IT Brief Australia - Technology news for CIOs & IT decision-makers
Story image
80% of reported ANZ cyber incidents are DDoS attacks, financial industry hit hardest
Thu, 16th Dec 2021
FYI, this story is more than a year old

New research has found 80% of incidents in ANZ during 2021 so far were DDoS attacks.

The research, from application security and delivery firm F5, in collaboration with Effluxio, found incidents targeting user profiles and remote administrative tools were seen alongside criminals launching sophisticated campaigns designed to seek out and target vulnerable business executives.

"What we found is attackers have developed the capabilities to do extremely deep research on personas inside of organisations," says David Arthur, security solutions architect at F5.

"While these attacks are not always targeting a C-level executive, it could be a pathway to them such as a personal assistant, with the express purpose of reaching those who are the most vulnerable to exploitation," he says.

"We've even had cases of cyber criminals impersonating elite, military intelligence groups in an attempt to extort businesses. Of course, if you're not somebody who's living and breathing security, you'll be unfamiliar with how these groups operate, which is what they're counting on."

The research also uncovered APCJ to be the global leader in reported DDoS attacks from 2018-2021, as criminals focused their attention on regions and markets such as ANZ, which are viewed as easier and more vulnerable targets.

 "The reason we've seen such a spike in DoS incidents across APCJ and ANZ is other regions tend to have their defences already primed to deal with these attacks," says Arthur.

"Organisations have finite resources, and with the rate new technology is entering the market, you can't solve every single problem to the highest level that you'd want to."

Findings also revealed financial services had 78% more authentication attacks, dwarfing other industries such as government and services providers, in addition to more than 45 million scans targeting port 5900, the network port responsible for VNC, a popular desktop sharing and remote access control application.

"Attacks targeting remote access solutions were already showing up in the data well before COVID-19, but it skyrocketed after the pandemic began," says Malcolm Heath, senior threat researcher at F5.

"What you had was the use of fast, cheap and easy way to provide remote access to employees who were suddenly working from home, and attackers realised that and just followed right along," he says.

"These systems are not always subject to a company's password requirements, so you end up with individual employees setting basic passwords such as 'ABC 123', and there you go, it's as if I'm sitting right at your desk."

Heath adds, "It's clear that attackers are quick to adapt to change in the world and will move quickly towards the newest, weakest links.

"For every new service or change to our environments, we must consider how attackers can use this to their advantage, and reconsider our defenses as well."