Across Australia, telemetry and industry sources indicate that the number of local ransomware attacks are on the rise while average ransom amounts are down as cyber attackers are turning their sights beyond larger Australian enterprises to target SMEs.
According to Gerald Beuchelt, Chief Information Security Officer at Acronis, one of the reasons Australian SMEs are vulnerable is because they are less prepared to defend against ransomware attacks. As larger enterprises bolster their defences, cyber criminals are targeting unsuspecting smaller businesses.
SMEs can also mistakenly assume they are not worth attacking, or have a false sense of security because they incorrectly assume that default technologies offer complete cyber protection.
Taking advantage of AI and the economics of scale to more easily launch attacks, attackers are “starting to go mid-market” with ransomware, Beuchelt says.
”It’s no longer the super advanced hacker who’s been sitting in the dark corner of some room for many months, in order to put together a very sophisticated malware,” he says. “Now it’s literally just going out shopping and starting your attacks, just like you would set up a little bit of infrastructure on AWS.”
“Attackers can rent botnets, they can subscribe to malware-as-a-service, they can get a complete ransomware kit which only requires them ultimately to point it at their potential victims and then have the entire as-a-service industry in the underground execute for them.”
According to the latest Cyberthreats Report issued by the Acronis Threat Research Unit, phishing is an increasingly popular attack vector, as ransomware targets human frailties rather than technological shortcomings. Again, attacks are leveraging AI to generate convincing phishing messages designed to trick employees.
Ensuring that employees are trained to recognise such threats is essential, Beuchelt says.
“ It’s critical that everyone is trained to a basic level, and that includes new employees entering the business because they may not have had appropriate training prior.”