• United States



by David Braue

Australian companies are world’s second most-popular targets for email fraud

Sep 12, 20173 mins
Backup and RecoveryBusiness ContinuityCareers

Malicious hacking surpassed accidental data or device loss as the leading cause of data breaches in the first half of this year, according to new research that also found Australia is the world’s second most-frequent target of business email compromise (BEC) attacks.

Hacking or malware were named as the instigators of 153 of the 278 data-breach incidents reported by United States organisations during the first half of this year, Trend Micro’s 2017 Midyear Security Roundup found. The period was marked by the massive River City Media compromise, which saw the theft of 1.37 billion email addresses; the theft of 198m registered voter records from Deep Root Analytics in June; and the March theft of 33.7m personnel records from Dun Bradstreet – which was also previously hacked in 2013.

Despite its relatively small population, Australian targets received 27.4 percent of the BEC attacks observed during the period – only slightly behind the 30.96 percent targeted at US companies and ahead of the 22.46 percent targeted at UK businesses.

Nearly 42 percent of observed BEC attacks spoofed the CEO, while over 28 percent purported to be from the managing director. CFOs were the most popular targets of BEC attacks (named in 18.89 percent of attacks), with finance directors (7.45 percent), finance managers (6.37 percent), and finance controllers (6.26%) also regularly targeted.

Fighting BEC attacks requires a concerted effort to train staff to spot and avoid fraud attempts – including the tried-and-true ‘supplier swindle scheme’ in which cybercriminals emulate a trusted third party. This includes high-ranking executives, Trend Micro warned, who often have extended privileges that may make them able to bypass many lower-level controls on unusual activities that would stop others.

Interestingly, although it has a similar population and economic structure to Australia, Canada was targeted in just 3.43 percent of BEC attacks. This disparity echoes growth rates around ransomware, which has previously been flagged as a key and growing vector being targeted at Australian individuals and businesses that are perceived to be relatively wealthy by world standards.

Fighting these attacks required businesses to make a concerted effort around endpoint protection: enterprises must “focus on securing all possible entry points, monitoring network communications, and encrypting high-value data,” the report’s authors recommended, noting that additional authentication techniques should be added to help manage ongoing loss and theft of data.

“Inadequacies in security such as poorly configured network and outdated systems can be exploited by attackers. If the attack is not detected, let alone thwarted, there will be ransom or damages to pay.”

The real scope of an adequate security defence remains lost on many companies, with recent figures from MYOB suggesting that 87 percent of Australian SMEs believe that installing antivirus software makes them safe from cyber attacks and 50 percent saying they were going to improve business security in the next 12 months.

They’ll have to move quickly, if the Trend Micro figures are anything to go by: with cybercriminals now good enough at writing malware that they no longer rely heavily on exploit kits, the analysis concluded; simply peppering targets with .PDF files (the most popular format for malware, found more than twice as often as second-place .XLS files and thrice as often as third-place .JS files) is proving more than effective enough.

“Poor security can lead to ransomware infections that can easily spread through a network,” the report’s authors advised while recommending a multilayered defence strategy with virtual patching and “high-fidelity machine learning” providing additional protection.

“By not securing all infection vectors, enterprises risk losing data, experiencing downtime, and spending thousands of dollars paying for ransom that might not result in data recovery after all.”