CyberCX Threat Assessment flags rise in data extortion

CyberCX, an independent Australian cybersecurity company, has released its inaugural Annual Threat Assessment, featuring insights and key trends in the threat landscape across Australia and New Zealand. The Annual Threat Assessment also predicts how the behaviour of cybercriminals and nation-state actors will evolve in the year ahead, and addresses the need for locally informed commentary on regional and global threats.

In recent years, the Australian Government has increased the amount of cyber threat information; however, there remains a need for regionally specific analysis informed by an understanding of the evolving issues being faced by Australian and New Zealand organisations.

Drawing on CyberCX’s cyber intelligence capability, the assessment details how threat actors have leveraged COVID-19 to their advantage, the rising risk of business email compromise and the increasing sophistication of ransomware campaigns.

The Threat Assessment also analyses ransomware groups that have been highly active in the ANZ region, with the CyberCX Cyber Intelligence team observing a shift to data extortion tactics by these threat actors — a trend that is predicted to accelerate in 2021.

CyberCX Chief Strategy Officer Alastair MacGibbon said the Threat Assessment highlights how threat actors have accelerated their ability to exploit newly discovered vulnerabilities before enterprises patch their systems. MacGibbon warned that threat actors are moving so quickly, and timeframes have become so narrow, that if enterprises cannot patch their systems within a few hours, they are at risk of compromise.

“What we’ve seen with recent compromises, such as Accellion and now Microsoft Exchange, is that cybercriminals and nation-state actors are rapidly exploiting vulnerabilities when they become known,” MacGibbon said.

The Threat Assessment also details how threat actors have exploited pandemic-related themes in social engineering phishing campaigns, and forecast that phishing campaigns will become faster, smarter and better at evading protection. The report also explains how the shift to remote working during COVID-19 has made monitoring and securing networks more difficult, and led to an expansion of attack surface areas.

CyberCX CEO John Paitaridis said these real-world trends correspond to real, evolving threats in the cyber landscape.

“Over the last year, we’ve seen digital transformation accelerate for organisations pivoting during the pandemic, embracing new ways of working and doing business. Our deep understanding of the threat landscape enables us to respond at scale to these threats and help keep our customers secure,” Paitaridis said.

The Threat Assessment also includes strategic and technical recommendations for how organisations can improve their cybersecurity posture, including response planning, education and awareness, and smarter vulnerability management.

Image credit: ©stock.adobe.com/au/Blue Planet Studio