The future of cybercrime in Australia – ESET
FYI, this story is more than a year old
Article by ESET senior research fellow Nick FitzGerald
I must admit that this article’s title is a ruse!
You see – and at the risk of offending the fair residents of the Lucky Country – there is little specifically Australian about any cybercrime or the directions it follows as it develops and expands.
Surprised? It’s right there in the name: “cyber” basically means “of computers, IT, or the internet”.
Although its copper and fibre tendrils must be physically present so connections can be made, the internet is really an ethereal collection of protocol definitions allowing computers to interconnect and communicate more or less flawlessly.
Thus, a computing device in any physical location is not fundamentally different from any other connected to the internet, and all are approximately equally accessible from anywhere.
Of course, that does not mean cybercriminals necessarily attack connected devices indiscriminately.
They occasionally do, such as when we see any and all accessible IoT devices recruited into DDoS botnets or when mass-spreading computer worms proliferate.
However, that is not the usual modus operandi.
Computers located in specific countries (or containing the data of organisations from specific countries) may be more attractive to cybercriminals because those countries are richer and thus, on average, their institutions will have more to lose.
However, that’s a very broad-spectrum observation and hardly rates as “deliberate targeting” beyond the simplistic level suggested by infamous US bank robber Willie Sutton who, when asked why he robbed banks, reputedly answered “Because that’s where the money is”.
Some cybercriminals are primarily driven to compromise specific targets for their geopolitical significance to the attackers, or those funding them.
These attacks will continue so long as the target seems worthwhile and the attackers have funding to continue their work (read: forever).
This is essentially the extension of nation-state spying into the computer realm, and unlikely to feature in the risk modelling most us will be doing.
Other groups (some are also state-sponsored, others presumably competitors) target specific companies for their intellectual property (IP).
The remainder are generally more opportunistic, plucking low-hanging fruit readily identified with search tools such as Shodan or using intelligence purchased on the black market.
These cybercrooks typically focus on infiltrating networks and stealing money through fraudulent bank transfers and the like, or on document and IP theft driven by the hope that they will subsequently be able to find a buyer for their haul.
So how do you protect yourself against these diverse groups of cybercriminals?
Careful, ongoing risk modelling should inform you of the likelihood your organisation will be in the actual or probabilistic crosshairs of these various groups.
Of course, you already have standard endpoint protection, suitable firewalls and other network protections, 2FA and backup solutions in place.
However, depending on how much greater the threat that these more organised and motivated groups might pose, you may be inclined to consider endpoint detection and response (EDR) solutions and/or threat intelligence services.
Both can help improve your ongoing risk analysis, and EDR solutions provide unprecedented visibility into your company network and the ability to perform complex anomaly detection and remediation, locate policy violations and more.