Threat-sharing collective recruits Australian businesses to cybersecurity fight

A slew of new cybersecurity funding announcements and the new AuShield Defend shared threat-analysis portal may have bolstered Australia’s cybersecurity defences, but the announcements could do nothing to save a Sydney hedge fund operator that has shut down after a malicious Zoom invitation led to the theft of more than $8.7 million.

Levitas Capital was forced to close down after a hedge fund manager clicked on a fake Zoom invite, which led to the installation of malware that compromised the company’s email system. A scammer then used the email account to send out $8.7 million worth of false invoices, with reports suggesting the money was directed to dozens of onshore and offshore bank accounts before the scammer fled Australia with about $780,000.

Most of the fraudulent transfers were discovered and halted, but the reputational damage led one of the company’s biggest clients to withdraw its funds—occasioning the collapse of Levitas Capital and chalking up yet another reminder for small businesses about the dangers of malicious emails and other attacks.

The catastrophic compromise highlights “an alarming degree of poor digital hygiene amongst Australian businesses,” Terry Burgess, said vice president for APAC and Japan with identity-management firm SailPoint, said.

“Since the start of the pandemic we have observed a considerable uptick in cyberthreats targeting Australians,” he added, “with 56% of Aussies reporting being targeted by phishing attacks in the last six months. Australian businesses must do more to ensure better digital hygiene if we are to break the cycle of disruption and financial loss from cybercrime. Failure to act now will be disastrous for Australia’s digital future.”

AuShield Defends aims to empower potential victims

It comes too late to save Levitas, but the recent launch of Cybermerc’s government-backed AuShield Defend threat-sharing portal could save companies like it by improving threat-sharing activities amongst Australian businesses.

Supported by AustCyber’s Projects Fund, the $2.4 million Cybermerc portal will provide a central portal where businesses, universities, and cybersecurity companies can share details of new attacks as they are discovered. Attacks can be uploaded to AuShield Defend, where they will be analysed by a team of human security specialists backed by machine learning tools.

Resulting threat-intelligence data is shared with the community and, the company says, used to “update Australian network defences”. “Right now, Australian businesses are defending themselves in isolation,” said Cybermerc CEO Matthew Nevin. “We want them to collaborate. AuShield provides an effective way to connect businesses so they can defend each other.”

The project—which is supported by the Australian National University, Vault Cloud, Anomali, Elastic, Fortinet, and Australian startups SecureStack and Countersight—“marks a new and important collaborative approach to national cybersecurity,” said Elastic Australia federal director Andrew Goodall.

A growing surge of cyberattacks

Australian businesses and government bodies this year faced an escalating threat climate, with an unusual prime ministerial warning about ongoing cyberattacks and significant investment in cybersecurity capabilities across the board.

That warning led Australian businesses to ramp up their awareness of threats from nation-state actors—particularly from China, with whom Australian relations have plummeted in recent weeks—and revelations such as Bitdefender’s discovery of “forensic artefacts” suggesting that a Chinese APT group has been targeting Southeast Asian economies with persistent attacks that facilitate the collection of intelligence and data.

Dating back to late 2018 and active as recently as September 2020, the campaign “suggests a new level of sophistication being carried by state-sponsored Chinese agents in cyberwarfare,” Bitdefender warned as it shared a detailed analysis of the group’s methodology, “a prospect with serious implications on Australian businesses.”

“The tools found had the ability to collect files, monitor the file system for changes, take screenshots, log keystrokes, and exfiltrate that information to the C&C [command and control] server,” said Bitdefender senior cybersecurity analyst Liviu Arsene.

Whether due to the sophisticated attacks of nation-state groups, or the phishing-based scam of one bad actor, Australian organisations’ increasing susceptibility to malicious attacks has driven a surge in spending—with a recent Thycotic security survey finding that two-thirds of Australian respondents believe they will have more security budget available in 2021 due to the pandemic’s impact.

“The increasing reliance on technology as a result of COVID-19, and the subsequent rise in cyberattacks and cybercrime, has highlighted the importance of protecting our virtual infrastructure and digital information,” said AustCyber CEO Michelle Price, adding that the organisation’s support of Cybermerc’s AuShield Defend project “could not have come at a more important time.”