Australia comes in 8th among most targeted countries for ransomware attacks in July, Flashpoint study finds

Flashpoint, the global risk intelligence firm, has published its July Cyber Threat Intelligence Index which shows Australia was in the top 10 countries for ransomware attacks last month.

What were the findings of Flashpoint’s July report?


Flashpoint’s latest ransomware infographic paints a sobering picture of the evolving threat landscape, with cybercriminals employing increasingly sophisticated tactics. In July, Flashpoint recorded a total of 515 ransomware attacks. Clop was the most prolific ransomware group, being responsible for nearly 33 per cent of July’s recorded ransomware attacks.

The US experienced the most ransomware events, accounting for 48 per cent of all recorded attacks, while Australia ranked eighth. Internet Software and Services continues to be the most targeted industry, followed by Construction & Engineering, and Professional Services.

“We’re consistently still seeing Australia among the most targeted countries in the world for ransomware attacks. Safeguarding company assets from ransomwares is crucial for Australian businesses, who should all implement or constantly update their own threat readiness and response plans in order to prevent loss, service disruptions, and lasting damage,” said Ben Gestier, Senior Intelligence Analyst and Team Lead APAC/EMEA, Flashpoint.

Vulnerability Intelligence

1,994 new vulnerabilities were reported in July, with 312 of them being missed by the Common Vulnerabilities and Exposures (CVE) and National Vulnerability Database (NVD).

According to the Flashpoint report, 36 per cent of July’s disclosed vulnerabilities are rated high-to-critical in severity. If exploited, these issues could pose a significant security risk. Over 56 per cent of last month’s vulnerabilities are remotely exploitable. This means that if leveraged, threat actors can execute malicious code no matter where the device is located.

Vulnerability Management teams can potentially lessen workloads by 90 per cent by focusing on actionable, high severity vulnerabilities reveals the report. This classification is given to vulnerabilities that are remotely exploitable, that have a public exploit, and a viable solution.

Data Breaches

Studying breach events can help Chief Information Security Officers (CISOs) and security teams better understand the goals and motivations of threat actors. In July, Flashpoint recorded 529 data breach events and threat actors stole a total of 481.2 million records.

Organisations in the United States accounted for more than 64 per cent of July’s recorded data breaches. Unauthorised access, or hacking was the leading cause of data breaches in July, being responsible for over half of recorded data breach events as per the report.


Flashpoint looked at the latest malware trends: which malware threat actors favour, how they get access to a victim’s systems, and what cybercriminals do once they gain a foothold.

Trojans were the most widely used malware type in July’s recorded attacks. In particular, the cobaltstrike malware family accounted for 33.22 per cent of July’s top five indicators of compromise. The most favoured MITRE ATT&CK tactic was Command and Control.

Insider Threat

According to Flashpoint, the tactic of recruiting insiders has become immensely popular amongst threat actors aiming to breach systems and/or commit ransomware attacks.

In July, Flashpoint analysts collected 7,055 posts advertising insider services – both from threat actors seeking insiders and malicious employees offering their services. Of those, 1,121 were unique posts from individuals in illicit and underground communities.

The Telecom, Financial, and Retail industries were the most targeted for insider threats in July. The majority of insider threat related postings originated from insiders advertising their services to outside threat actors. Most of this activity came from the Telecom sector.