Powered by MOMENTUM MEDIA
cyber daily logo
Breaking news and updates daily. Subscribe to our Newsletter

Hackers using Australia to test TTPs; underinvestment leaving Aussies vulnerable

Hackers are using Australia as a test bed to refine their TTPs before launching attacks in the US, with the global CISO of data and analytics company Equifax warning Cyber Daily that Australian companies face an increasing risk of zero-day exploits amid continued underinvestment.

user icon Liam Garman
Thu, 02 May 2024
Hackers using Australia to test TTPs; underinvestment leaving Aussies vulnerable
expand image

According to data collated by the company, emerging global vulnerabilities and exploits are often first observed in the wild against Australian organisations before being refined – either by improving the code or refining the TTPs – and subsequently launched against US companies.

The trend is particularly concerning for Australian organisations, with local digital transformation providing lucrative opportunities for hackers while public and private investment in cyber security has continued to lag.

Speaking to Cyber Daily, Equifax chief information security officer Jamil Farshchi has warned that the tendency for malicious actors to use Australia as a testing bed has put Australian businesses at risk as they are not able to leverage global precedent.

“The Australian entities that I’m responsible for always seem to get hit before the North American ones. What we’ve seen is that attacks originate here and will be tailored by the time they hit the United States,” Farshchi said.

“Worryingly though, as Australia has embraced digital transformation, it has become a unique and valuable target in its own right.”

This poses an acute risk for Australian businesses, according to the industry leader, with the local cyber security industry constrained by underinvestment and placing them at risk of falling victim to zero-day exploits.

“If you look at the level of cyber security investment in Australia, it pales in comparison to a lot of other countries like the US or UK. As a result, my guess is that we are going to see this vulnerability continue,” Farshchi said.

While threat actors are trialling new methods of exploitation on Australian businesses, it does not mean that local organisations should forget the basics.

Rather, Farshchi explained that even more sophisticated industries – such as finance and banking – face the same tried and tested TTPs that have long impacted all businesses, including credential theft and phishing.

“We recently pulled together some of the top think tanks and CISOs across business, including banking, media, energy and telecom, where we went through a six-to-eight-month analysis on the top risks in cyber,” he said.

“During the process, one of the participants actually said that the findings were kind of boring. And it was boring because we found that they’re exploiting the same things we’ve known about for years and years. Unpatched systems, credential theft and phishing.

“While you do see some more sophisticated exploits such as deepfakes, goodness, the research has clearly shown that it’s the same basic stuff!”

With data collected from across the industry, the credit reporting CISO offered some advice to businesses and cyber security teams on how they can overcome a majority of their attacks and keep their systems safe from malicious actors.

“You need to hedge against the three largest risks,” Farshchi said.

“Number one is credential exploits – it’s the biggest attack surface an organisation can have. Attackers love usernames and passwords: users find it hard to manage them and we can’t get rid of them. So, they’re simple to exploit.

“Number two is phishing. Organisations must train and educate their users, while also building the infrastructure to detect fraudulent emails.

“The final is patching. You need to ensure that you have actually patched your systems and on an ongoing basis.”

Acknowledging that some in the banking and finance industries have historically shown a greater dislike to regulation, Farshchi welcomed the need for greater government oversight in cyber security.

Government oversight drives accountability, and accountability ensures that cyber security processes are matured faster, which will only serve to benefit Australia’s cyber security industry.

The comments come nearly a year after the Australian Prudential Regulation Authority released its findings on cyber resilience among Australia’s largest companies, identifying common corporate cyber security gaps.

The research tested compliance with the CPS 2345 Information Security Standard.

Liam Garman

Liam Garman

Liam Garman is the managing editor of professional services, real estate and security at Momentum Media. He began his career as a speech writer at New South Wales Parliament before working for world leading campaigns and research agencies in Sydney and Auckland. Throughout his career, Liam has managed and executed international media campaigns spanning politics, business, industrial relations and infrastructure. He’s since shifted his attention to writing on politics and business, and holds a Bachelor of Commerce from the University of Sydney and a Masters from UNSW Canberra with a thesis on postmodernism and media ecology. 

newsletter
cyber daily subscribe
Be the first to hear the latest developments in the cyber industry.