Petya-like infection attempts still active in Australia: Symantec

Both Petya and WannaCry highlighted that Australia is not immune to cyber threats, and the best mode of defence is educating staff and reporting malicious activity, Symantec's Australia, New Zealand, and Japan CTO has said.
Written by Asha Barbaschow, Contributor

According to Symantec, the ransomware landscape shifted dramatically this year with the appearance of two new self-propagating threats in the form of WannaCry and Petya.

Both outbreaks caused global panic and caught many organisations off-guard, and despite the Petya outbreak appearing to mainly target Ukraine, organisations around the world found themselves victim to this cyber attack.

With the damage bill in the region of $300 million for shipping giant Maersk and £100 million for Reckitt Benckiser, known for Dettol cleaning products, Nurofen tablets, and Durex condoms, Petya also halted chocolate production at Cadbury on June 27, 2017 -- the day the outbreak came to light.

According to Symantec, Ukraine experienced 138 instances of Petya infection on June 27; on the same day, Australia experienced 11.

Speaking with ZDNet, Nick Savvides, Norton by Symantec CTO for Australia, New Zealand, and Japan, said his organisation is still seeing thousands of infection attempts from cybercriminals using the same exploits and hacking mechanisms used by Petya.

"Unfortunately, there is a trend of Australian organisations who have experienced infections not reporting them, which is counter-productive to developing ways companies can implement safeguards against these types of attacks," he said.

While the recent wave of cyber attacks have raised public awareness of Australia's vulnerability, Savvides said it's important to note that despite the country's geographic isolation, it has never been isolated from threat.

"Australia consistently ranks in the top 10 of most attacked countries for a variety of cyber attacks, particularly ransomware due to Australians' tendency to pay," he explained. "Australians have high disposable incomes, and a fairly laid-back attitude towards cybersecurity and data backup, making us ideal victims of cybercrime."

Given the impact of the WannaCry outbreak, Symantec said it is only a matter of time before similar attacks are attempted.

In the latest report [PDF] from the security vendor, Symantec said that prior to the Petya and WannaCry outbreaks, the main threat posed by ransomware was from wide-scale malicious spam campaigns, in addition to a growing number of targeted attacks directed at organisations.

The Internet Security Threat Report: Ransomware 2017 also highlighted that during the first six months of 2017, organisations accounted for 42 percent of all ransomware infections, up from 30 percent in 2016 and 29 percent in 2015.

The United States is still the country most affected by ransomware, accounting for 29 percent of all infections in 2017. Japan was next, accounting for 9 percent, Italy for 8 percent, and India and Germany for 4 percent each.

The top 10 regions were rounded out by the Netherlands, the United Kingdom, Australia, Russia, and Canada, which each accounted for 3 percent of all infections.

"The rapid spread and publicity generated by both WannaCry and Petya make it quite likely that more attackers will attempt to the replicate tactics used by deploying ransomware as a worm," the report says.

According to Symantec, straightforward copycat attacks are unlikely to have as wide an impact as WannaCry and Petya, largely down to the fact that awareness of the threat posed by the EternalBlue exploit is now quite high, and most organisations will have patched any vulnerable computers.

"That is not to say that there is a significant potential threat from ransomware attackers adopting similar tactics," the report said. "While EternalBlue made self-propagation quite easy, the Petya attacks proved that there are alternative methods of self-propagation.

"Although these methods may not be quite as easy or as effective as EternalBlue, in the hands of skilled attackers, they nevertheless could cause significant disruption to unprepared organisations."

In the instances Symantec has seen so far, Savvides said ransomware has focused on attacking people's home computers for ransoms of between $300 and $1,000, noting the average ransom victims are paying is approximately AU$625.

With 2017 only three quarters through, Savvides said that moving forward, cybercriminals are likely to start focusing on small professional businesses where ransoms can go up to the tens of thousands of dollars.

"The technical solution is the easy fix. While it is absolutely important to ensure that organisations run modern security protection software across their systems and networks, it is also important to deal with the human element of cybersecurity," he said.

Likening the situation organisations are currently finding themselves in to the occupational health and safety revolution of 20 years ago, Savvides said cybersecurity starts with people, and that investing in thorough training and cybersecurity awareness to better prepare employees for the next big attack is the best prevention method an organisation can adopt.

Editorial standards