Ransomware attacks are on the rise in Australia. Here’s how to prepare for them.

02 Nov / 2022

Cyber Security

It's a rare occasion these days that you open up the Australian business news and DON’T see anything about a cybersecurity attack. Whisper the name “Optus” or “Medibank” around any commercial environment at the moment and you see top executives shudder at the thought of having to deal with an incident of that magnitude.

Australian businesses experience a cyberattack every 8 minutes, according to the Australian Cyber Security Centre (ACSC), with over 67,000 attacks registered in 2020-21 alone. The deployment of ransomware is more frequently becoming the end goal of these attacks with Australian businesses seeing a 15% increase year-on-year of these types of attacks. 

Despite these increases, and high-profile cases such as Optus and Medibank, many Australian organisations still lack the defences to avoid becoming the next victims of ransomware themselves. So we thought we would shed some light on how to proactively prepare for attacks, sourced straight from our Penetration Testing team.

Proactively prepare for attacks by engaging human-led cybersecurity Penetration Testing:

Cybersecurity Penetration Testing is a testing methodology designed to identify, and in some cases safely exploit, vulnerabilities before real attackers do. There are numerous advantages to periodically performing these tests - in particular for ransomware.

Some of these advantages include:

  • External Network Defence Testing: With this type of test, organisations will get a sense of how your company-wide cyber defence capabilities fare against a dedicated external threat. Your organisation will also be put to the test on how your threat alerts are configured, along with reaction times.
  • Unknown Vulnerability Identification: Most organisations do not know what their vulnerabilities are, let alone which are the most critical. A robust cybersecurity penetration testing program that simulates real-world attacks will highlight vulnerabilities that would otherwise remain undetected until a severe network compromise event occurs.
  • Firewall and Patching Maintenance: A cybersecurity penetration testing program will highlight where misconfiguration and patching issues can cause vulnerabilities. Often internal IT teams are under-resourced and these areas of management are left unattended.
  • Emerging Threats: Cybersecurity Penetration Testers are constantly experimenting with the initial access techniques and procedures seen utilised by Ransomware groups. Applying this style of ‘red team’ attack will allow organisations to understand if their existing defences are sufficient to emerging attacks, in a safe and contained environment.
  • Attack Rehearsal: Typically seen under a ‘red team’ type engagement, a cybersecurity penetration testing team can optionally engage without the IT team knowing - this then allows for rehearsal and planning on sufficient incident response measures to prepare for a real life attack. 
  • Risk and Regulatory Compliance: A number of Australian organisations have cybersecurity penetration testing mandates built into their compliance schedule. After executing a robust cybersecurity penetration testing program, organisations will have a 360 degree view of their company data and systems, in order to prioritise risk and regulatory measures.

Types of Cybersecurity Penetration Testing Attack Vectors that will prepare you for a ransomware attack:

  • The rise in ransomware attacks means that a cybersecurity penetration test program should be designed around common approaches that threat actors will take in order to embed ransomware. Our cybersecurity Penetration Testing team will often include these, such as: Phishing, smishing or vishing attack: Social engineering.
  • Exploitation of a Remote Desktop Protocol (RDP): RDP’s allow organisations to connect their users to company digital assets externally. Remote desktop users can access their desktop, open and edit files, and use applications as if they were actually sitting at their desktop computer and often use remote desktop software to access their work computers when they are travelling or working from home. A cybersecurity penetration test will involve scanning for common open ports and services such as RDP. Compromising an RDP login can enable an attacker access to the network remotely. They can then use this access to identify more valuable accounts or systems within the network and move laterally to obtain broader and deeper levels of access.
  • Rapid Infection: Once inside your network, ransomware spreads like wildfire across vulnerable machines on the network - similar to how a biological virus would spread. For example, in 2017 the very high-profile WannaCry attack used the vulnerable Server Message Block v1 (SMB) service enabled by default on older Microsoft Windows versions. If vulnerabilities like this can be identified during a cybersecurity penetration test, an organisation's internal attack surface can be mapped out, depicting the real world impact that would have taken place during an attackers ransomware campaign.

With the rise in ransomware across Australia, and the high-profile nature of these attacks, businesses across the country cannot afford to risk attack. A number of these attack vulnerabilities can be picked up by a robust and frequent penetration testing strategy and schedule that streamlines procedures, tests against new threat actors and offers guidance to execute risk mitigation in an objective and realistic way.

Why choose Cythera for cybersecurity Penetration Testing?

Cythera’s purpose built Security Operation Centre gives our expert cybersecurity Penetration Testers constant exposure to the tools, tactics and techniques used by cybercriminals in the real world every day. 

Our team is skilled in maximising the impact of your cybersecurity penetration test at the absolute minimum price point through carefully understanding and refining the scope of engagement, sensitivities to any reporting requirements, delivery timeframes and any additional operating requirements. 

Meet with the Cythera cybersecurity Penetration Testing team to learn:

  • How a skilled attacker’s lateral thinking leads to lateral movement on your network;
  • Learn about the tactics and techniques used by hackers, cybercriminals and state sponsored adversaries;
  • How to use a collaborative approach involving process and code auditing, to gain a much deeper understanding of the target scope; and
  • How penetration testing can be used to educate the C-Suite and key decision makers about the security risks your organisation is facing in order to help build the business case for cybersecurity

In exchange for your time, and to thank you for choosing Cythera, we will make a $100 AUD donation to one of the following charities of your choice:

  • Women’s Domestic Violence Shelter;
  • First Nations Indigenous Development Fund; and
  • Men’s Prostate Cancer Charity.

Register your details here and we'll make a $100 AUD donation on your behalf:
What are your top cybersecurity priorities for 2023?*


You may be interested in

Cythera and Druva: A Strategic Alliance for Essential Eight Compliance and Beyond

For Australian companies navigating the complexities of cyber resilience, having a dependable backup solution is not just a nice-to-have, it's a…

Read More arrow_forward

3 Security Threats Today’s Technologies Struggle To Protect You From

Why you need a comprehensive Managed Detection and Response (MDR) service now more than ever.As the security industry adapts to match the ever-e…

Read More arrow_forward

Adversary Simulation: Aka. Red Teaming - Moving Beyond Penetration Testing

Cythera are often approached by clients looking for Red Team services, social engineering and similar attacks which emulate real-world attackers…

Read More arrow_forward