Phishing attacks to surge in Australia in 2019

Phishing attacks targeting Australian consumers and businesses are expected to continue to surge in 2019, with attackers developing more sophisticated methods of targeting phishing messages, according to Trend Micro.

The company has released its predictions for the security landscape in the coming year, stating that phishing attacks are continuing to replace exploit kit activity as the major attack vector.

Since 2017, the number of phishing URLs blocked by Trend Micro’s security software has increased by 173%, and this trend is showing no signs of abating.

Meanwhile, attackers have started using activities such as monitoring social networks or penetrating email systems to monitor the movements of executives and help them craft more convincing targeted phishing messages.

Attackers will also continue to rely on the tried and true tactic of targeting known vulnerabilities for the vast majority of their exploit-based attacks, the company said.

Trend Micro is also predicting that fraudsters will aim business email compromise — also known as CEO fraud — attacks at a wider range of executives in 2019. Such attacks involve impersonating a member of staff in order to fraudulently arrange a payment to the attacker.

Meanwhile, as the number of remote workers increases, SIM swapping and SIM jacking will be a growing threat. This attack method allows a criminal to hijack a user’s mobile phone without their knowledge. Another increasingly popular target will be the smart home.

“2018 has been a significant year for data breaches in Australia. Local and global regulations have been put in place and we’ve seen huge change in the industry as reporting and transparency becomes crucial to how organisations approach cybersecurity,” said Trend Micro director and data scientist Jon Oliver.

He said this trend will provide organisations with an opportunity to optimise their security posture and renew their commitment to customer privacy.

“As we head into 2019, organisations must also understand the security implications of greater cloud adoption, converging IT and OT, and increasing remote working. Cybercriminals will continue to follow a winning formula — exploiting existing flaws, social engineering and stolen credentials — to drive profits,” Oliver said.

“As both the corporate attacks surface and unknown cyber threats increase, it’s more important than ever for organisations to put more resources behind employee education to help protect against these growing attacks.”

Image credit: ©lollo/Dollar Photo Club

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.