally, it accounted for just 16% of attacks.
The most common attack types targeting Australian industries include application-specific attacks (40%), web application attacks (20%) and DoS or DDoS attacks (19%).
DDoS attacks on Australian organisations were more common in other regions, the report also finds. Meanwhile, application and web application attacks accounted for nearly 60% of all attacks combined, above the global average of 55%.
The report also finds that the majority (59%) of malware attacks use one of the top five most common malware families in Australia — conficker, zmeu (IoTroop), chinachpper, jsp and cknife.
But despite the significant hostile cyber-activity targeting in Australia in 2019, NTT’s report finds that Australia has a “generally mature cybersecurity profile” — particularly in the finance and manufacturing industries.
The report also includes an analysis of the ways the COVID-19 pandemic is shaping the threat landscape. It finds that phishing attacks leveraging COVID-19 started as early as mid-January, and that attack volumes are escalating daily.
New malicious websites posing as official information sources for COVID-19 data are being created at a rate which sometimes exceeds 2000 per day.
Campaigns leveraging the crisis are also being used to spread a range of malware variants, including Emotet, Trickbot, Lokibot, Kpot and the new ransomware variant CoronaVirus.
The crisis has also caused an increase in cyber attacks on healthcare and support organisations involved in COVID-19 response work.
NTT has also observed the use of an open redirect which pushes information-stealing malware to infected systems, and prompts the user to download a ‘COVID-19 Inform App’ purportedly from the World Health Organisation.
The report states that the crisis has shown the need for organisations to implement technologies and processes capable of anticipating and preventing attacks and other disruptions before they can impact regular operations.
NTT is also urging organisations to ensure they’re addressing challenges associated with the threat landscape evolving with COVID-19, such as the related surge in remote working.
This requires clearly and effectively communicating changing business and security requirements, policies and procedures to employees, while ensuring employees flag roadblocks to effective collaboration and workflow.
“The current global crisis has shown us that cybercriminals will always take advantage of any situation and organisations must be ready for anything,” commented Matthew Gyde, President and CEO of NTT’s Security division.
“We are already seeing an increased number of ransomware attacks on healthcare organisations and we expect this to get worse before it gets better. Now more than ever, it’s critical to pay attention to the security that enables your business; making sure you are cyber-resilient and maximising the effectiveness of secure-by-design initiatives.”
NTT’s annual Threat Intelligence Report is based on data from log, event, attack, incident and vulnerability data from clients, as well as analysis from the company’s Global Threat Intelligence Platform.
This article was first published on 21 May 2020
The US Cybersecurity and Infrastructure Security Agency's National Risk Management Center has...
US President-elect Joe Biden has announced US$9bn in funding for an initiative aimed at improving...
In our annual Leaders in Technology series, we ask the experts what the year ahead holds. Today...