​Australians feeling the brunt of crypto-ransomware and online banking infections: Trend Micro

According to Trend Micro, ransomware has given way to crypto-ransomware as the method of choice for cybercriminals targeting Australian businesses and consumers.
Written by Asha Barbaschow, Contributor

Crypto-ransomware is the method of choice for cybercriminals targeting Australia, with the country also plagued by online banking infections, according to Trend Micro.

In its annual security roundup report, Setting the stage: Landscape shifts dictate future threat response strategies [PDF], the security firm highlighted ransomware and crypto-ransomware threats are specifically targeting Australian businesses and consumers, saying that attackers are breaching security systems whilst appearing to be legitimate to everyday users.

"Crypto-ransomware threats have a significant impact on businesses; often the damage done due to downtime and data recovery costs is well beyond the ransom required to restore the files," said Indi Siriniwasa of Trend Micro Australia and New Zealand.

"Australian businesses need to consider their response to these threats which demand a holistic approach to IT security."

The report said that 2015 laid the groundwork, with online extortion and cyberattacks a top concern. Several high-profile organisations were attacked such as Ashley Madison, Hacking Team, and the Office of Personal Management.

In 2015, Trend Micro said that its Smart Protection Network blocked over 52 billion threats -- a 25 percent decrease from 2014. The security firm attributed the decrease to a downward trend of system infections it has been seeing since 2012. According to Trend Micro, the downward trend was caused by both attackers that became more selective of their targets and also a shift in technologies they use.

The report also found that globally Australia had third most malicious URL clicks in 2015, behind the US and Japan.

Australia was also ranked the third most affected country in the world for Angler Exploit Kits in 2015, with Japan taking top spot, accounting for 50 percent of global infections. Trend Micro said the Angler Exploit Kit gained notoriety in 2015 as the most used exploit, accounting for 57.3 percent of overall exploit kit usage.

"Our observations for 2015 have confirmed that traditional methods of protecting data and assets are no longer sufficient and should be reassessed to maintain the highest level of corporate and personal security," Siriniwasa said. "The prevalence and sophistication of extortion, cyberespionage, and expanding targeted attacks now dictate that organisational security strategies must be prepared to defend against a potentially greater onslaught in 2016."

When it comes to online banking infections, Trend Micro said they are only growing in Australia, highlighting the area as one of concern for consumers.

The security firm said Australia saw 9,298 infected PCs in the fourth quarter of 2015, up from 1,197 in Q3.

"Cybercriminals are continuing to target consumers in increasingly sophisticated ways, catching Australians unaware of the threats and falling victim to cybercrime," Tim Falinski, consumer director of Trend Micro Australia and New Zealand, said.

"With Android malware around the world now at 10.6 million and climbing, and crypto-ransomware targeting ordinary people as well as businesses, consumers should make themselves aware of the threats and ensure all their devices -- from smartphones to PCs to connected smart devices -- are protected."

Earlier this week, a new strain of ransomware which strikes OS X devices was discovered. Made public by Palo Alto Networks, the ransomware, dubbed KeRanger, is labelled as the first fully functional ransomware seen on the OS X platform.

KeRanger was reportedly signed with a valid Mac application development certificate, which allowed it to bypass Apple's strict Gatekeeper security controls.

Once downloaded, the ransomware launches an executable file and sits for three days before it connects to the cyberattacker's command and control server over the Tor network. KeRanger then begins its terror, locking the user's system and demanding a payment of one Bitcoin.

KeRanger is not only the first Mac OS X ransomware, it is also the first cross-platform ransomware, with Bitdefender Labs revealing that it is actually a ported version of the Linux.Encoder ransomware. According to Bitdefender, KeRanger -- a trojaned Transmission Bittorrent client update -- "looks virtually identical" to the current Linux.Encoder version.

Editorial standards