Hack attacks on businesses double in year

Attacks on Australian businesses have increased 92 per cent, with Microsoft Office and Citrix users at risk.

DAVID SWAN and Joe Kelly

2 min read

7:14AMJune 21, 2020

Security in Depth chief executive Michael Connory and Dr Elizabeth Sigston. Picture: Stuart McEvoy

The number of “spear-phishing” attacks on Australian businesses over April, May and June has increased 92 per cent on the same period last year, rising from about 1600 to 3100 attacks per month.

Data from Security In Depth — a cyber security research and advisory outfit — has also found the amount of hacking attacks or attempted attacks on organisations increased dramatically on last year from 400 to about 550 per month.

Organisations at risk include those on older versions of Microsoft Office that have not been patched, and older versions of Citrix software are also vulnerable.

While Scott Morrison has announced a $200m injection into cyber security training and jobs, Security in Depth chief executive Michael Connory argued it represented a “drop in the ocean” compared with what was required to safeguard Australia’s infrastructure. “The state-based actors, thought to be Chinese, are primarily using spear-phishing techniques, which means they are sending targeted emails to specific individuals,” he said.

“If the individual opens the email, the actor will know and will also know if the link has been clicked on, enabling further, more sophisticated targeting. They are currently looking for individuals to provide credentials to Microsoft and Citrix systems. This means username and password.

“This enables the state-based actor to be able to log into these systems and take over the computer — accessing network information such as emails, IP and financial information.”

The Australian Cyber Security Centre warned companies, institutions and governments to be alert and urgently enhance “the resilience of their networks” after confirming the “sustained targeting” of Australian organisations by a “sophisticated state-based actor”.

Australian businesses have been hit by a range of recent attacks, including Lion, the trans-Tasman dairy and beverages company, caught by a ransomware attack this month which forced it to shut down its key IT systems.

Logistics company Toll Group was hit for a second time this year on May 5 with a “Nefilim” ransomware attack in which commercial and employee data was accessed, forcing it to revert to manual management for parts of its operations. Up to 1000 of its servers were also infected with “Mailto” ransomware at the end of January, affecting its staff worldwide. BlueScope also confirmed on May 15 that its IT systems fell victim to a cyber incident, affecting manufacturing and sales operations in Australia.

Talman Software, used by more than 75 per cent of the wool industry in Australia and New Zealand, was also attacked. In May, West Australian Premier Mark McGowan said investigations were under way following a report that Chinese hackers had used a new attack tool to target his office, sent in an email from the Indonesian embassy in Australia.

In February last year, the Prime Minister warned there had been a “malicious intrusion” into the Parliament House computer network and the networks of the Liberal, Labor and Nationals parties had also been affected. He told parliament a “sophisticated state actor” was behind the attack.

The Australian National University’s student record system was infiltrated in November 2018, with hackers in the system until mid-December that year. A uni report said the “extremely sophisticated” hackers gained access to nearly two decades of records, allowing them to zero in on individuals who had gone on to careers in the nation’s intelligence services.