Cancel
CreatorsPublishersAdvertisers
View more in
POTUS

‘An attractive market’: policy vacuum on ransomware attacks leaves Australia vulnerable

By Daniel Hurst
Posted by 
The Guardian
The Guardian
 18 days ago
https://img.particlenews.com/image.php?url=37Rebx_0auYDWFE00
A man holds an electronic tablet with a padlock depicted on the screen Photograph: Tomasz Zajda/Alamy Stock Photo

Australian organisations are seen as soft and lucrative targets for ransomware attacks, according to cybersecurity experts who warn the problem will get worse unless the Morrison government fills the “current policy vacuum”.

A report published on Tuesday cites a raft of attacks over the past 18 months, including one that brought Nine Entertainment “to its knees” in March and left it struggling to televise news bulletins and produce newspapers.

Other victims include logistics company Toll Holdings, numerous health and aged-care providers, and the global meat producer JBS Foods , whose Australian operations were affected.

But experts from the Cyber Security Cooperative Research Centre say the legality of Australian companies paying ransoms to attackers is “murky at best” and most individuals would not know what to do if they fell victim to a ransomware attack.

Related: Australia’s cybersecurity agency says it averted more attacks by hackers who crippled Nine

The government needs to clarify the legality of ransomware payments and set up a mandatory reporting scheme, writes Rachael Falk, the chief executive of the cybersecurity research centre, and her colleague Anne-Louise Brown.

In ransomware attacks, cybercriminals typically look for vulnerabilities in organisations’ computer systems, before locking up, encrypting and extracting data so computers and their files are unusable.

Attackers then demand payment to decrypt and unlock systems and sometimes threaten to leak stolen data if the request is rebuffed. The ransoms are typically paid in difficult-to-trace cryptocurrencies.

“A current policy vacuum makes Australia an attractive market for these attacks, and ransomware is a problem that will only get worse unless a concerted and strategic domestic effort to thwart the attacks is developed,” Falk and Brown write in a policy brief for the Australian Strategic Policy Institute.

“Developing a strategy now is essential. Not only are Australian organisations viewed as lucrative targets due to their often low cybersecurity posture, but they’re also seen as soft targets.

“The number of attacks will continue to grow unless urgent action is taken to reduce the incentives to target Australian companies and other entities.”

The policy brief says a nationally representative online survey of 1,000 Australian adults in April 2021 “painted an alarming picture of just how little the Australian public understands ransomware”.

The survey – commissioned by the Cyber Security CRC – found 77% of respondents said they would not know what to do if they fell victim to a ransomware attack.

When respondents were then given a set of options, 56% said they would contact the Australian Cyber Security Centre (ACSC), which is part of the Australian Signals Directorate.

The ACSC advises organisations not to make payments, arguing there “is no guarantee the cybercriminal will decrypt files” and the willingness to pay may make the organisation vulnerable to further attacks in the future.

But the policy brief says businesses grapple with the legal consequences of whether to pay and worry that every minute matters.

The policy brief says the Australian government should not criminalise the payment of ransoms.

Instead, it says, the government should adopt a mandatory reporting regime. An organisation would face a legal obligation to report the nature and root cause of a ransomware attack to the ACSC within, for example, three weeks.

The “non-punitive” reporting scheme would apply regardless of whether a payment was made and should preserve the confidentiality of victims.

“It wouldn’t be about naming and shaming,” the policy brief says, arguing it would give the ACSC improved access to vital and timely intelligence.

The information would then be de-identified and released publicly to “help better inform other stakeholders on how to reduce vulnerabilities”.

The proposal comes amid calls from Labor to require Australian organisations to inform the ACSC before they make a ransomware payment to a criminal organisation.

Labor’s cybersecurity spokesperson, Tim Watts, said last week the government needed to act because ransomware was “completely out of control in 2021”.

Tuesday’s report makes eight recommendations including a proposal for the ACSC to publish a list of ransomware threat actors and aliases, together with details of their modus operandi and key target sectors and suggested methods to reduce the risk of falling victim.

It’s also suggested that the federal government use its procurement programs to prod businesses to improve their practices. Minimum cybersecurity standards would be imposed on contractors that wished to supply goods and services to the government.

The paper proposes a nationwide public ransomware education campaign to highlight the key causes of vulnerabilities.

Related: ‘We expect them to act’: Biden presses Putin on ransomware groups, hints at retaliation

It says that effort should be backed by a business-focused campaign to encourage organisations to improve their “basic cybersecurity and cyber hygiene”.

The director general of the ASD, Rachel Noble, told Senate estimates last month the agency was able to alert two other organisations they were targeted by the same ransomware attackers who crippled Nine Entertainment thanks to the agency’s “classified” powers.

Currently, the ACSC does not report how many ransomware incidents it knows have affected Australian organisations and individuals, but it said last year the number was increasing.

The top-five sectors to report ransomware incidents to the ACSC in 2019-20 were health; state and territory government agencies; education and research; transport; and retail.

Comments / 0

The Guardian

The Guardian

7K+
Followers
4K+
Post
2M+
Views
ABOUT

Read the latest news stories, opinion pieces, sports coverage and cultural highlights from The Guardian's award-winning writers

 https://www.theguardian.com
IN THIS ARTICLE
#Ransomware#Cyber Security#Australian#Nine Entertainment#Toll Holdings#Jbs Foods#Acsc#Cybercriminal#Labor
YOU MAY ALSO LIKE
News Break
POTUS
News Break
Politics
News Break
U.S. Politics
Country
Australia
Related
Economyinforisktoday.com

Insurer: Size of Claims Paid for Ransomware Attacks Declines

Cyber insurance provider Coalition Inc. says its clients' average claims for losses when they were hit by a ransomware attack totaled $184,000 in the first half of this year, down 45% compared to the second half of 2020. Losses resulting from ransomware attacks can include ransoms paid, recovery costs, breach...
Public Safetytucson.com

Letter: ransomware attacks

Re: July 9 letter, "Cyberattack list is unfathomable". The writer gives President Biden credit for furnishing Putin a list of cyber targets that are off limits. Putin has not dared to attack one of these targets. The writer asks why Biden didn't make all U.S. assets off limits. The president...
Public Safetythreatpost.com

BlackMatter & Haron: Evil Ransomware Newborns or Rebirths

They’re either new or old REvil & DarkSide wine in new bottles. Both have a taste for deep-pocketed targets and DarkSide-esque virtue-signaling. So much for darkened servers at the headquarters of DarkSide or REvil ransomware groups. Turns out, we’ve got either their rebranded versions or two new ransomware gangs to contend with.
Public SafetyBBC

Why remote working leaves us vulnerable to cyber-attacks

A cyber-crime group known as REvil took meticulous care when picking the timing for its most recent attack - US Independence Day, 4 July. They knew many IT specialists and cyber-security experts would be on leave, enjoying a long weekend off work. Before long, more than 1,000 companies in the...
Technologysecurityboulevard.com

Why Do Ransomware Attacks Keep Happening

Did you know the first instance of ransomware was in 1989? Though we’ve moved on from floppy disks containing malware and cashier’s checks used to pay attackers, we are far from moving past ransomware. Instead, ransomware has become more streamlined, and is one of the most popular tools of both amateur and expert threat actors. Just about anyone can purchase a ransomware strain off the dark web or can have the work done for them with ransomware-as-a-service (RAAS). And with the advent of cryptocurrency like Bitcoin, attackers can be nearly impossible to trace. But what has given ransomware such longevity, and what makes ransomware so dangerous? Read on to learn three key reasons why ransomware is often the chosen weapon of threat actors.
Technologycapecodtimes.com

Good analogies, but no easy solution to problem of ransomware attacks

Lawrence Brown's piece on ransomware correctly identifies the scope of the problem. The privateer metaphor aptly describes incentives and players. I am impressed with Brown's creative suggestion to "create a parallel paper trail for every bit of data stored online." His solution touches two desirable properties of a backup. You want an air-gap (offline copies), and you want fault resistance (paper medium). This is closer to reality than one would think. IT engineers often use slow, but high capacity tape drives for less frequent backups. Tape drives? Like a cassette tape? Yes, actually! While we don't really use cassettes for consumer storage, they are a robust medium akin to paper for hacker resistance.
AustraliaTennessee Tribune

Australia’s New Cybersecurity Laws Could Leave Critical Data Vulnerable Overseas

CANBERRA, Australia — New cybersecurity laws could result in critical data being sent overseas, the head of a major Australian data firm warns. The Security of Critical Infrastructure Bill, currently before the Australian parliament, would give cybersecurity agencies power to step into corporate information technology systems when there’s a major cyberattack that threatens to bring down vital infrastructure.
ComputersSilicon Republic

Is blockchain a friend or foe in ransomware attacks?

UCD assistant professor Dr Nima Afraz explores how blockchain technology could be used against cyberattacks as well as the potential danger it poses. In light of the recent ransomware attack on Ireland’s Health Service Executive (HSE), I have examined the possible role blockchain technology can play in exacerbating but also preventing such attacks.
POTUSPosted by
NBC News

U.S. accuses China of abetting ransomware attack

Hackers working for Chinese intelligence played a role in using ransomware to extort U.S. businesses, the White House said Monday. The announcement was part of a broader effort by the U.S. and a large group of allies, including the European Union, NATO, the U.K., Australia and Japan, to condemn China’s government for “malicious cyber activity,” a senior White House official told reporters on a call Sunday night. The official asked to not be identified as a condition of participating in the call.
IndustryPosted by
The Hill

To defeat ransomware attacks, build stronger partnerships

In America, we tend to take gasoline for granted. It’s been 42 years since the oil crisis of 1979, when price spikes and long lines at the pump were commonplace. Most drivers on the road today are too young to have waited in those lines. We assume that when we drive to the gas station, gas will be there.
Public SafetyItproportal

Kaseya ransomware attack: The knock-on effect of the cyberattack on managed service providers

Ransomware continues to be one of the top threats to Managed Service Providers (MSPs), critical infrastructure organizations and government agencies at all levels. As threat actors continue to evolve their strategies and increase demands, organizations are feeling the pressure of defending themselves against one of the greatest risks in the current cybersecurity environment.
Public SafetyItproportal

Prevent ransomware by stopping lateral movement: the case for active defense

Cybercrime is often motivated by profit, and threat actors have realized that the most profitable way to conduct their business is to target enterprises with deep wallets, a cyber insurance policy, and/or valuable assets. However, these attacks are not as easy to pull off as it is to send out a generic phishing email and hope for the best – they require a lot of resources and careful planning. The “hack for ransom” threat is spreading rapidly and, in many cases, paying handsomely. These professional cyber attack groups are targeting companies, hospitals, schools, government organizations, and critical infrastructure providers. The streak of successful ransomware attacks that has populated recent headlines is proof that the tactics are paying off. We are on the verge of a global digital pandemic that accelerates the exposure to harm or loss resulting from these attacks.
Worcester, MAWorcester Business Journal

Report: Coghlin Electrical Co. hit with ransomware attack

Worcester contractor Coghlin Electrical Corp. experienced a ransomware attack on Monday, although compromised files have been recovered, the Worcester Telegram & Gazette reported Friday. When reached via email by WBJ, Coghlin CEO Sue Mailman declined to expand on the situation. Per the T&G report, Coghlin did not pay anyone as...
Technologycommercialintegrator.com

Kaseya Obtains Decryptor Key for Recent Ransomware Attacks

After being hit by a significant cyberattack over the Fourth of July weekend, IT enterprise firm Kaseya says that it has obtained a universal decryptor key for victims of the REvil ransomware attacks. Kaseya Senior VP of Marketing Dana Liedholm said the decryptor key the company obtained does work but...

Comments / 0

Community Policy