There is a spiralling risk to digital infrastructure and remote workers as threat actors increase their rate of attack on Australian organisations and individuals, according to new research from Trend Micro.
In 2021, the cybersecurity firm blocked more than 58 million malware threats in Australia - the fifth highest market globally.
"Attackers are always working to increase their victim count and profit, whether through quantity or effectiveness of attacks," says Mick McCluney, technical director for Australia and New Zealand at Trend Micro.
"The breadth and depth of our global threat intelligence allows us to identify shifts in how malicious actors target their victims across the world," he says.
"Our latest research shows that while Trend Micro global threat detections rose 42% year-on-year in 2021 to over 94 billion, they shrank in some areas as attacks became more precisely targeted."
According to Trend Micro, ransomware attackers are shifting their focus to critical businesses and industries more likely to pay, and double extortion tactics ensure that they are able to profit.
The research reveals that whilst the percent of ransomware in Australia compared to the Oceania region decreased from 80% in 2020 to 68% in 2021, it has actually increased compared to the rest of the globe.
Ransomware-as-a-service offerings have opened the market to attackers with limited technical knowledge but also given rise to more specialisation, such as initial access brokers who are now an essential part of the cybercrime supply chain.
Threat actors are also getting better at exploiting human error to compromise cloud infrastructure and remote workers. Trend Micro Cloud App Security detected and prevented 25.7 million email threats in 2021 compared to 16.7 million in 2020, with the volume of blocked phishing attempts nearly doubling over the period.
Research shows home workers are often prone to take more risks than those in the office, which makes phishing a particular risk. In Australia, Trend Micro blocked over 197 million email threats in 2021.
Trend Micro says that in the cloud, incorrectly configured systems continue to plague organisations. Services such as Amazon Elastic Block Store and Microsoft Azure's Virtual Machine were among the services that had relatively high misconfiguration rates. Trend Micro also found that Docker REST APIs are frequently misconfigured, exposing them to attacks from groups like TeamTNT that deploy crypto-mining malware on affected systems.
The research also shows that business email compromise saw detections drop 11% globally. However, CAS blocked a higher percentage of advanced BEC emails, which could be detected only by comparing the writing style of the attacker with that of the intended sender. These attacks comprised 47% of all BEC attempts in 2021 versus 23% in 2020.
Australia saw an increase of BEC, up almost 63% since 2020, now accounting for 21% of all global BEC.
While 2021 was a record year for new vulnerabilities, Trend Micro research shows that 22% of the exploits sold in the cybercrime underground last year were over three years old. Patching old vulnerabilities remains an essential task alongside monitoring for new threats to prevent cyber-attacks and ensure strong security posture.