Expert crime fighters with decades of global experience told Perth businesses complacency was the biggest weakness when it comes to defending against inevitable cyberattacks while knowledge is the best defence.
Former FBI special agent Don Codling and former NSW Police deputy commissioner Nick Kaldas gave a rundown of some of the latest threats at the CCIWA Cyber Security Special Briefing.
“Complacency is our biggest problem. In Australia most people think it is not going to happen here,” Kaldas, who has investigated more than 20 assassinations including that of Lebanese ex-prime minister Rafik Hariri.
“You have only got to look at the recent tragic events in Christchurch that show that no one is immune from this stuff these days. No one can say ‘it will never happen to me’.”
Codling, who has led international cybercrime and espionage investigations and coordinated the US Government’s response to hackers infiltrating the company that runs the NASDAQ stock market, said companies need to arm themselves with knowledge as the best defence against attackers.
“If you have some knowledge and awareness, you then have some options. Then some of the power comes back to you because you can decide the path forward and alter the path forward,” he said.
The cyber battlefield
Codling said ransomware was now a service with customer support, in multiple languages and available 24/7. According to global network and endpoint security company Sophos, 48 per cent of Australian businesses with more than 100 employees were hit by ransomware in 2017.
“These are criminals that have packaged ransomware and it is available on the deep and dark web. For about $500, I can ruin two to three of your months,” Codling said.
A mailout of ransomware to thousands is what the ‘digital hand grenade’ looked like: “Those things are built, they are launched out into the internet and the bad guys don’t care where they detonate, they just want to get into a system, lock it down and extract the ransom,” he said.
“The problem with extracting the ransom is it used to be about 60 to 70 per cent would pay and you would get the key. That now is about 30 per cent. You have professional criminals and amateur criminals – professionals always pay because they don’t want to kill the golden goose. Amateurs, they don’t care. They will hit you one time and you are done.
“Even if you pay, you have a less than 30 per cent chance of getting the key back to unlock your files – and worse – they have absolutely left a little present for you inside your network, so you are going to be wiping that entire network out regardless.”
Today’s cyber wars include state-sponsored electoral interference.
“All over the world there are active groups who are penetrating into the deepest levels of political parties to determine who might win, who might lose, what’s their point, what are they going to attempt to do.”
He warned that criminals were researching individuals by data that was freely available via online searches then targeting them within companies.
Padlock for protection
With the advent of the internet of things, devices were set in ‘promiscuous mode’ wanting to connect to everything, increasing the risk of hackers accessing sensitive data.
“The challenge is saying ‘I don’t want you to connect to everything, I want to know exactly what devices are in my network, what it is supposed to do, and I want to segment that off so it is not reaching into critical infrastructures’,” he said.
Criminal organisations operating in the dark web are communicating and trading information amongst themselves, searching for weak links that can bring corporate systems to a standstill.
“They are saying ‘XYZ bank has a problem with the server, commercial bank has an issue and just let go of 25 of their security staff’. The criminals are in the background trading this type of information so they can then determine who to target.”
Codling said all businesses should be familiar with the Australian Signals Directorate’s Essential Eight, which is a prioritised list of mitigation strategies.
He said the ‘key to living in 2019 and beyond is to make themselves more resilient and redundant’.
“How do you defend yourself from ransomware? Try to make sure the stuff does not get in,” he said.
“If the stuff does get in your network, segment so it only gets into certain places and when everything goes totally sideways you have a life boat that’s called your redundancy that you can take and reconstitute your network. That’s how you are going to survive.”
Kaldas is the managing director of global risk management solutions company Stratium Global and Codling is on the company’s advisory board.
► Hear from the Premier Mark McGowan and Treasurer Ben Wyatt on May 10 at the State Budget Breakfast with discounts for CCIWA Members. Book your tickets here.