This Insight outlines common cyberattacks that could impact your organisation and practical steps you can take to better protect your organisation.

 

What are Cyberattacks?

Cyberattacks are offensive manoeuvres which attempt to breach computer networks to gain data, hold it for ransom, or disrupt business operations. According to the Annual Cyber Threat Report 2021-2022, the Australian Cyber Security Centre recorded 76,000 cybercrime reports, a 13% increase from the previous year.

The growing prevalence of cyberattacks has heightened the need for greater education and awareness of the types of cyberattacks that could impact your business. Today your business needs to be able to identify and report suspected or actual cyberattacks, mitigate the risk of suffering a cyberattack, and managing and responding to a cyberattack.

 

Types of Cyberattacks

These are the most common cyberattacks and the best practices to combat them.

  1. Malicious Software (Malware)

What is it?

Malware is a software used to harm computer systems or networks. It is used to gain access to your computer without your knowledge, to steal valuable data and information.

Malware seeks to disrupt business practices by exploiting an organisation’s weak links, accessing data and spying on the business, and can sometimes lead to identity theft.

How does it work?

Common malware attacks follow this process:

  1. Cybercriminals identify a network or system weakness to exploit, for example, weak password security.
  2. Malicious software is uploaded on the network or computer, often through malicious email attachments, deceptive phone calls, text messages and social media.
  3. The cybercriminal gains access to your organisations systems.
  4. Data is stolen from the systems.

Signs of infection

  • Your computer is running slower than usual.
  • Your internet browser has a new homepage or extensions that you haven’t added.
  • You are bombarded with ads.
  • Your contacts receive spam from your email account.
  • You see a ransom/fine or warning note when trying to access files.

How to combat malware?

  1. Use up to date antivirus software.
  2. Keep all your device software up to data – patches, updates & vendor mitigations.
  3. Use strong passwords and passphrases, multi-factor authentication, and ensure you are not recycling the same password for every account.
  4. Backup your files regularly, daily if you can, and where possible, encrypt data.
  5. If your business does not use Microsoft Office macros, disable them.
  6. Stay informed on the latest threats, sign up for the ACSC’s Alert Service here.
  7. Regularly check the software installed on your computer, tablet and other devices and uninstall any programs or software that is not used.

What not to do:

  1. Don’t download applications from third-party download sites.
  2. Don’t click on online ads to download applications and don’t use ad-blocking software.
  3. Don’t download and install applications from peer-to-peer networks – you don’t know who you are connecting to.
  4. Don’t open links found in emails or instant messages, or execute attachments unless you are sure they are legitimate. Use a spam filter to protect yourself from malicious messages.
  5. Don’t install applications received from contacts, for instance via email, without scanning them with your antivirus application first.

 

  1. Phishing (Scam Messages)

What is it?

Phishing is where a scammer contacts an individual or organisation with the intention to mislead them, for example, by impersonating an entity to obtain money or personal information. This may be through malicious links or attachments which compromise your devices or steal your information, or by requesting sensitive information in a manner that appears to be legitimate.

How does it work?

  1. Attacker sends an email/message containing malicious links or attachments.
  2. Victim opens the email/message and clicks on the link or attachment, which leads to a phishing website.
  3. Victim’s personal information is collected by the criminal.
  4. This information is used to access bank accounts, other user accounts and devices.

What data are they trying to access?

Phishing scams often seek to gain passwords, financial or bank information, personal information, or money.

There are 3 common phishing scams that target businesses via employee emails:

  1. Invoice Fraud – fraudulent invoices are sent to customers from a comprised email account, with incorrect bank details directing customers to pay the attacker. The customer will often pay the invoice, thinking they are paying your organisation. Instead the money is sent to the malicious bank account.
  2. Employee Impersonation – employees are impersonated, and their emails are used to commit crimes such as fraud. For example, requesting to change an employee’s bank details to subsequently direct the employer to pay their salary to the criminal’s bank account.
  3. Company Impersonation – domain names are registered mimicking that of a large, known, and trusted organisation. The organisation is impersonated in emails to vendors or customers, and to commit various forms of fraud. For example, implementing a brand’s logo into an email requesting certain information from customers of this brand.

Signs of infection

A phishing email will usually have the following tell tales:

  • generic greeting or no greeting, for example, Sir/Madam;
  • request for personal information;
  • buttons which contain hyperlinks to unknown sites;
  • email address is not official;
  • spelling and grammar mistakes; and
  • unsolicited attachments.

Developments in artificial intelligence are being used by attackers to generate emails which appear more realistic and believable. This  which will leave organisations more susceptible to phishing scams.

Tips to combat phishing

  1. Install filters on an email address to prevent spam from entering your inbox.
  2. Call your bank or any other organisation that is supposedly emailing you to check whether the email is legitimate.
  3. Complete employee training to increase awareness and help them recognise when these suspicious emails come into their inbox.
  4. If you are uncertain about an email, do not open it and simply delete it.

 

  1. Ransomware

What is it?

Ransomware is a type of malware designed to lock up or encrypt files to prevent access to them. A ransom is then demanded for restoring access to the files or prevent data and intellectual property from being leaked or sold online.

What data are they trying to access?

Cybercriminals may seek to access information that is sensitive or important to an organisation in order to gain bargaining power when they demand a ransom. The ultimate goal is to obtain money from the victim.

How does it work?

Ransomware attacks will usually follow the same process as malware attacks:

  1. Victim will receive an email containing malicious software.
  2. The malware downloads the victims’ files to steal information or enter the victims network.
  3. Malware codes then encrypt the files and prevent access.
  4. Victim is given a ransom notice with deadline and instructions for payment.
  5. Cybercriminal threatens to leak information or refuse access unless the ransom demand is paid.
  6. Ransom is paid to unlock or decrypt the files, or prevent the leak.

Signs of infection

The most obvious sign of a ransomware attack is the ransom demand message you will receive once your files have been downloaded and encrypted. Other signs include, unexpected file encryption, missing or altered files, slow system performance and disabled security software.

Tips to combat ransomware

  1. Remember that paying a ransom will not guarantee that you will regain access to your files or information, or that the attacker will refrain from leaking your information. It gives the cybercriminal financial aid to develop their technology and continue their attacks, and it sets a precedent that they can re-threaten you and other businesses in the future.
  2. Back up your files regularly.
  3. Install firewalls on devices.
  4. Practice safe browsing habits.
  5. Do not clicking on any suspicious email links.

 

  1. Distributed Denial of Service Attacks (DDoS)

What is it?

DDoS attacks occur when an attacker floods a server with internet traffic to prevent users from accessing their online services or sites. It aims to overwhelm a device or network, to render the site useless.

How does it work?

DDoS attacks are either carried out on networks or devices. Networks may consist of devices that have been infected with malware, granting the attacker remote control of them. This is also referred to as bots. Once established, the network can direct all attention towards the intended site, sending requests to the target’s IP address, which results in a denial of service to normal traffic.

Signs of infection

A clear sign of a DDoS attack is if your site or device becomes extremely slow or unavailable. Traffic analytics tools can be helpful in identifying whether you’re being targeted as they can find some of the tell-tale signs, including:

  • suspicious amounts of traffic originating from a single IP address;
  • floods of traffic from users who share one, singular profile;
  • unexplainable surges in requests to a single page; and
  • odd traffic patterns, such as spikes at unusual times.

Tips to combat DDoS attacks

Rapid detection and quick response times are pivotal to reducing the impact of DDoS attacks.

  1. Reduce attack surface area, for example, by placing resources behind Content Distribution Networks or Load Balancers, and by restricting direct internet traffic to specific parts of your company’s infrastructure.
  2. Encourage staff awareness of normal and abnormal traffic – only accept as much traffic as is necessary to allow usability of your site. This is known as rate limiting.

 

Next Steps

The best ways to arm your organisation against cyberattacks are to establish cybersecure processes, and to instigate cyber training including war gaming so that all members of the business hone their skills and are equipped to identify cyberattacks and risks, and respond appropriately..

For more information on current cybersecurity issues, visit Sainty Law’s Insight here.

If you are looking for more information on improving to improve your organisation’s cybersecure practices, contact Sainty Law at lawyers@saintylaw.com.au.