Australian businesses a key target of ransomware-as-a-service

Australian businesses must defend themselves against the onslaught of ransomware attacks as new research has found cybercriminals are increasingly targeting them with more elaborate and sophisticated measures.

With the growing prevalence of ransomware-as-a-service (RaaS), cybercriminals have begun collaborating at different stages of malicious campaigns, with malware creators willing to pay more for hosts to get malicious code onto computers in Australia.

A new research report, Trends 2016: (In) Security Everywhere, by IT security firm ESET found that Australia has the third highest detection rates amongst developed countries globally for ransomware in December 2015, overtaking the US.

A strong proportion of ransomware in 2015 was sent via maltvertising, that is, injecting malicious advertisements into legitimate online advertising networks and webpages.

According to the report, RaaS was discovered via the prominence of tools to automatically create ransomware. This allows criminals to generate and send malware regardless of their technical expertise.

ANZ senior research fellow with ESET, Nick FitzGerald, said the “malware economy” is now vertical, with different people specialising in each step of a malicious campaign.

In addition, cybercriminals have become more sophisticated, with access to telemetry data to track the success rate of their malware campaigns, leading to a preference for targeting certain regions, consumers or device types.

“Presumably they know something about the ROI on their effort that causes them to offer different rates for distribution to different regional installations. The bad guys running these types of operations are prepared to pay something of a premium for hosts to target certain markets,” said FitzGerald.

“Malware creators go into the market prepared to pay hosts with drive-by malware kits a dollar for every thousand installs for computers in the US, but often what we see is there’s a premium for Australia, where they pay $1.50 or $1.80 per 1000 installs.”

The motivating factor behind the focus on Australia is unknown, but may reflect the fact that it is a developed country with higher than average incomes compared to other developed countries. It could also be that Australians are more likely to do Internet banking on their computers, or have demonstrated a higher likelihood of falling victim to malicious emails or links.

“It may be the case that the people who run that ransomware know that if they get on a machine in Australia, the victims are more likely to pay up, and if that’s the case, they’ll be prepared to pay a higher rate to get their toe in the door,” FitzGerald said.

The research report also noted a higher recording of efforts to infect Australian enterprises in particular, which FitzGerald said was surprising, as ransomware traditionally targets users and machines with less protection in place. FitzGerald added that it wasn’t clear whether these efforts had led to any infections.

Other key trends noted in the ESET report included an increase in mobile malware, with ransomware and other attacks now expanding beyond Windows desktop computers and onto Macs and Android phones.

FitzGerald warned that Australian businesses should be careful of ransomware variants that actively look for network connections. This aggressive tactic not only encrypts files on local machines, it seeks writeable areas on network shares.

He recommended businesses should be very careful in selecting who gets access to what material in the corporate network.

“It’s easy to open things up and hope people don’t change or access things when they’re not supposed to, but if you’re not applying proper information privilege practices then you’re potentially going to see a lot of harm from ransomware efforts and targeted attacks.

“User education, teaching users the consequences, and just to be very suspicious of material that maybe is not the type of thing you expect to see in your work email, that is key.”

FitzGerald suggested that CIOs must crack down on having good protecting systems in place that improve the chances that something malicious will be detected before it gets the chance to cause havoc.

“The bad guys have a laser focus on a particular target are going to spend a lot of time and effort trying to infiltrate that, so every little thing you can do to make that harder for them is a good thing to build into your security infrastructure."