For government organisations and businesses in high-profile sectors such as finance or manufacturing, the message is clear: cyber criminals are targeting your data, your operations and your people. Well-resourced individuals and groups are applying increasingly sophisticated tools and expertise to steal intellectual property, disrupt infrastructure and services and hold businesses to ransom.
Notable breaches and developments in these and related sectors include:
- In 2022, a news outlet reported that the personal details of thousands of members of Tasmanian superannuation fund Spirit Super had been compromised
- Regionally, in 2022, Toyota was forced to suspend manufacturing operations in Japan after cyberattackers compromised a key supplier.
- In 2020, Melbourne-headquartered transport and logistics business Toll Holdings experienced two damaging ransomware attacks in the space of three months in 2020, from groups known as Nefilim and MailTo, and saw at least 200GB of corporate data stolen.
- In recent years, Chinese APT group GouShe, responsible for the KeyBoy malware, has targeted government and military organisations across the Asia-Pacific, including Australia. In September 2015, GouShe targeted Australian Navy-related bodies with the malware PoisonIvy RAT. In addition, in August 2019, we intercepted a massive attack against Australia that used the malware QL_ASD_Shell RAT.
- Amoeba (also known as APT41, Winnti Group or Barium), an Advanced Persistent Threat group indicted by the United States Government, which pointed out the group has strong connections to China’s Ministry of State Security, has targeted a large listed retail organisation in Australia. We identified the presence of Amoeba’s proprietary loader, Chatloader, and a CobaltStrike Beacon with a unique template.
Consequences of failing to understand cyber-threats
The consequences for government organisations and businesses of failing to understand where cyber threats may emerge, and implementing strategies to mitigate risk, may be severe. Organisations and businesses that experience breaches may experience serious reputational damage that dissuades customers and prospects, as well as punitive regulatory action that may have deep financial and operational consequences.
Growing momentum for higher penalties for cyber security breaches has resulted in a senate committee tabling an amendment to existing data breach legislation that may increase penalties for the worst offenders to up to $50 million.
A cybersecurity roadmap that features threat intelligence
Unsurprisingly in this context, the vast majority of businesses and organisations now rate cybersecurity as a key business risk. Gartner has published an IT Roadmap for Cybersecurity for businesses and organisations to help mitigate this risk, based on its own research and interactions with thousands of companies. The firm recommends businesses and organisations should start by aligning strategies and building business cases before working on action plans that incorporate risk prioritisation frameworks. This plan should incorporate conducting a vulnerability assessment and penetration testing and securing board backing, among other steps.
With a security architecture, policy framework and solution layer incorporating threat intelligence deployed, the business or organisation should move to initiating execution–in particular designing and adjusting the team structure by integrating capabilities, tools, technologies and establishing security team roles and responsibilities. This should also include developing critical competencies and training to close skills gaps, and using metrics and incentives to drive accountability among owners.
The next step, Gartner says, is to build and mature the program through initiatives such as developing a critical incident response capability and an action plan in case of breaches, and develop a program structure to monitor and combat advanced threats. Finally, the business or organisation should create a plan to communicate the value of the cybersecurity program to its people and the board, and track metrics and obtain feedback to drive improvement.
At TeamT5, we believe any cybersecurity roadmap should include evaluating how well a business or organisation is equipped to identify the groups or individuals who may attack them and implement effective defences. A threat intelligence platform that features detailed reports from analysts and a wide variety of technical tools to combat potential attackers is a robust first step. ThreatVision from TeamT5 enables users to identify who their adversaries are and what tactics, techniques and procedures to look out for.
Combining ThreatVision with solutions such as ThreatSonar Anti-Ransomware, a threat analysis and response platform that proactively contains ransomware to minimise infection risks, and ThreatSonar, which hunts down threats in a breached environment, can help an organisation understand where threats are likely to come from, how to stop them and how to mitigate the impact of any successful attack.
Visit TeamT5 website to learn how your business can understand who is targeting its employees, systems and data.