itb-nz logo
Story image

The future of cybercrime in Australia – ESET

15 Jul 2019

Article by ESET senior research fellow Nick FitzGerald

I must admit that this article’s title is a ruse!

You see – and at the risk of offending the fair residents of the Lucky Country – there is little specifically Australian about any cybercrime or the directions it follows as it develops and expands.

Surprised? It’s right there in the name: “cyber” basically means “of computers, IT, or the internet”.

Although its copper and fibre tendrils must be physically present so connections can be made, the internet is really an ethereal collection of protocol definitions allowing computers to interconnect and communicate more or less flawlessly.

Thus, a computing device in any physical location is not fundamentally different from any other connected to the internet, and all are approximately equally accessible from anywhere.

Of course, that does not mean cybercriminals necessarily attack connected devices indiscriminately.

They occasionally do, such as when we see any and all accessible IoT devices recruited into DDoS botnets or when mass-spreading computer worms proliferate.

However, that is not the usual modus operandi.

Computers located in specific countries (or containing the data of organisations from specific countries) may be more attractive to cybercriminals because those countries are richer and thus, on average, their institutions will have more to lose.

However, that’s a very broad-spectrum observation and hardly rates as “deliberate targeting” beyond the simplistic level suggested by infamous US bank robber Willie Sutton who, when asked why he robbed banks, reputedly answered “Because that’s where the money is”.

Some cybercriminals are primarily driven to compromise specific targets for their geopolitical significance to the attackers, or those funding them.

These attacks will continue so long as the target seems worthwhile and the attackers have funding to continue their work (read: forever).

This is essentially the extension of nation-state spying into the computer realm, and unlikely to feature in the risk modelling most us will be doing.

Other groups (some are also state-sponsored, others presumably competitors) target specific companies for their intellectual property (IP).

The remainder are generally more opportunistic, plucking low-hanging fruit readily identified with search tools such as Shodan or using intelligence purchased on the black market.

These cybercrooks typically focus on infiltrating networks and stealing money through fraudulent bank transfers and the like, or on document and IP theft driven by the hope that they will subsequently be able to find a buyer for their haul.

So how do you protect yourself against these diverse groups of cybercriminals?

Careful, ongoing risk modelling should inform you of the likelihood your organisation will be in the actual or probabilistic crosshairs of these various groups.

Of course, you already have standard endpoint protection, suitable firewalls and other network protections, 2FA and backup solutions in place.

However, depending on how much greater the threat that these more organised and motivated groups might pose, you may be inclined to consider endpoint detection and response (EDR) solutions and/or threat intelligence services.

Both can help improve your ongoing risk analysis, and EDR solutions provide unprecedented visibility into your company network and the ability to perform complex anomaly detection and remediation, locate policy violations and more.

Story image
Fusion5 expands professional services portfolio with acquisition of Mindfull
The deal, the terms of which were not disclosed, extends Fusion5’s portfolio of corporate performance management (CPM) solutions, as well as associated customers and resources.More
Link image
It’s almost time for StorageCraft’s NZ October Technical Bootcamps
Whether you’re in Hamilton, Auckland, Christchurch of Wellington, StorageCraft’s technical bootcamps will take you through technical updates and deep dives into ShadowProtect, ShadowXafe, and OneXafe. These are not to be missed! More
Link image
Six ways you can clean up sprawling document workflows
Lost in a digital document sprawl? iText shares some quick PDF pointers to help your business to create a clearer path to better workflows. Read more here.More
Story image
How cloud telephony can add so much more to Microsoft Teams
Organisations that aim to set up cloud telephony functionality in Teams will need a helping hand, as the process can often be complex. More
Story image
BayCom partners with NICE inContact to offer cloud contact centre platform in NZ
“With our extensive experience in the industry, BayCom has the ability to design, implement and support CXone nationwide, providing organisations with an industry-leading Contact Centre as a Service (CCaaS) solution to deliver on their customer experience strategies.”  More
Story image
Video: 10 Minute IT Jams – Who is blueAPACHE?
blueAPACHE is an IT service provider with a global reach. We speak to managing director Chris Marshall.More