CyberCX, Australia’s largest independent cyber security company, released its inaugural Annual Threat Assessment that covers the threat landscape across Australia and New Zealand and predictions for how the behaviour of cyber criminals and nation-state actors will evolve in the year ahead.
CyberCX addresses the need for locally informed commentary on regional and global threats. For too long Australian and New Zealand organisations have relied on cyber security threat intelligence from overseas – usually United States-based multinationals – to inform their understanding of the evolving threat landscape. In recent years, the Australian government has increased the amount and cadence of cyber threat information – which is welcomed. However, there remains a need for regionally specific analysis informed by a deep understanding of the evolving issues being faced by Australian and New Zealand organisations.
Drawing on CyberCX’s market-leading cyber intelligence capability, the assessment details how threat actors have leveraged COVID-19 to their advantage, the escalating risk of business email compromise and the increasing sophistication of ransomware campaigns. The Threat Assessment includes a deep dive analysis of ransomware groups that have been highly active in the ANZ region, with the CyberCX Cyber Intelligence team observing a clear shift to data extortion tactics by these threat actors – a trend that is predicted to accelerate in the year ahead.
CyberCX Chief Strategy Officer Alastair MacGibbon said the Threat Assessment also highlights how threat actors are accelerating their ability to exploit newly discovered vulnerabilities before enterprises patch their systems. “What we’ve seen with recent compromises, such as Accellion and now Microsoft Exchange, is that cyber criminals and nation-state actors are rapidly exploiting vulnerabilities when they become known. Threat actors are moving so quickly, and the timeframes have become so narrow, that if you don’t patch within a few hours, you should assume you are at risk of compromise and take action accordingly.” said MacGibbon
The Annual Threat Assessment details how threat actors have heavily exploited pandemic-related themes in social engineering phishing campaigns, with phishing campaigns predicted to become faster, smarter and better at evading protection.
The Threat Assessment provides a range of strategic and technical recommendations for how organisations across Australia and New Zealand can improve their cyber security posture going forward, including response planning, education and awareness, and smarter vulnerability management.