Tuesday, October 10, 2017

Surge in cyber attacks on Australian business as criminals franchise business

Op Elbrus Plutus Payroll liquidated after 165m tax fraud investigation

Malcolm Turnbull's Soldier On Day speech
WHAT WE'RE READING: "Now, from the beach at Gallipoli to the front line against Da’esh in the Middle East today, our defence forces have always served Australia with courage, honour and great skill."

Surge in cyber attacks on Australian business as criminals franchise business (AFR)

The Australian Signals Directorate responded to 671 serious cyber incidents involving government systems.
The Australian Signals Directorate responded to 671 serious cyber incidents involving government systems. SMH

A growing number of Australian businesses – including those providing critical infrastructure and national security – are falling prey to increasingly elaborate scams and attacks orchestrated by cyber criminals.
Cyber criminals have become so successful they are franchising their software, Minister Assisting the Prime Minister for Cyber Security Dan Tehan will reveal on Tuesday when he launches a new report warning the public of the threats lurking online.
"Business is booming for cyber criminals and criminals are treating cyber as business," Mr Tehan will tell the National Press Club according to speech notes.
With local companies among those affected by two global cyber attacks in 2017, the Australia Cyber Security Centre identified 47,000 cyber incidents affecting individuals and businesses in the past 12 months, a 15 per cent increase. More than half were online scams or fraud, which was up 22 per cent.
According to the centre, 7238 incidents affected major businesses, while there were a further 734 cases involving critical infrastructure or national interest service providers, such as utilities companies, communications networks, transport providers and financial services.
"Most concerning is that these attacks were more elaborate than the attacks we have seen in previous years," Mr Tehan will say.
But Australia's cyber police are also seeing an increasing number of non-traditional victims targeted, with attacks on automotive, accommodation and hospitality businesses rising by 50 per cent.

National security

Mr Tehan will also reveal the Australian Signals Directorate responded to 671 serious cyber incidents involving government systems.
In one case he will highlight, in November last year a "malicious cyber actor" compromised the network of a small company contracting to national security projects and stole a "significant amount of data" over an extended period.
"Analysis showed that the malicious actor gained access to the victim's network by exploiting an internet or public-facing server, which they accessed using administrative credentials," he will say.
"Once in the door, the adversary was able to establish access to other private servers on the network."
The centre worked with the company to fix the breach and remove the cyber attacker.
Mr Tehan will say email phishing scams cost Australian businesses more than $20 million last year, up from $8.6 million a year earlier. In one case, fake invoices cost one unnamed large Australian business more than US$500,000.
Mr Tehan will also say authorities have now seen evidence of cyber threat software and hardware being sold to other operators who lack the skills to create them scratch.
"The days of the cyber threat being deployed by a hooded computer geek in a basement are over," he will say.
"Sophisticated organised criminal networks are taking control and franchising their business model. Ransomware, data-theft, spyware and other infrastructure can be purchased on the darkweb by anyone with an internet connection."
Mr Tehan will say the number of cyber attacks is likely to be underreported, with some businesses reluctant to disclose they suffered a cyber attack because of the risk of damaging their reputation. But he will urge corporate Australia to break its silence.
"Each day, there are Australian businesses that are being robbed, held to ransom, or shut down," he will say.
"In the next 12 months, there will be more globally significant attacks. There are new cyber threats on the horizon, such as cyber terrorism. They all pose a danger of financial and social damage."

Governments see the risk of data sharing, now to explain the benefits.
Data de-identification is probably more complex than you think. A new guide to help public servants and others is a good step forward, but public engagement is underdone, says an expert on the legal side of data use and privacy.

Michael Keating: all policy advice should be contestable.
The minister isn't happy to have his plans for new submarines questioned, but the way the decision was made reflects a long-standing problem, Michael Keating argues. He thinks civilians should be allowed to question military expertise.

GST carve-up formula may dampen reform.
“The system is beyond comprehension by the public, and poorly understood by most within government — lending itself to a myriad of myths and confused accountability,” says a new report from the Productivity Commission on the national tug-of-war over tax revenue.

Victoria plucks first CISO from the finance sector.
The Victorian government has hired an IT risk and governance specialist from the finance industry as its first chief information security officer, as part of a push to bolster the state’s ability to fend off cyber threats.