Australia has seen a 13% increase in cybercrime reports, with this continuing to rise well into 2023. This is a massive increase and a tell-tale sign that cybercriminals are becoming more agile and adaptable than ever. As a wealthy country, Australia is an attractive target for global ransomware groups, with many industries taking a big hit by criminals in Q3 of 2022.
Trellix’s Q3 Threat Report reveals ransomware activity has doubled in the transportation and shipping industries. Global telemetry from our threat intelligence team shows indicators of compromise (IoCs) that belong to several campaigns from advanced persistent threat groups (APT). Trellix’s Advanced Research Centre were able to identify those detections in the transportation and shipping sector in the US increased 100% from Q2 to Q3 of this year.
This highlights how ransomware groups are targeting large multinational businesses across the nation, the ‘industry’ of the month and provides key insights into their behaviour.
A global snapshot of ransomware activity
Australia has seen some of the biggest ransomware attacks throughout 2022, both in the size of the breaches and in frequency. Throughout Q3, there were movements and updates from the world’s most notable ransomware groups. The two key updates include:
- Conti officially stopped their operations. Conti’s source code was leaked as well as their chats.
- LockBit remains the top ransomware family. At the end of Q3 their “builder” was released, and allegedly various groups are establishing their own RaaS with it. Phobos ransomware continues to be active and accounts for 10% of our telemetry hits. Their tactic of selling a complete ransomware kit and avoiding large firms allows them to stay under the radar.
Ransomware groups focused their attention on multiple industries, with telecom, transport and shipping, media and public sector industries representing the most impacted globally. The attack vectors were identified in the report, with Malware leading the charge in Q3, followed by account takeovers, targeted attacks and vulnerability attack vectors in the same period.
Email remains a major security risk
One of Australia’s largest telcos, Telstra, released data on how they have been blocking 332 million incoming scam and unwanted emails every month, only supporting the notion that emails are one of the major ways cybercriminals are targeting businesses in their attacks.
Our Advanced Research Centre noted several new email security threats throughout Q3 with URLs comprising of 91% of the top 10 most utilised means of packing malicious payloads from all detected malicious emails throughout the period. Other key findings from Q3 include:
- Globally, the financial services sector was the sector most impacted by malicious emails in Q3 2022, with 20% of malicious emails targeting the sector, followed by local government (13%) and manufacturing (12%)
- 68% of malicious emails were phishing attacks, followed by malware (22%) and scams (9%)
- The Microsoft Office Equation Editor/ vulnerability was the most exploited among malicious emails received by customers in Q3 2022
Where to from here
Coming into the new year, Trellix’s 2023 predictions anticipate spikes in geopolitically motivated attacks across Asia and Europe. As such, we will observe imminent global cyberthreats to critical infrastructure as cyberwarfare evolves. In Australia, the Federal Government is ramping up efforts to combat the increase in cyberattacks with the appointment of an Expert Advisory Board to develop a new Cybersecurity Strategy.
The new strategy will seek to improve resilience to cyber threats and aims to address the consequences of incidents. Cybercriminals are constantly evolving, with new, creative and innovating ways designed to steal data from firms in every industry. We encourage an approach that takes into account the dynamic nature of hackers. Leaders and businesses alike need to adopt a living security approach that can appropriately tackle this growing issue.
Luke Power is the Managing Director, ANZ at Trellix.
