Current IT Security Threats and Alerts

Current IT Security Threats

Many small and medium-sized business owners are vulnerable to IT attacks. According to the Australian Small Business and Family Enterprise Ombudsman, “cybersecurity is a big problem for small business” in Australia. As the rate of penetration of digital technologies into the small and medium-sized business landscape increases, so does the rate of breaches and security incidents. Telstra Security Report 2019 findings are clear and alarming – 63% of businesses experienced an interruption to their regular operations due to a breach, with a staggering 88% of businesses reporting that they have had breaches slip by their detection measures. Merely using antivirus software is no longer enough to protect your business in a digital landscape where as many as 22% of businesses affected by the 2017 wave of ransomware attacks were unable to continue operating. Keeping informed about the current IT security threats can help you better understand the kinds of risk your business may find itself at. If all the digital security jargon goes over your head, however, our managed IT services team is here to help. Call us on (07) 3062 6932 to get help with securing your business, or continue reading to learn more about the current IT security threats active as of June 2020.

Current IT Security Threats Targeting Australians

Australian Federal Government’s Australian Cyber Security Centre website cyber.gov.au maintains a list of current IT security threats targeting users in Australia. As of early June 2020, cyber.gov.au lists nine alerts that warn of current IT security threats targeting Australians:

• 13th of January 2020 – Active exploitation of a critical vulnerability in Citrix Application Delivery Controller and Citrix Gateway– An ongoing attempt to exploit a known vulnerability in Citrix Application Delivery Controller, enabling unauthenticated malicious actors to execute malicious code.
• 15^th of January 2020 – Critical Microsoft Windows vulnerabilities – affecting the Microsoft Remote Desktop Client, Remote Desktop Gateway and the Windows OS which allow malicious actors to compromise the networks of affected businesses.
• 6^th of February 2020 – Mailto ransomware activity – utilising a ransomware tool “Mailto”, also known as “Kazakavkovkiz” in the KoKo ransomware family, where malicious actors used phishing attacks to compromise accounts and proliferate the malware further using compromised users’ address books.
• 25^th of February 2020 – Distributed Denial of Service threats made against Australian organisations – targeting Australian organisations in the banking and finance sector for ransom.
• 27^th of March 2020 – COVID-19 related malicious activity – listing several scams preying on the general public’s desire for COVID-19 related information and financial relief.
• 20^th of April 2020 – An update to the previous COVID-19 malicious activity alert– alerting the public of ongoing reports from individuals and businesses alike, targeted by COVID-19 themed online scams, frauds, and phishing attempts.
• 8^th of May 2020 – An ongoing, advanced persistent threat actor targeting Australian health sector and COVID-19 essential services – targeting Australia’s health and medical research sector in search of research information in response to the COVID-19 pandemic and to disrupt essential services.
• 20^th of May 2020 – A summary of tactics, techniques and procedures used in attacks on networks in Australian organisations– a summary overview of noteworthy tactics and approaches exploited by criminals in their attacks on Australian networks.
• 22^nd of May 2020 – Remote code execution in vulnerable versions of Telerik UI actively being exploited malicious actors– warning of ongoing scans for and attempts to exploit unpatched versions of Telerik UI using publicly known exploits. A successful attempt, potentially allowing an attacker to execute arbitrary code on the compromised server.

Current Computer Virus Alerts

McAfee Threat Center provides is a public resource providing information on current computer virus alerts, including a list of top 10 cybersecurity threats at a given time. At the time of writing (9^th of June 2020) McAfee Threat Center warnings included:

• 21^st of May 2020 – Ragnar Locker – Ransomware– Ragnar Locker targets remote management software to analyse the targeted network, extract sensitive information and threaten that files will be released to the public if a ransom is not paid. The actor behind the malware has been reported to demand hundreds of thousands of dollars in ransom through personalised threats referring to targeted businesses by name.
• 21^st of May 2020 – Mailto / Netwalker – Ransomware – targeting enterprise networks and encrypting all Microsoft Windows system it finds.
• 21^st of May 2020 – ProLock – Ransomware – Discovered in mid-2020 with the ransom amounts from $100,000 to over 600,000 depending on the size of the compromised network. ProLock targets public-facing remote desktop servers.
• 21^st of May 2020 – Lockbit – Ransomware – Lockbit attempts to stop service, including antivirus software.

Current Malware Alerts and System Vulnerabilities

McAfee Threat Centre contains not only ransomware and current computer virus alerts, but it is also a resource reporting on the current threat landscape in general, including current malware alerts and newly discovered system vulnerabilities.

• 21^st of May 2020 – Operation Mobile Device Manager – using a variant of the Cerberus Trojan for Android mobile operating system, a malware campaign used targeted company’s Mobile Device Manager server to distribute malware to mobile devices.
• 21^st of May 2020 – CVE-2020-1048 – An elevation of user privileges vulnerability in the Windows Print Spooler.
• 22^nd of May 2020 – CVE-2020-1113– A Task Scheduler vulnerability affecting Microsoft Windows operating systems.

Current Online Scam Alerts Targeting Australians

Australian Competition and Consumer Commission (ACCC) website scamwatch.gov.au maintains a list of current online scam alerts targeting individuals in Australia.

• 6^th of January 2020 – Bushfire scams– Scammers pretending to be legitimate charities, creating fake charities and pretending to have been affected by bushfires, cold-calling, online messaging and creating fake websites as well as social media pages to raise funds.
• 9^th of January 2020 – Bushfire scams– Including scams targeting businesses and government organisations where the scammer would impersonate a high-level employee in the targeted organisation claiming the business would be making a donations in the way of bushfire relief, but intended to be deposited in the scammer’s account.
• 9^th of February 2020 – Romance scammers targeting new apps– a report highlighting how online scammer move beyond traditional online dating websites, now targeting victims on social media.
• 10^th of March 2020 – An increase in scams targeting Gen Z Australians – With the ACCC predicting more scams are targeting users on newer digital platforms such as Snapchat and TikTok, taking advantage of Gen Z Australians through targeting of their self-perceived tech-savviness.
• 18^th of March 2020 – COVID-19 (Coronavirus) scams–  scammers taking advantage of the Australian consumer fears concerning the COVID-19 outbreak, including phishing e-mails, phone call impersonating the WHO and Australian Government authorities as well as legitimate businesses with scam types such as misinformation, fake cure sale attempts and investment scams.
• 20^th of March 2020 – Further COVID-19 scam warnings– where scammers adapt existing technology to exploit the public’s fear concerning the spread of Coronavirus in order to sell products claiming to prevent or cure the disease. Again, the scams reported by the ACCC ranged from misinformation to investment scams.
• 6^th of April 2020 – Superannuation scams exploiting Australian’s financially impacted by the COVID-19 crisis – Through cold-calling, claiming to be able to help the public with early access to superannuation, scammers attempt to obtain personal information to take advantage of the Federal Government’s announcement that Australian’s suffering financial hardship may be able to partially access their superannuation from mid-April.
• 18^th of May 2020 – Puppy scams– scammers set up fake websites, online ads, classifieds and social media pretending to sell in-demand dog breeds, targeting Australians in social isolation, seeking a companion animal.
• Current COVID-19 scams – a comprehensive compilation of approaches online scammers are using to target Australians amidst the coronavirus crisis, from phishing, superannuation, online shopping to scams targeting businesses, including an overview of the ways scammers may use to contact their victims.

While not all of these alerts may seem like they have the potential to directly affect a small business owner, the sheer volume of new threats that consistently keep on appearing in 2020 is alarming and highlights the need for improved digital security literacy. Malicious actors increasingly target not only more traditional computer systems and networks but are also more and more interested in compromising mobile devices.

Bookmark these resources for your reference and check back often for updates or just let our professional team assess your business security needs and provide the IT solutions your organisation needs to stay as safe and secure as possible. Get in touch online or call us on (07) 3062 6932 to get help with securing your business from the current IT security threats.