Understanding the cyber threat landscape

Last week, BDO took a look at the threats faced by businesses from nation state actors to cyber criminals.

But it is also vital to understand the evolving threat landscape. This ecosystem is a complex web of various actors, each with unique motivations and capabilities, posing a range of risks to the financial and operational integrity of organisations.

Cyber espionage

This covert threat involves unauthorised access to computer systems and networks with the intent to gather sensitive information, potentially causing severe consequences. It can range from shattered corporate reputations or loss of competitive advantage to compromised national security.

In this context, understanding common cyber espionage tactics is critical to implement effective countermeasures.

• Business email compromise: Characterised by its deceptive simplicity, business email attacks involve impersonating a trusted individual or entity through email communication to manipulate employees, clients, or consumers into revealing sensitive information or executing fraudulent financial transactions. This can often result in substantial economic losses and reputational damage
• Credential stuffing: Threat actors use stolen usernames and passwords from one website or service to gain access to other accounts, exploiting individuals who use the same login credentials across multiple platforms. This tactic relies on reused passwords, making it an effective method of compromising accounts and accessing sensitive information
• Insider threat: According to a recent Verizon report, the average external threat compromises about 200 million records, while incidents involving an inside threat actor have resulted in the exposure of one billion records or more. This is a significant cyber threat tactic wherein individuals with authorised access to an organisation’s systems and data exploit their position. These individuals can be employees, contractors, or business partners
• Supply chain attacks: In these attacks, actors seek to compromise third-party vendors or suppliers to access the target organisation’s systems or data. They can then undermine the security of the entire supply chain, potentially leading to data breaches, system compromises, or other adverse consequences. Proactive risk mitigation is essential to counter this multi-layered and evolving threat.

Australians and businesses feel the impact of these vulnerabilities daily. One of Australia’s most popular online retailers, THE ICONIC suffered a credential stuffing attack that resulted in disgruntled customers and demonstrates the increasing importance of a robust incident response plan for businesses.

You might like

Sponsored

Meet the modern veteran redefining Remembrance Day

Sponsored

Journey with the Tank 500

Cyber sabotage

This campaign involves deliberate acts to disrupt the digital infrastructure with the intent to compromise the integrity, confidentiality, or reputation of the target company for ideological, personal, or competitive reasons. It is crucial to understand what tactics to look for when developing effective defence strategies against cyber sabotage, including:

You might like

Sponsored

Meet the modern veteran redefining Remembrance Day

Sponsored

Journey with the Tank 500

Ransomware

The Microsoft Digital Defence Report 2023 indicated that organisations faced an increased rate of ransomware attacks from the previous year, with the number of human-operated ransomware attacks up more than 200 per cent. Ransomware is characterised by the encryption, or at times, the modification of critical data to extort a ransom from targeted victims. Cyber criminals are increasingly collaborating, sharing tools and tactics, and casting a wider net to target organisations of all sizes. These factors have contributed to the escalating frequency and sophistication of ransomware incidents, posing a significant risk to businesses and critical infrastructure worldwide.

In early September 2024, the Australian subsidiary of Compass Group confirmed the Medusa ransomware group had attacked their systems and allegedly stole 785.5 GB of data. The group demanded a ransom of $2.9m (AUD). As if that wasn’t bad enough, later in the month the same group publicised that they had breached Compass Group’s systems for a second time, stealing further data and increasing their demand. September 2024 also saw one of Victoria’s largest charities, Meli, facing the impacts of ransomware. Meli confirmed that the Qilin ransomware group began publishing Meli data on its dark web portal after stealing 215GB of sensitive data. These are just two examples of incidents that have significantly impacted Australian organisations and people in the last month alone.

Denial of service (DoS)

Denial of service (DoS) attacks aim to disrupt the availability of online services or websites by overwhelming their servers with a flood of traffic, rendering them inaccessible to legitimate users. This typically involves using multiple compromised devices or a botnet to generate excessive requests or traffic. The main objective is not to steal data but to cause operational disruption to the targeted organisation.

Process sabotage

These attacks focus on data-dependent processes essential for smooth operations. By either altering or deleting critical data, the attacks render operational protocols ineffective. For example, consider a fleet of vehicles operating under a strict maintenance schedule. If the maintenance records were manipulated or deleted, vehicle readiness could be compromised, disrupting the entire logistical chain.

Cyber fraud

A pervasive and ever-evolving threat, cyber fraud is a blanket term for a wide range of illicit activities aimed at financial gain or data compromise. The tactics involve using emails and social engineering techniques to exploit vulnerabilities in an organisation, often leading to detrimental consequences. Countermeasures should include robust authentication protocols, employee awareness programs, and monitoring systems to detect unusual activities.

• Credential exposure: Perhaps one of the most elementary forms of cyber fraud, credential exposure often manifests through phishing attempts via email, phone calls, or text messages. Usually, the narrative involves an urgent requirement for account verification or a refund process. Awareness is the frontline defence in this case knowing, for example, that legitimate financial institutions or governmental bodies never solicit personal information via unsolicited communications
• Account takeover: Account takeover occurs when a malicious actor gains control of a legitimate account (bank, email, or social media) without the owner’s permission. It is often possible by exploiting weaknesses in authentication or security measures. Human inertia around password changes plays into the hands of fraudsters. Account takeover can be especially damaging for organisations where customer profiles in external applications can be monetised, such as loyalty programs
• Payment fraud: Often interconnected with business email compromise, payment fraud aims to initiate unauthorised financial transactions. It usually involves impersonating a trusted entity and requesting an accounts payable officer to alter banking details for a pending payment. The timing is often meticulously planned to coincide with periods when vigilance might be lowered—like the weekend onset or when senior management is out of the office.

Misinformation

A potent form of digital attack, misinformation involves the deliberate dissemination of false or misleading information with the intent to deceive, manipulate, or cause confusion. It’s a powerful tool used to manipulate public opinion and create unrest. These campaigns often use online channels like social media, email, and websites, underscoring the importance of media literacy, critical thinking, and fact-checking.

The impacts of misinformation are vast, ranging from the loss of public trust and credibility to actual financial or societal harm. Combatting it requires a multi-faceted approach that involves individual vigilance and collective action. Using your organisation’s digital risk protection capabilities like cyber threat intelligence, you can spot misinformation early and take it down to minimise its impact on your brand and the public. The main types of misinformation tactics are:

• Brand abuse: Cyber criminals or malicious actors can use misinformation to tarnish a brand’s reputation. This can range from spreading false reviews and information or creating fake social media accounts that impersonate the brand, to setting up fraudulent websites like legitimate ones. Such tactics can confuse customers, harm the brand, and may even result in financial losses
• Election fraud: Misinformation can also be weaponised to disrupt the democratic process. False narratives or doctored materials can be distributed to mislead voters, undermine candidates, or manipulate election outcomes.

7 Additional cyber security best practices for businesses

1. Risk awareness and identifying blind spots is the first step towards protection. Implement targeted measures to safeguard your organisation’s digital assets by pinpointing vulnerabilities and potential gaps in your security infrastructure
2. Monitor your exposure by leveraging intelligence for early threat detection, such as watching illicit online marketplaces and forums where cybercriminals often trade stolen data
3. Monitor and manage network behaviours 24/7 to prevent unauthorised entry into your digital infrastructure and reduce the risk of cyber threats and data breaches
4. Stay compliant with evolving privacy and security regulations to avoid legal and financial repercussions
5. Conduct a business continuity and resilience assessment. Evaluate your company’s and supplier’s ability to maintain operations during disruptions to ensure uninterrupted business continuity in the face of potential cyber threats
6. Align cyber risks with your overall business strategy to help boards and investors make informed decisions and effectively allocate resources. Read our article to find out more: How boards can enhance their cyber security knowledge: six strategies to protect your organisation from cyber threats
7. The intricate nature of the cyber threat landscape shows that addressing cyber security is not solely the domain of IT departments. Instead, it’s a shared responsibility requiring comprehensive risk management strategies that involve multiple stakeholders, including financial decision-makers like CFO.

How BDO can help

BDO’s cyber security team understands the risks associated with disruptive technology and offers a comprehensive suite of cyber security services designed to safeguard your organisation. Our approach includes thoroughly assessing your cyber security maturity level, testing your network for vulnerabilities, and comprehensively assessing risk.

BDO is a Microsoft Global Security Partner of the Year and a leading provider of cyber security solutions for businesses. We offer end-to-end solutions that leverage the advanced security and identity capabilities of Microsoft 365 and Microsoft Azure Security.