Australia has warned small businesses and "mums and dads" of growing cyberthreats, as an Australian company that was contracted for national security projects was breached by hackers last year. The company is only one of over 47,000 cybercrime incidents that the country faced last year.
Dan Tehan, the minister assisting the prime minister for cybersecurity, revealed today that the hackers got access to a small defense contractor for an "extended period of time and had stolen a significant amount of data," before authorities became aware of the breach last November. "Analysis showed that the malicious actor gained access to the victim’s network by exploiting an internet or public-facing server, which they accessed using administrative credentials," Tehan said.
"Once in the door, the adversary was able to establish access to other private servers on the network."
While the security contractor remains unnamed, Tehan warned companies that cyberattacks could affect anyone as hackers are increasingly targeting businesses and national security operations across the world.
"Most concerning, is that these attacks were more elaborate than the attacks we have seen in previous years," Tehan said. "It is clear that the malicious actors looking to target major systems and critical infrastructure are increasing the sophistication of their vectors."
"Like nation states, cybercriminals are using more complex methods to target businesses, large and small. In particular, they are using increasingly personalized techniques to trick their victims."
"Cybersecurity is as relevant for mums and dads..."
The minister said that cybersecurity is becoming increasingly "relevant for mums and dads" along with small businesses and local communities, reporting a 20% jump in online scams and frauds targeting Australian citizens.
He recommended users to adopt stronger passwords, manage privacy settings more carefully, update software timely, back up data, and avoid scams in suspicious email messages.
"What is happening to mums and dads and the community more generally is just as alarming."
The government was releasing Australian Cyber Security Centre’s (ACSC) 2017 threat report when the minister revealed that the ACSC had recorded a 15% increase in cybercrime incidents from the year before in Australia. Tehan also mentioned that this growth in cybercrime is thanks to "franchise models and organized criminal networks" that are increasingly involved in hacking.
"Of particular note is ransomware-as-a-service, which sees anyone with a computer being able to use ransomware kits so long as they pay a fee to the original creator or seller," he said. "This model means that cybercrime is expanding rapidly."
- The ACSC report is available here [PDF].