Australia sees rise in cyber attacks, competitors to blame: CERT

Computer-based security attacks on business are on the rise, and the culprits appear to be competitors seeking commercial information, according to the latest security report by Australia’s cyber threat support agency, CERT.

The main motivation behind rising online security attacks in Australia is competitors seeking commercial information and advantage, according to the latest Cyber Crime and Security Survey Report by Computer Emergency Response Team (CERT) — part of the Attorney-General's Department.

"The main motivation for cyber-attacks is considered to be competitors seeking commercial advantage," said George Brandis, Australia's Attorney General and Minister for the Arts. "This aligns with the cyber threat of most concern to businesses, which is theft or breach of confidential information or intellectual property.

"This of course has recently come to prominence through the US indicting Chinese officials for the theft of IP from US companies by cyber means."

While many of the companies surveyed reported the computer security incidents, others didn't, raising concerns they don't know what's really happening on their networks.

According to CERT, 56 percent of companies it had surveyed reported one or more computer security attacks in the past year, and 44 percent reported no incidents.

But CERT said in the report that anecdotal evidence indicates that some businesses were unaware of the full scope of unauthorised activity on their networks.

"Most of the incidents were in the form of targeted emails, followed by virus or worm infection and trojan or rootkit malware," said CERT in the report.

"This is consistent with the finding that respondents viewed cyber security incidents to be targeted at their organisation, rather than random or indiscriminate."

Brandis said the most commonly reported was what's called 'spear phishing', sending emails to specific individuals, often using personal information to create credibility. Clicking on links will download spyware, he said in a statement.

CERT's survey was directed at big business with a quarter of the 135 respondent organisations in the defence industry sector. All businesses used varying levels of network security but CERT found potential problems.

More than 60 percent think their IT staff, chief executive, and directors need to improve security skills and practices, and 47 percent use the now superseded Windows XP operating system, while almost all were aware that Microsoft no longer provided technical support after 8 April.

But 13 percent had no plans to move to another operating system and eight percent didn't know.

Additionally, Brandis highlighted the rise of mobility in the nation's security landscape, indicating that security breaches of mobile devices may have been overlooked by the surveyed companies.

"Another potential vulnerability is that businesses reported no compromises of mobile devices despite the fact recent reports from leading IT security companies have noted a large increase in mobile malware attacks," said Brandis.

The CERT report also found that, despite rising security risks and breaches, around three-quarters of the respondent companies reported a tumble in IT security spending.

The number of respondents that increased expenditure on IT security dropped by 25 percent from those in the 2012 survey results, with only 27 percent of businesses ramping up their security budgets.

According to the report, the most vulnerable part of the organisations in the survey was the internal network, claiming 51 percent of reported vulnerabilities, followed closely by externally-facing systems, claiming 45 percent; public website, 43 percent, and mobile devices being compromised coming in at 35 percent.