The three biggest IT security threats facing Australian businesses in 2022

The cybersecurity threat landscape is constantly evolving and warding off attacks is a never-ending challenge.

As businesses continue to grapple with remote staff and changed workflows, many are assessing just what their main IT security challenges will be in coming months. They want to be sure they have sufficient protection in place and can respond quickly should an incident occur.

The three biggest IT security challenges that will be faced are:

  1. Ransomware
    Ransomware attacks are surging in number to the extent that it’s not a question of ‘if’ an organisation will fall victim but ‘when’. The state of network security in 2021 report found that a full 72% of those surveyed in Australia said their organisation has been the victim of at least one ransomware attackd in the previous 12 months.

Cybercriminals are also expanding and shifting their targets, focusing on evolving into deep-rooted software supply chain attacks that can cause long-lasting devastation.

These evolving and sophisticated attacks are both damaging and costly. They can cripple day-to-day operations, cause chaos, and result in financial losses from downtime, ransom payments, recovery costs, and other unbudgeted and unanticipated expenses.

Ransomware attack patterns are also evolving. Instead of relying on malicious links and attachments to deliver ransomware, cybercriminals are leveling up their tactics. Attackers often exploit an application vulnerability to gain control of the application infrastructure and encrypt the most valuable data.

Initially, attackers steal credentials through phishing attacks and use them to access the victim’s web applications. Once an application has been compromised, the attacker can introduce ransomware and other malware into the system, which can infect the network and other application users.

  1. Web app and software vulnerabilities
    Cybercriminals are always trying to exploit software vulnerabilities, and increasingly they are doing this by using bots. While some bots are ‘good’, such as search engine crawlers, ‘bad’ bots are built to carry out malicious attacks at scale.

    Traffic from these bad bots is exploding and includes advanced persistent bots that try to behave like human beings to evade detection. Bad bots attempt to launch many different types of attacks, including web and price scraping, inventory hoarding, account takeover attacks, and distributed denial of service (DDoS) attacks.

    Increasingly, cybercriminals are taking advantage of the alarming number of unpatched software vulnerabilities that exist within IT infrastructures. Even a few years after software vulnerabilities are discovered, the number of systems that are still unprotected is concerning.

    As a result, cybercriminals continue to scan for and exploit known software vulnerabilities for quite some time after the release of patches and mitigations. Indeed, on average, 79% of respondent organisations across the Asia Pacific were successfully breached once in the previous 12 months as a direct result of application vulnerability according to a Barracuda report.

Attackers understand that defenders don’t always have the time or bandwidth to keep up with patches all the time, and things slide – providing them with an easy way into a network.

  1. Phishing and other email attacks
    They’ve been around for many years however phishing and other types of email attacks are still widely used by cybercriminals. In most phishing attacks, attackers use social engineering tactics to lure victims into providing personal information, such as passwords, credit card numbers, or banking information.

Barracuda found that during 2021 51% of social engineering attacks were phishing, cybercriminals sent out three  million messages from 12,000 compromised accounts, one in five organisations had an account compromised, and that approximately 500,000 Microsoft 365 accounts were compromised by cybercriminals.  At the same time, conversation hijacking grew almost 270%.

Phishing detection largely focuses on the content of phishing emails and the behaviour of attackers. However, as hackers use more sophisticated techniques, email threats become more difficult to detect.

As attackers work to make their phishing attacks more targeted and effective, they’ve started researching potential victims, working to collect information that will help them improve the odds that their attacks will succeed.

Bait attacks are one technique attackers are using to test email addresses and see who’s willing to respond. They are usually emails with very short content or none at all.

The goal is to either verify the existence of the victim’s email account by not receiving any ‘undeliverable’ messages or to get the victim involved in a conversation that would potentially lead to malicious money transfers or leaked credentials.

By being aware of these types of cyberattack, organisations can ensure they deploy the methods most likely to prevent them from causing disruption and damage.

In coming months and years, security teams will have to continue to contend with a rapidly evolving threat landscape. However, by deploying appropriate tools, conducting end-user training, and closely monitoring traffic on their networks, the teams will be best placed to deliver the support their organisation will require.

Mark Lukie
Mark Lukie is a Sales Engineer Manager for Asia Pacific and Japan at Barracuda Networks. He has 20 years’ IT industry experience with deep skills in networking, cybersecurity, backup/disaster recovery, public cloud platforms and systems integration. Mark has been with Barracuda for more than nine years and has extensive knowledge on the company’s entire solution portfolio, including security, application delivery and data protection solutions. He is a member of the Barracuda Global Cloud Security Team, which focuses on security solutions for public cloud platforms such as Microsoft Azure, Amazon Web Services, VMware vCloud Air and Google Cloud Platform. Mark’s qualifications include: Microsoft Certified Systems Engineer/Administrator (MCSE/MCSA), Certified Novel Administrator (CNA), Barracuda Application Delivery & Security Expert (ADSX) and Barracuda Certified Technician & Expert for NextGen Firewalls.