Australians too trusting, fall for social media scams: Symantec

Symantec's latest internet security report showed that Australia ranked as the seventh most targeted country globally when it came to social media scams in 2014.

Australians love to share, perhaps a little too much, with Symantec's internet security report revealing that manually shared social media scams in Australia were disproportionately higher than the rest of the world in 2014.

Globally, Symantec found that 70 percent of social media scams were shared manually in 2014, but for Australia, it was at 87 percent. This result put Australia as the seventh most targeted country globally when it came to social media scams.

Further to this, Australia ranked as the second most targeted when it came to social media scams within the Asia-Pacific region, behind India.

The results were not dissimilar for New Zealand, which saw 76 percent of social media scams being shared manually in 2014.

According to Nick Savvides, Symantec APJ senior principal systems engineer, the reason why there was such widespread scamming in Australia was due to users clicking and sharing scams when the material was posted by a trusted person within a social media network.

Savvides said a similar pattern is occurring within enterprise, too, known as the supply chain attack. The increasing level of supply chain attacks during 2014 partially contributed to the 40 percent rise in global attacks on companies, resulting in five out of six companies being targeted.

He explained that as companies are beginning to strengthen their security, attackers are looking for less-protected companies in their supply chain to compromise, such as the suppliers of software.

"What these attackers do is they figure out what equipment you're using, what technology you're using, and who your supplier is. Rather than attack you directly, what they go and do is, they go to these vendors and attack them, and they typically don't have the same security resources as you would expect compared to a bank or a government agency," he said.

"They then find the systems that distribute updates to their customers and infect the updates with their malware."

Another finding the Symantec report highlighted was that Australia was the number one targeted country for ransomware attacks in the Asia-Pacific, and seventh globally. Australia also had 21 percent of crypto-ransomware of all ransomware infections.

Savvides said ransomware is the fastest-growing area of mass cybercrime, with the number of people who had their devices locked by ransomware increasing by 45 times over the previous year.

"It's a very lucrative business for attackers, and that's why it continues to attract them. It's a very effective mechanism for them to run multimillion-dollar businesses," Savvides said.

"Typically, the ransoms they ask for are between $300 to $500, and we know from our figures that hundreds, if not thousands, of Australians are being infected every day."

Symantec's report showed that the top three sources of threats targeting Australia and New Zealand in 2014 were the United States, China, and India. In addition, one in 600 emails were malware; one in 1,524 emails were phishing scams; and 53 percent of all emails were spam.

Globally, on a sector-by-sector basis, traditional sectors such as retail, financial, and healthcare remained top targets for 2014.

"They are still very juicy targets for these malicious acts," said Savvides. "Because that's where the money is at."

In a separate study by CA Technologies, organisations are expected to increase their IT budget on security by 31 percent in the next three years. Currently, the average Australian organisations spend on security is about 20 to 40 percent of their entire IT budget.