Subterms
iStockphoto/Getty Images At this point in the game, if you’re not using a password manager, you run the risk of your accounts getting hacked. Why? Because without a password manager, you’re probably using weak passwords that you can remember or you’re storing those passwords in an unprotected file on your computer. Should that be the […] More
Australia clocked one cybercrime report every 7 minutes in the past year, with ransomware proving to be the “most destructive” threat. State actors also remain a persistent threat for agencies such as the Australian Bureau of Statistics, which personal information on the local population makes it an attractive target. The country saw an almost 13% increase in the number of reported cybercrime cases to more than 76,000 last year, according to the Annual Cyber Threat Report 2021-2022 released by Australian Cyber Security Centre (ACSC). This meant there was one reported case every 7 minutes, up from every 8 minutes in the last financial year, the government agency said. Its annual report contains insights from the Australian Federal Police, Australian Criminal Intelligence Commission, Australian Security Intelligence Organisation, Defence Intelligence Organisation, and Department of Home Affairs.ACSC pointed to ransomware, in particular, as the most damaging, with all sectors in the local economic directly impacted by such attacks last year, where 447 ransomware cases were reported. This figure was a 10% drop from the previous year, but the report surmised that ransomware remained significantly underreported, especially amongst victims who opt to pay a ransom.The education and training sector recorded the most ransomware incidents, moving up from being fourth place the year before, and alongside four others in the top five sectors accounted for 47% of all reported ransomware attacks. “Top-tier ransomware groups are continuing to target Australian ‘big game’ entities–organisations that are high profile, high value, or provide critical services,” ACSC said. “While global trends indicate a decline in ‘big game’ targeting and a shift towards targeting small and midsize businesses (SMBs), that change has yet to be seen in Australia.”State actors a persistent threat amidst geopolitical tensionsWhat it had witnessed in the past year, though, were persistent attempts from state actors looking to access sensitive data, including personally identifiable information, to support their government’s intelligence requirements. Deputy Prime Minister and Minister for Defence Richard Marles said: “We are currently witnessing deteriorating strategic circumstances in our region and globally, including a military buildup unseen since World War II, and expanding cyber and grey zone capabilities are of particular concern.”The Australian Bureau of Statistics, for instance, is an attractive target as it holds personal information on the local population, according to the report. Prior to the national census which was conducted in August 2021, the ACSC said it held threat intelligence briefings with the bureau and assessed cyber activities against the agency. It also conducted a review of the bureau’s systems, which included a source code review, penetration testing to identify vulnerabilities, and analysis to detect malicious activities that might already be in the system. ACSC said it not find any indication of malicious activities and critical cybersecurity recommendations were resolved by the bureau before the census was conducted. While this ran without cybersecurity incident or service disruption, the cybersecurity agency noted that cyber was increasingly the domain of warfare. It pointed to Russia’s use of malware to remove data and shut down computers in Ukraine. It also highlighted a July 2021 incident in which Australia attributed the exploitation of Microsoft Exchange vulnerabilities to China’s Ministry of State Security. The Five Eyes advisory in November 2021 also confirmed an Iranian state actor had exploited the same vulnerabilities. ACSC warned that Indo-Pacific dynamics were fuelling the risk of a crisis and cyber operations were likely to be used by states to challenge the sovereignty of others.”These actors do not just want classified information. They also want to understand who we are, how we connect with each other, and what values we hold,” the Australian agency said. “In some cases, they may seek to pre-position in strategic networks to prepare for coercive or disruptive activity against us.”The report further pointed to Australia’s critical infrastructures, which continued to face potential threat from state actors as well as cybercriminals looking to cause disruptions. “Critical infrastructure encompasses the physical facilities, communication networks, and information and operational technologies that provide essential services,” ACSC said. “A sustained disruption in one part of the critical infrastructure ecosystem has knock-on effects elsewhere in the economy, and could ultimately lead to harm or loss of life, as seen internationally as a consequence of ransomware attacks on health services.”It noted that CS Energy’s corporate network in November last year was targeted by Russia-aligned Conti ransomware group. The Queensland electricity generator, which produces 10% of electricity for the national electricity market, had cut the external online connection to its network after detecting the ransomware attack and initiated business continuity procedures. ACSC said 95 cyber incidents, or about 8% of all cyber incidents it responded to last year, had involved critical infrastructuresAmongst other key findings in its report this year, the security agency estimated that AU$98 million ($62.74 million) was lost to business email compromise incidents, with an average AU$64,000 lost per report. The average cost per cybercrime report for small businesses also climbed to more than AU$39,000, while this figure clocked at AU$88,000 for medium businesses and more than AU$62,000 for large businesses. More than 25,000 calls were made to the country’s cyber security hotline, or an average 69 per day, up 15% from the previous year.Fraud, online shopping, and online banking were the leading cybercrime categories, accounting for 54% of all reported incidents.Marles noted: “This [ACSC] report maps how threat actors across the world have continued to find innovative ways to deploy online attacks, with supply chains used to penetrate cyberdefences of governments and organisations in many countries, including Australia.”Reporting cybercrime is vital for us to build a threat picture that can prevent others from falling victim to the ransomware syndicates and cybercriminals. The best cyberdefence is informed by the best intelligence,” the minister added. The government is seeking stiffer financial penalties for serious or repeated data privacy breaches, pushing maximum fines of up to AU$50 million ($31.57 million). The move comes amidst a spate of cybersecurity incidents that compromised customer data, including Optus and Medibank. RELATED COVERAGE More
For these Black Friday VPN deals, we only considered reputable and trustworthy VPN providers. There are no shortages of VPNs out there, but there is a limited number of companies that provide secure and user-friendly VPNs.Finding true VPN deals can be a bit tricky because the prices change frequently and with various subscription lengths and add-ons, it gets convoluted. Most VPNs charge less for longer subscriptions and the standard price for service is often advertised as a huge discount. But if the VPN is always available for 63% off, then I don’t consider that a sale. For the offers listed in this roundup, I based the discounted price on what I’d consider the standard offer rather than an imaginary inflated price that you’ll never have to pay.We didn’t include free VPNs in our roundup because free VPN services are a mixed bag. It takes money to run a VPN and if you’re not paying then you could be bombarded with ads or stuck with a subpar service. That’s in the best-case scenario. The worst free VPNs could make money by selling your data, so it’s best to stick with a paid service if you’re taking your privacy and security seriously. More
NordVPN These days, cybersecurity is something everyone needs to think about, not just governments and big corporations. The good news is, you can use a few basic tools to defend yourself and become a less desirable target to hackers. Antivirus software can help protect you from viruses and other types of malware. But antivirus programs typically only […] More
Image: Getty/Morsa Images Connected Internet of Things (IoT) devices such as printers, cameras and routers are leaving networks vulnerable to cyberattacks because they’re not being properly secured. And it isn’t just home and office networks that are being left open to exploitation by malicious hackers targeting the Internet of Things – critical infrastructure is also […] More
Getty Images/iStockphoto At first, it looked like the OpenSSL 3.x security bug was going to be truly awful. While it was feared to be a critical error that could lead to remote code execution (RCE), upon a closer examination it turned out to be not so horrid after all. Open Source That’s not to say […] More
Image: Getty Ransomware continues to be a significant cyber threat to businesses and the general public – but it’s difficult to know the true impact of attacks because many victims aren’t coming forward to report them. The warning comes in the National Cyber Security Centre (NCSC) Annual Review for 2022, which looks back at key […] More
Getty Images The White House has united dozens of nations and representatives from big tech companies for a two-day summit aimed at figuring out how to tackle the global ransomware problem. “When you look at government networks, as we know — Costa Rica; Montenegro; Bank of Zambia; the city of Palermo, Italy, — this is […] More
