IT Brief Australia - Technology news for CIOs & IT decision-makers
Australia
Guides
#
artificial intelligence
#
digital transformation
#
disaster recovery
#
hybrid & remote work
#
internet of things
Search
#
Ransomware
#
Cryptocurrency
#
Blockchain

Exclusive: Cyber threats escalate as Australian organisations face sophisticated attacks

Today
Author image
By Melania Watson, Interview Editor

Cybersecurity threats against Australian organisations are evolving, with criminal groups deploying more aggressive and financially motivated attacks.

Raj Samani, Chief Scientist at cybersecurity firm Rapid7, has warned that while sophisticated nation-state attackers remain a threat, financially driven ransomware groups are now employing advanced techniques once reserved for state-sponsored hackers.

Speaking about Rapid7's latest research, Samani highlighted a significant shift in the cyber threat landscape.

"We've always assumed that Advanced Persistent Threat (APT) groups had the most capable techniques, using zero-day vulnerabilities and the most sophisticated tools," he said. "But when we analysed groups a recent campaign from the threat group known as APT19 and compared to ransomware groups, we found that these organised criminal groups used more capabilities and were certainly more aggressive"

Rapid7's research examined the initial entry vectors used by APT groups and ransomware gangs targeting Australian organisations.

"APT groups like APT19 commonly most recently used Remote Desktop Protocol (RDP) and spear-phishing as their main entry points," Samani explained.

"However, ransomware groups are actively exploiting zero-day vulnerabilities, a technique once thought to be exclusive to state-sponsored hackers."

One example of this shift is the rise of ransomware group FunkSec, which has been highly active since December 2024.

According to Samani, FunkSec has used highly disruptive and aggressive tactics, auctioning off stolen data when victims refuse to pay. "This is a stark reminder that traditional security stereotypes are outdated," he added. "Criminals are innovating rapidly, and businesses need to be prepared."

Why Australia Is a Target

Australia's geopolitical position makes it an attractive target for cyber espionage and financially motivated attacks. However, Samani noted that no nation is immune to these threats. "Every country is being targeted by APT groups," he said.

"What's important is that we understand which groups are targeting Australian businesses and how they operate."

A major issue, he pointed out, is that many organisations fail to patch known vulnerabilities, leaving themselves open to attacks.

"If you remember the telco hacks from September, Salt Typhoon was exploiting just five known vulnerabilities," he said. "Knowing those five vulnerabilities and patching them quickly can be the difference between staying secure and making front-page news as the next victim."

Failing to address these vulnerabilities can have severe consequences. "Groups like FunkSec will not only encrypt your data but also sell it to third parties if you don't pay," Samani warned. "The cost of a breach is higher than ever, both financially and reputationally."

The High Cost of Cybercrime

The financial toll of ransomware attacks is staggering. According to Coveware research, the average ransomware demand in late 2024 was approximately USD $479,000.

"That's nearly half a million dollars just to get a decryption key that might not even work," Samani said. "For some groups, like the RansomHub crew, estimated earnings last year were around $41 million."

Ransomware negotiations remain a high-stakes game for victims. "These criminals don't care about ethics – they just want to get paid," Samani said.

"We've seen some rare cases in healthcare where attackers felt bad and gave a decryption key for free, but those cases are exceptions."

Common Cybersecurity Mistakes

Many organisations continue to make fundamental cybersecurity mistakes, leaving them vulnerable to attack. Samani identified the main issues as unpatched vulnerabilities, misconfigured systems, and a lack of proactive threat hunting.

"RDP has been an attack vector for years, and yet it's still one of the most exploited entry points," he said. "Why are we still talking about this?"

Samani also stressed the importance of understanding attacker tactics. "If you know which groups are targeting you and how they operate, you can put in place the right defences," he said. "Regular threat hunting and vulnerability management should be non-negotiable."

The Evolution of Ransomware

FunkSec is one of several ransomware groups pushing the limits of cyber extortion. "What's interesting about FunkSec is that they've introduced an online auction model for stolen data," Samani explained. "They're applying the same psychological pressure tactics as online marketplaces – creating a sense of scarcity and urgency."

He likened this to eBay-style auctions, where time limits pressure buyers into making decisions. "They're using subconscious levers to influence victim behaviour," he said. "Instead of just demanding a ransom, they're saying, 'Pay up, or we'll sell your data to the highest bidder.'"

Post-Breach Challenges

Recovering from a cyberattack is no simple task. "Security isn't easy," Samani admitted. "Organisations are dealing with tens of thousands of Common Vulnerabilities and Exposures (CVEs) every year. Prioritising which ones to patch is a challenge."

Businesses also face overwhelming security alerts. "There are thousands of alerts flooding Security Operations Centres (SOCs) daily," he said. "Which ones do you investigate? If you miss one, that could be the attack that brings your company down."

The Role of Cryptocurrency

While cryptocurrency doesn't directly cause ransomware, it certainly facilitates payments. "The vast majority of ransomware payments are made in cryptocurrency," Samani confirmed.

"There was a case in Ireland where a victim had to learn what Bitcoin was just to pay the ransom."

Though law enforcement has improved its tracking of cryptocurrency transactions, anonymity remains a challenge.

"You can track wallets, but identifying the person behind them is much harder," he said.

Strengthening Cyber Defences

Samani's advice to Australian businesses is straightforward: focus on intelligence-driven security.

"Understanding who is targeting you, what tools they're using, and how they operate is crucial," he said. "Regular threat hunting is just as important as firewalls and antivirus software."

He also stressed the importance of collaboration between businesses and law enforcement.

"Initiatives like 'No More Ransom' have been effective, offering free decryption tools to victims," he said. "Meanwhile, efforts like the ASD's recent indictments show that we're starting to hold criminals accountable."

Despite the growing threat landscape, Samani remains optimistic. "Security is a tough job, but it's not impossible," he said.

"Organisations just need to be proactive, rather than reactive."

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Deputy unveils Pay Rate Builder to tackle wage compliance
Wavelink partners with N-able to offer data protection & security solutions
Southern Cyber adopts Check Point's prevention strategy
IWD 2025: Why women should pursue the road less travelled even if they don’t herald from a tech discipline
IWD 2025: Navigating your career growth: Empowering women in technology
Top stories
Half a billion eSIM units shipped globally in 2024
Adobe Summit 2025: Digital innovation set to light up Las Vegas
IWD 2025: Far-reaching influence: the impact of women in business
Opus Security unveils new AI-powered vulnerability platform
Intel expands AI PC portfolio with Core Ultra launch