Cybersecurity threats continue to challenge our daily lives, businesses, governments, and the global risk landscape. The World Economic Forum anticipates that cybersecurity will have a great adverse impact globally over the next 5 years in its Global Risks Report 2021. Ranking as the fourth greatest danger to the global economy, cybersecurity could cost the world more than $50 billion USD.
Focussing on today, we are seeing how cybercriminals are searching for their preys in Australia. This time they are using the government’s vaccination efforts as an opportunity to exploit. This sees an exponential increase in social engineering attacks on people and businesses. The surge in vaccine scams is only confirming that malicious actors are becoming more creative and daring in their approach.
Cybercrime exists in a highly organised form across the world.
Inherently, borderless cybercrime is impacting victims around the globe – challenging law enforcement as they are often constrained by local jurisdictions. Worse yet, cybercrime is expected to cost the world $10.5 trillion annually by 2025. In part, this is attributed to the lucrative business model of cybercrime-as-a-service. Market players in this space have various offerings such as installing malware onto PCs then selling access to those devices. Some even sell subscriptions to ransomware toolkits that automate attacks with developers taking a cut of all proceeds.
The more widely available such sophisticated hacking tools are, the tougher it is for individuals, organisations, and governments to navigate through and regulate cybersecurity threats.
Therefore, organisations must undergo regular cyber risk assessments such as penetration testing, to fend innovative, inventive, and resourceful cybercriminals.
Vaccine Scammers circling Australia
Australia is now troubled with rising vaccine scams since its roll-out program kickstarted. This has caused ordinary Australians and organisations to question the nation’s defences against phishing and other cybersecurity threats. People are also questioning the vaccine itself which presents a troubling social discourse the government has to navigate.
Recently, the Australian Competition and Consumer Commission has found the number of vaccine-related scams so far in 2021 to be almost half of that recorded for the whole of 2020.
These emerging COVID-19 vaccine scams range from requests for people to pay for jabs, provide bank and card details to reserve their place with the DHHS. Some also come along with the offer of “spare” vaccines on the black market.
Social Engineering is Trending
The crux of vaccine scams centre on social engineering techniques as cybercriminals impersonate authorised agencies via email, SMS and phone calls. While these techniques are not uncommon in the past, scammers are now taking things a notch up. By purchasing vaccine-related URLs, domains, and social media accounts, they now broadcast sales advertisements. In return, they demand payments from victims to be put on a “list” for COVID-19 vaccines.
After gaining access to victims’ personal identifiable information (PII) or credit card details, vaccine scammers may sell one’s contact details on the dark web, and make unauthorised money transfers after hacking into the bank account. Therefore, it is important for individuals and businesses to always stay alert and rational. Consider this scenario. If malicious actors are able to access one of your staff member’s email addresses, they might be able to access their company email address. This leaves an entry point to breach the wider organisation.
From there onwards, it really is open doors to cybercriminals – into the company’s server, intellectual property, payroll information and much more.
Hence, we must stay diligent and alert to combat cyber risks as it presents itself in many forms and dimensions. Businesses for example should be keeping an eye on these kinds of activities to understand how they might impact them.
Working Your Way to Cyber Maturity
At CTRL Group, cyber maturity is how an organization is set up for success against cyber risk. Success is defined in terms of the capabilities in place and the competence of the organization to address cybersecurity threats. This includes having monitoring & threat detection solutions implemented, having incident response policies, conducting penetration testing and having a dynamic cyber awareness training program to name a few.
Let’s focus on penetration testing for example. At large, it provides an informed overview of an organisation’s cybersecurity posture. The test inspects both technological weaknesses and weaknesses in people that could be used to disrupt the confidentiality, availability, or integrity of the network, effectively allowing the organisation to address each weakness with confidence. Professional penetration testers emulate hacking activities for an in-depth understanding of an organisation’s security posture. That way, testers may determine the entity’s maximum attack surface – the total area that it is susceptible to hacking. Therefore, providing data for leaders to steer cybersecurity-related decisions.
Overall, a well-managed assessment enables informed decision-making when it comes to curating and executing a cyber risk strategy.
Cyber mature organisations conduct frequent penetration tests and high-frequency vulnerability scans to ensure they are always ahead of scammers.
If your organisation is in need of a close examination of where you stand in terms of cyber maturity, please get in touch for an initial call to assess your risk exposure.