Working from home is changing the way a vast number of enterprises operate in Australia and around the world. But it is also leaving those enterprises more vulnerable to cyber attacks by well organised gangs who are demanding ransom payments under threat of destroying a business.
In the US so called “ransomware attacks” have been rising sharply and the gangs are starting to realise Australia is a soft touch because they can enter the corporate systems via so called phishing emails. Originally these emails were used to download an individual’s information . Now they are the gateway to large enterprises and government organisations.
According to the FBI, bank robberies in the US have halved in the past decade, with the perpetrators being caught and convicted in almost two-thirds of cases. In stark contrast, just 0.05 per cent of cyberattacks result in a conviction.
The World Economic Forum’s 2020 Global Risks Report 2020 warns that by 2021 cybercrime damages could reach $6 trillion — on a par with the GDP of the world’s third-largest economy.
Last year in the US, 205,280 organisations submitted files that had been hacked in a ransomware attack — a 41 per cent increase. Many did not report attacks. In the last quarter of 2019 the average payment to release files was $US84,000 but in December 2019, that jumped to $US190,946, with several organisations facing multi million dollar ransom demands.
Our largest attack was on Toll Group, which may not have come via home working. Toll is one of Australia’s biggest transport groups and operates internationally so it represents an attack on a major part of the national supply chain. Its an issue that has been masked by the attention on COVID-19.
Australians have often seen cyber attack as a US dominated crime. But as well as Toll, attacks on Service NSW and BlueScope have raised the alert that we are vulnerable, particularly when working from home employees take computers outside the workplace and connect them the corporate network.
While the three big recent attacks have been the most prominent, there have been many more. BlueScope, for example, had to shut part of the Port Kembla steel mill and revert to manual operations in parts if its business.
But the attack against Toll, which is now owned by the Japanese Post Office, was the most vicious.
Trade publication ITNews disclosed details of the Toll attack and my description is based on its material.
In January Toll was the subject of a ransomware attack on a large part of its IT infrastructure by a “Mailto” group of attackers. Toll was required to pay a ransom and refused.
Toll repaired its systems but it seems there was a concealed entry point that was not detected and this was transferred or sold to another group known as the “Nefilim attackers”
They were even more vicious and Toll Group may have lost over 200GB of corporate data to the new attackers. As with BlueScope Toll had to revert to manual management of big parts if its transport group.
When Toll again did not pay the ransom Nefilim started to dump the material onto the dark web.
Toll Group is attempting to verify the data that has been published. Its official statement said:
“Following our announcement last week that a ransomware attacker had stolen data contained on at least one Toll corporate server, our ongoing investigation has established that the attacker has now published to the dark web some of the information that was stolen from that server.
“As a result, we are now focused on assessing and verifying the specific nature of the stolen data that has been published.
“As this assessment progresses, we will notify any impacted parties as a matter of priority and offer appropriate support.”
Given the original attack was in January the Toll breach may not have been via working from home but all enterprises are now going to be required to review their cyber security and whether insecure practices in working from home threaten the very existence of their business and that of their customers.
More Coverage
Google dumps diversity hiring targets
The tech giant joins a growing list of US companies to get rid of diversity, equity and inclusion programs, citing it wanted to create more ‘equal opportunities’.
Google kills diversity hiring targets
The tech giant is eliminating goals to hire more minority employees and reviewing DEI programs, part of a pullback across Silicon Valley.