With all eyes on coronavirus, Australia should brace for cyber crime surge

Nation-states likely to use cybercriminal attacks against Australia, others for strategic gain during COVID-19 distraction.

A hacker targets a sitting duck  >  easy target / easy pickings / victim targeting
Vasif Bagirov / Getty Images / Thinkstock

The intensity of the COVID-19 response may have focused CSOs on securing remote workers, but an international cyber warfare expert has warned Australian CSOs to be extra vigilant against cyber security strikes from nation-states seeking strategic advantage against distracted rivals.

“It’s dangerous when all eyes are on one piece of news,” Charity Wright, a cyber threat intelligence analyst with IntSights, told CSO Australia.

How Australians are being attacked

Australian payments-fraud firm EFTsure recently reported that Australian businesses have been targeted with 15 times as many false invoices, requests for changes of banking details and other fraud-related messages. And security firm Security in Depth reports a 40 percent surge in spear-phishing emails against Australian targets over the past fortnight.

Companies face additional threats from nation state-linked attacks like Emotet, a “widespread” malware attack that was called out by the Australian Cyber Security Centre (ACSC) late last year as threatening “a variety of sectors in the Australian economy and was recently flagged by Cisco Talos as targeting US military installations.

The coronavirus pandemic has been flagged as threatening to “reshape the strategic landscape of the world”. And, without a strong proactive response from CSOs, this rebalancing could easily spill over into new cybersecurity threats for any Australian company. “There have been a lot of questions” about whether foreign actors will attack commercial interests during times of conflict and disruption, Wright said.

“I even have doctors’ offices freaking out and asking whether they should be worried. But the enemy always has a very specific motive and target — and I tell CSOs to look at who are the targets of this adversary, what are their tactics, what are their tools, and what are your vulnerabilities to those things?” Wright said.

Coronavirus-related sites are now a vector for cyber attacks

IntSights and many other firms have observed surges in cyber criminal activity on the back of the escalating pandemic, with Sydney-based risk-management firm Sectara warning that cyber criminals — including state-sponsored actors — are creating or taking over coronavirus information sites that deliver malicious payloads.

Sectara has been applying models from the Security Risk Management Body of Knowledge (SRMBOK) to the coronavirus situation, offering its software free during the pandemic. “There are a wide range of groups who are executing malware and ransomware attacks to profit from the global health pandemic and these attacks are only likely to grow as the pandemic continues,” security risk management expert Julian Talbot warned. “Despite China’s success with the lockdown, there is really no exit strategy until we have a vaccine, which is unlikely to be this year. Hackers and state-sponsored actors will continue to build ever more sophisticated attacks if we are not vigilant.”

More nation-states may be tempted to mount cyber attacks

Recent tensions between Iran and the United States, for example, had fuelled a rise in cybersecurity activity, creating an opening for other states keen to capture a geopolitical advantage.

Russia, in particular, “takes advantage of these situations where everyone is distracted” — as it did in 2018, when concerns about that country’s active probing of millions of routers worldwide led to calls for Australia to develop an offensive “asymmetric capability”.

Even companies that might not normally consider themselves targets for nation-state actors should be wary, Wright said: With coronavirus dominating news cycles and corporate response plans leaving cybersecurity competing for oxygen during board meetings, Australia’s involvement in the ‘Five Eyes’ intelligence-sharing community “could potentially make them targets” as well.

Weakened by its spiralling COVID-19 death count, Iran could potentially lean heavily on cyber criminal capabilities — which Wright said are “kind of limited compared with others around the world” — to reassert its regional and global political relevance.

Even smaller countries could pose new threats in the rapidly changing global environment, she noted. “Many countries have economic or political agendas but they are unable to purchase expensive military equipment,” she explained. “Cyber operations really level the field for everyone — and smaller countries are realising that if they put resources into cyber, they can really stand up for themselves.”

Venezuela, for example, had turned to cyber crime to compensate for recent socio-political changes including vulnerable technological infrastructure, users moving to dark web sites for censored information, a migration to cryptocurrency due to the collapse of the local currency, and cyber criminals operating in the open without any concerns about being caught.

Copyright © 2020 IDG Communications, Inc.

The 10 most powerful cybersecurity companies