Firms hit by surge in cyber extortion

Attacks on Australian companies have increased to the highest levels in more than 18 months.

Sarah Ison

@@sarsison

2 min read

4:58PMDecember 07, 2022.

Updated 7:10PMDecember 07, 2022

CyberCX director of cyber intelligence Katherine Mansted. Picture: James Alcock

Cyber extortion attacks on Australian companies have increased to the highest levels in more than 18 months, after criminals gained access to millions of Australians’ data through the Optus and Medibank hacks.

Intelligence from CyberCX – the nation’s biggest cyber-security firm, headed up by Turnbull government adviser Alastair MacGibbon – revealed the Medibank breach was among 16 successful extortion attacks carried out in November.

Of the companies targeted, a third were from the engineering, manufacturing and construction sectors, and a third were professional services companies. A further 20 per cent were in the IT sector, 7 per cent in financial services and 7 per cent in education.

“These figures will confirm what I think many Australians felt in a visceral sense over recent months – a surge of cyber extortion attacks targeting Australian organisations,” Mr MacGibbon said. “We’re also seeing cyber criminals adapt, evolve and innovate to get better at what they do. We need to do likewise and be as proactive as possible in defending our critical systems.”

Cyber extortion refers to the theft of, or locking up of, data through ransomware. To ensure the data is not released publicly, or to have it unlocked, companies are extorted to the tune of millions of dollars.

In an intelligence report seen by The Australian, CyberCX revealed almost a dozen criminal gangs were involved, as cyber intelligence director Katherine Mansted confirmed the number of actors “raised eyebrows”.

“Previous spikes have generally been driven by two or three big-name established and organised groups and they’re just doing more harm across more organisations,” she said.

“This month is remarkable because not only is it the highest on our records over the past 18 months, but it’s the most number of different groups. That tells us something is potentially changing. This is getting worse. Despite law enforcement efforts to tame the beast, there are more cyber organisations piling in.”

Criminal gangs identified included Medusa, Blackbasta, Hive, Cuba, Ragnarlocker and REvil, the group that claimed responsibility for the Medibank attack.

Ms Mansted said one possible reason behind the explosion of gangs involved was that “the barriers of entry” were lower. “New groups are springing up and victimising Australian organisations,” she said. “Of that list of criminal organisations, at least three are new and three have reinvented themselves … suggesting this is a lucrative market and more groups are jumping in.”

Ms Mansted said the Russia-Ukraine war could be another reason there had been a surge in attacks on Australian companies, given many gangs had their origins in Russia and would have observed Canberra’s support for Ukraine.

The CyberCX intelligence report also noted that while Australia-China relations were showing “signs of improvement”, tensions persisted and at least one cyber attack in November had been attributed to Chinese espionage.

While not constituting cyber extortion, the large-scale malware campaign by Chinese gang Mustang Panda targeted the government and legal sectors in Australia and the Indo-Pacific.

Ms Mansted said Australia was “dealing with a trend that was getting worse”, with criminals getting better at cyber extortion.

She said a growing tactic, as seen in the Medibank attack, was threatening to expose the personal information companies held. “And when you’ve got new actors and increased activity, that increases the chance that we will see new and potentially even more diabolical tactics emerge.”

Labor announced last month a new Australian Federal Police-Australian Signals Directorate taskforce to disrupt cyber criminals or “hack the hackers”.