Ransomware attacks are on the rise in Australia. Here’s how to prepare for them.

02 Nov / 2022

Cyber Security


It's a rare occasion these days that you open up the Australian business news and DON’T see anything about a cybersecurity attack. Whisper the name “Optus” or “Medibank” around any commercial environment at the moment and you see top executives shudder at the thought of having to deal with an incident of that magnitude.

Australian businesses experience a cyberattack every 8 minutes, according to the Australian Cyber Security Centre (ACSC), with over 67,000 attacks registered in 2020-21 alone. The deployment of ransomware is more frequently becoming the end goal of these attacks with Australian businesses seeing a 15% increase year-on-year of these types of attacks. 

Despite these increases, and high-profile cases such as Optus and Medibank, many Australian organisations still lack the defences to avoid becoming the next victims of ransomware themselves. So we thought we would shed some light on how to proactively prepare for attacks, sourced straight from our Penetration Testing team.

Proactively prepare for attacks by engaging human-led cybersecurity Penetration Testing:

Cybersecurity Penetration Testing is a testing methodology designed to identify, and in some cases safely exploit, vulnerabilities before real attackers do. There are numerous advantages to periodically performing these tests - in particular for ransomware.

Some of these advantages include:

  • External Network Defence Testing: With this type of test, organisations will get a sense of how your company-wide cyber defence capabilities fare against a dedicated external threat. Your organisation will also be put to the test on how your threat alerts are configured, along with reaction times.
  • Unknown Vulnerability Identification: Most organisations do not know what their vulnerabilities are, let alone which are the most critical. A robust cybersecurity penetration testing program that simulates real-world attacks will highlight vulnerabilities that would otherwise remain undetected until a severe network compromise event occurs.
  • Firewall and Patching Maintenance: A cybersecurity penetration testing program will highlight where misconfiguration and patching issues can cause vulnerabilities. Often internal IT teams are under-resourced and these areas of management are left unattended.
  • Emerging Threats: Cybersecurity Penetration Testers are constantly experimenting with the initial access techniques and procedures seen utilised by Ransomware groups. Applying this style of ‘red team’ attack will allow organisations to understand if their existing defences are sufficient to emerging attacks, in a safe and contained environment.
  • Attack Rehearsal: Typically seen under a ‘red team’ type engagement, a cybersecurity penetration testing team can optionally engage without the IT team knowing - this then allows for rehearsal and planning on sufficient incident response measures to prepare for a real life attack. 
  • Risk and Regulatory Compliance: A number of Australian organisations have cybersecurity penetration testing mandates built into their compliance schedule. After executing a robust cybersecurity penetration testing program, organisations will have a 360 degree view of their company data and systems, in order to prioritise risk and regulatory measures.

Types of Cybersecurity Penetration Testing Attack Vectors that will prepare you for a ransomware attack:

  • The rise in ransomware attacks means that a cybersecurity penetration test program should be designed around common approaches that threat actors will take in order to embed ransomware. Our cybersecurity Penetration Testing team will often include these, such as: Phishing, smishing or vishing attack: Social engineering.
  • Exploitation of a Remote Desktop Protocol (RDP): RDP’s allow organisations to connect their users to company digital assets externally. Remote desktop users can access their desktop, open and edit files, and use applications as if they were actually sitting at their desktop computer and often use remote desktop software to access their work computers when they are travelling or working from home. A cybersecurity penetration test will involve scanning for common open ports and services such as RDP. Compromising an RDP login can enable an attacker access to the network remotely. They can then use this access to identify more valuable accounts or systems within the network and move laterally to obtain broader and deeper levels of access.
  • Rapid Infection: Once inside your network, ransomware spreads like wildfire across vulnerable machines on the network - similar to how a biological virus would spread. For example, in 2017 the very high-profile WannaCry attack used the vulnerable Server Message Block v1 (SMB) service enabled by default on older Microsoft Windows versions. If vulnerabilities like this can be identified during a cybersecurity penetration test, an organisation's internal attack surface can be mapped out, depicting the real world impact that would have taken place during an attackers ransomware campaign.

With the rise in ransomware across Australia, and the high-profile nature of these attacks, businesses across the country cannot afford to risk attack. A number of these attack vulnerabilities can be picked up by a robust and frequent penetration testing strategy and schedule that streamlines procedures, tests against new threat actors and offers guidance to execute risk mitigation in an objective and realistic way.


Why choose Cythera for cybersecurity Penetration Testing?

Cythera’s purpose built Security Operation Centre gives our expert cybersecurity Penetration Testers constant exposure to the tools, tactics and techniques used by cybercriminals in the real world every day. 

Our team is skilled in maximising the impact of your cybersecurity penetration test at the absolute minimum price point through carefully understanding and refining the scope of engagement, sensitivities to any reporting requirements, delivery timeframes and any additional operating requirements. 

Meet with the Cythera cybersecurity Penetration Testing team to learn:

  • How a skilled attacker’s lateral thinking leads to lateral movement on your network;
  • Learn about the tactics and techniques used by hackers, cybercriminals and state sponsored adversaries;
  • How to use a collaborative approach involving process and code auditing, to gain a much deeper understanding of the target scope; and
  • How penetration testing can be used to educate the C-Suite and key decision makers about the security risks your organisation is facing in order to help build the business case for cybersecurity

In exchange for your time, and to thank you for choosing Cythera, we will make a $100 AUD donation to one of the following charities of your choice:

  • Women’s Domestic Violence Shelter;
  • First Nations Indigenous Development Fund; and
  • Men’s Prostate Cancer Charity.

Register your details here and we'll make a $100 AUD donation on your behalf:
What are your top cybersecurity priorities for 2023?*

Resources

You may be interested in

The greatest security toolset you may not be using : Visibility

The Cythera security operations team has detected and responded to several security incidents with our clients over the last few weeks and a com…

Read More arrow_forward

Critical Citrix ADC and Gateway Remote Authentication Bypass Vulnerabilities

Critical Citrix ADC and Gateway Remote Authentication Bypass Vulnerabilities CVE: CVE-2022-27510, CVE-2022-27513 and CVE-2022-27516What is Vuln…

Read More arrow_forward

How we’re using Secure Web Gateway to quickly adapt customer’s security

Even post-COVID, a permanent shift to more remote and flexible working seems to be a theme for most organisations. This throws up some challenge…

Read More arrow_forward