Aussies top ransomware targets as crims target social-media lovers with nation-state prowess

Cybercriminals are improving their game so rapidly and effectively that mainstream malware is showing the kind of sophistication previously only seen in nation-state attacks – and Australians are the world's most accommodating victims, a senior security researcher has warned.

Australia's high overall wealth and prominent financial services, resources and other large industries had made it a target for spearphishing attacks aimed at companies, and ransomware that has been “very lucrative” for its instigators, Symantec specialist sales engineer within Symantec Australia's Information Security Practice Nick Savvides told CSO Australia in the wake of new research that found the volume of targeted attacks increased 40 percent in 2014 compared with the year earlier.

“The way some of these attacks have been conducted is absolutely fascinating,” Savvides said, noting the “amazing” effort malware authors were putting into work such as Trojanising malware disguised as system updates and other attack vectors.

“If you had asked me the question a year ago, I would have said this is really only the domain of nation states,” Savvides said, singling out a recent toolkit that he said was “probably the most sophisticated piece of malware that we had seen.”

Sandbox detection technologies – seen in 28 percent of malware detected in 2014 – as well as evasive behaviour to evade detection by security tools, and the ability to capture and steal data from victim computers, were amongst the “amazing stuff” that was becoming commonplace on the malware scene, Savvides said.

“We still don't know what the full capabilities of the attack were because we haven't seen the whole package,” he added. “But based on the attacks we saw last year, there are examples where the level of sophistication amongst commercial attackers is sufficiently high that they are responding with the same level of sophistication as state-sponsored attackers.”

Those attacks were not only more numerous, but they were faster to market as victim organisations and vendors struggled to keep up. Figures in Symantec's 2015 Internet Security Threat Report (ISTR) suggested that the top five zero-day attacks in 2014 were exploited by hackers within hours of their release, and remained in the wild for a collective 295 days before patches became available.

That leaves a lot of time for malware to do its work: “A lot of companies do change control very badly because they're very order driven,” Savvides said. “The gaps between shining a light or checking compliance can lead to massive windows of opportunity for the bad guys to attack.”

Malware authors weren't squandering the opportunity: use of targeted spear-phishing attacks rose 8 percent during 2014, the ISTR concluded, even as attackers narrowed the scope of their work – sending 14 percent less email to 20 percent fewer targets.

Non-targeted attacks comprised an even larger percentage of the overall threat activity during 2014, with nearly 317 million new pieces of malware created during the year. Of these, ransomware proved particularly effective: the number of devices locked by such code grew 45 times in 2014 compared with the previous year.

Consistent with the findings of other recent analyses, the 2015 ISTR found that Australia remained the world's biggest target for ransomware.

Significantly, analysis showed that Australians were significantly more likely to share malware with their friends using social media: some 87 percent of all social-media scams that Symantec identified in Australia were shared manually by users, compared with just 70 percent globally.

“People love to be first with things,” said Savvides, who finds it “fascinating” just how eager Australians have proven to be in sharing both good and bad content.

“It's interesting to see what works in social media,” he said, “and what that tells you about the psyche of the individuals using it. Despite all this education when people are warned about scams, they still don't show much scepticism when they come across fake offers online. We Australians really are punching above our weight when it comes to this.”

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join the CSO newsletter!

Error: Please check your email address.

Tags Symantec Australiasocial-media loverssenior security researcherISTRIT SecurityNick SavvidescybercriminalsransomwaremalwareCSO Australiasandbox

More about CSOEnex TestLabSymantec

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts