We can be educated on cybersecurity but disaster still can be just one click away. How we can turn off the cybercrime tap

By Sarah Sloan

Wednesday April 15, 2020


Cybercrime is estimated to cost the Australian economy AUD17 billion annually. As the federal government continues to draft its 2020 Cyber Security Strategy, it is critical that we address how to turn the tap off on cybercrime, says Sarah Sloan.

In 2017, I was working as the cyber security adviser to the Hon. Dan Tehan MP who, at the time, was the Minister Assisting the Prime Minister for Cyber Security. Minister Tehan had just delivered a national press club address on the importance of addressing cybercrime, discussing the latest data from the Australian Cyber Security Centre (ACSC) threat report. The report highlighted a growth in a new type of cybercrime called ‘business email compromise’ (BEC) and noted reported losses in Australia had jumped a staggering 230% — from $8.6 million to $20 million. He encouraged more citizens to report cybercrime and more victims to come forward and share their experiences. Through sharing this information, we could raise awareness, adjust our online behaviours, enhance our security posture and make Australia more resilient to cybercrime.

Once the speech had concluded, I returned to my desk at Parliament House. Shortly after, a call came through from a distressed member of the public who had just watched the minister’s address.

Premium unlocked.

Sample and save 50% on a yearly subscription.

Offer ends 08/12/2020.

The small-business owner had fallen victim to BEC and lost around $300,000. Someone had compromised his network, sent two emails from his account, and authorised the accounts team to make two transfers: the first, a smaller payment of $50,000 — a test to see if it would work; the second, a much larger payment of $250,000 to an offshore account. The man was distraught — what could be done? How could this happen? And what could the government do to help businesses mitigate risks or prevent these attacks?

Upward trend of cyberattacks and penetration into key verticals

The sad reality is that these kinds of stories are all too common. This certainly was not the first or last time I received a call like this.

And attacks like these continue to grow at a tremendous and remarkable scale all around the world.

A new report released by Palo Alto Networks’ threat intelligence team, Unit 42, shows that business is booming for a Nigerian cybercriminal organisation, assigned the name ‘SilverTerrier’.

In 2014, the group behind SilverTerrier consisted of a few individuals experimenting with malware — software designed to damage, disrupt or gain access to a network — purchased online. Today, it encompasses around 480 different actors and groups, collectively producing more than 81,300 samples of malware that has been linked to 2.1 million attacks worldwide.

The frequency of SilverTerrier’s attacks has also increased. In 2018, there were an average of 34,039 attacks per month against Palo Alto Networks’ customer base. In 2019, this number climbed to an average of 92,739 per month — peaking at 245,637 attacks in the month of June 2019. While our customer base was protected against these attacks, the statistics demonstrated the widespread proliferation of this malware.

The data also shows attacks targeted at all industry segments, including small-to-large businesses, healthcare organisations, and even local, state, and federal governments.

Globally, the top three targeted industries include the high-tech sector, professional and legal services industry, and manufacturing. While the high-tech industry received the greatest number of attacks — nearly doubling from 164,000 to 313,000 over the past year — the professional and legal services industry saw an alarming 1163% increase in attacks over the previous year, with a total of 248,000 attacks.

In Australia, the figures show a slightly different trend. In 2019, Palo Alto Networks saw 627 types of malware used by SilverTerrier in Australia, resulting in 7032 attacks on Australian networks. The top three targeted industries include state and local governments, which comprised 44% of attacks, followed by education (18%), and wholesale or retail (11%). What is clear from the data is that cybercriminals do not discriminate as to whom they target when it comes to making money.

Alarmingly, around 65% of Australians targeted by SilverTerrier saw three or more attack sessions over the course of the year. This indicates that Australians may be falling victim to the same, if not similar, style attacks repetitively and are not adjusting their cybersecurity posture in response to incidents.

Economic impact of cybercrime and the way forward

SilverTerrier is only one actor — we know that across the globe there are hundreds of cybercriminal groups profiting from their operations.

Cybercrime is estimated to cost the Australian economy $17 billion annually.

As the federal government continues to draft its 2020 Cyber Security Strategy, it is critical that we address how to turn the tap off on cybercrime.

But first, we must address cybercrime’s image problem.

While for many people in Australia the word ‘cybersecurity’ is synonymous with sophisticated nation states and secrecy, ‘cybercrime’ appears to be synonymous with a kid in a hoodie working in his or her mum’s basement. However, this could not be further from reality.

Today, cybercriminals operate like a sophisticated business — they employ people, they have hierarchies and they have processes. Cybercrime is also the more common experience for everyday Australians — whether it be BEC, identity theft, or the romance scams, which last year had reported losses across Australia in excess of $28 million.

Australia’s new strategy should consider how to protect Australians from cybercriminals and do it at scale.

And the government cannot do this alone. The strategy must consider how the private sector can and should be leveraged in support of this objective.

Not just because businesses are often the targets of cybercriminal organisations, but also because of their unique position to see attacks on theirs and their customers’ networks.

Encouraging more private-public partnerships

As a result of their worldwide operations and customer base, global cybersecurity companies can have visibility of — and the ability to disrupt — cyberthreats that rivals some nation states. And in some cases, companies can prevent cybercrime before the victim is aware anything has occurred.

As with SilverTerrier actors over the past few years, cybersecurity companies often share the forensic information with law enforcement so they can arrest and prosecute the actors behind the campaigns. Strong public and private cooperation are crucial to address the growing threat cybercrime poses to Australia.

The Joint Cyber Security Centres, located in most states, should enhance engagement with local governments and businesses. The centres should enable the sharing of threat information in real time and exercise cyber incident response arrangements to ensure we are ready to respond when (not if) a cyberattack occurs.

The private sector should be leveraged to help raise public awareness. This could be achieved via forming a consortium of companies to co-fund and co-design a cybersecurity awareness campaign.

But while raising awareness is important — and I personally would love to see some catchy cybersecurity message about the need to ‘patch it up, back it up, lock it up’ on my TV — it alone is not enough.

People can be educated about the importance of cybersecurity but at the end of the day, we are human, and it just takes one click.

Once that click is made, investigating cybercrime can be extremely difficult and prolonged.

Not only are cybercriminal activities clandestine in nature, but many employ sophisticated techniques to mask their location and identity, and investigations often require international cooperation which may not always be forthcoming. Investigations rarely result in the recovery of what the victim has lost.

We need to look at how we can stop these threats before they hit the end users.

Mobile and internet service providers need to have constant real-time visibility across traffic passing through their networks and be able to detect and stop in real time cybersecurity threats within that traffic. These measures can reduce the volume and impact of cyberattacks to national infrastructure, government networks, business, and citizens. Industry and governments should work together to achieve this goal.

Our cousins across the ditch have already acted in this regard, with New Zealand offering a malware-free network service to its critical infrastructure. Australia should look at how a similar program could be delivered here.

It’s important that we work together to turn the tap off on cybercriminals — it’s hurting our people, our businesses, and our economy.

To do this, we may need to look at new ideas and new ways of working across public-private sectors. We will also need to invest to ensure we have a well-resourced strategy and consider moving from a cyber security strategy to a cyber strategy.

As a former cyber minister once said: If you’re standing still in cyber, you’re moving backwards.

Let’s crack on, Australia.

Subscribe today and save $220 on an annual subscription

Because we are reader funded, we’d love you to join Mandarin Premium. Without your support, we simply can’t do what we do. And we’re looking forward to doing a whole lot more in 2021.

If you subscribe now, you can save 50% ($220) on an annual subscription*. Just enter promo code PREMIUM50 when you subscribe.

*Offer ends 08/12/2020.


Chris Johnson
Managing Editor

Subscribe today
About the author
Inline Feedbacks
View all comments

The essential resource for effective public sector leaders