Security Market Segment LS
Tuesday, 19 February 2013 07:19

Cyber crime, ransomware on the increase in Australia Featured


Australia’s new Attorney General, Mark Dreyfus, has released a major CERT survey into cyber crime in Australia. The findings make sobering reading.

In late September 2012, Australia’s CERT (Computer Emergency Response Team). received a spate of calls from more than 25 organisations being targeted by ransomware. The attacks encrypted files on the compromised system or locked the victim out of the desktop environment. The attacks also encrypted files in the system backups.

The victims were then asked by the attacker to pay a fine using a payment or money transfer service, to obtain the codes that would unlock the computer or decrypt the data.

The attacks have been disclosed by CERT in a major new report which outlines the extent of cyber crime in Australia. The 2012 Cyber Crime and Security Survey: Systems of National Interest was conducted to obtain a better understanding of how cyber incidents are affecting the Australian businesses that form part of Australia’s systems of national interest, including critical infrastructure.

“The findings from this survey provide a picture of the current cyber security measures these businesses have in place,” says Attorney General Mark Dreyfus. “They show; the recent cyber incidents they have experienced; and their reporting of them.

The report details many cyber threats, but the series of ransomware scares in September are perhaps the most concerning. In some cases, the ransomware included scareware, displaying a fake warning screen, claiming that the victim’s computer had been associated with criminal activity.

“This was a tactic to discourage the victim from reporting the attacks to law enforcement agencies or the CERT,” says the report. “For example, one warning screen was set up to look like it was from the Anti Cyber Crime Department of the Federal Internet Security Agency. There is no such agency.”

In the majority of cases, the attackers used Microsoft Remote Desktop Protocol as an entry point to the target network. This was possibly using authentication credentials obtained by key loggers, or accessing systems with weak credentials.

The severity of the damage done by the attacks varied across the target organisations. In the worst case scenario reported to the CERT, one victim lost 15 years’ worth of critical business data, which is a serious compromise.

“This case study highlights the nature of CERT Australia’s mission – it’s all about helping business best prepare for and respond to cyber attacks. It does this by using its government, industry and international partnerships to provide the most useful advice possible – as soon as possible.”

The report found that Australian business is taking cyber security seriously. But the survey results also indicate that many organisations are not confident that cyber security is sufficiently understood and appreciated by staff, management and boards.

In terms of cyber security incidents, more than half the organisations considered attacks on their organisation to be targeted. This indicates a shift from previous views or conceptions, that most attacks are non-targeted or indiscriminate.

And while the majority of attacks were reported to come from external sources, the fact that 44% originated from within organisations serves as a reminder that internally-focused cyber security controls and measures are also important.

Reporting of cyber security incidents – which is critical to the effectiveness of the government-business partnership – clearly requires further attention.

“CERT needs to articulate to business the benefits of reporting cyber security incidents to CERT Australia and to law enforcement, and that all information provided to the CERT is held in the strictest confidence.”

The key findings for this survey include:

  • over 90% of respondents deployed firewalls, anti-spam filters and anti-virus software.
  • two-thirds of respondents had documented incident management plans, however only 12% had a forensic plan.
  • nearly two-thirds of organisations used IT security related standards.
  • over two-thirds of respondents had staff with tertiary level IT security qualifications. Over half had vendor IT security certifications, whilst just under half had non-vendor IT security certifications.
  • over 20% of organisations know they experienced a cyber incident in the previous 12 months, with 20% of these organisations experiencing more than 10 incidents.

Of the organisations which know they experienced cyber incidents:

  • 17% suffered from loss of confidential or proprietary information, 16% encountered a denial-of-service attack, and 10% financial fraud
  • 44% reported the incident to a law enforcement agency, whereas only 13% sought a civil remedy through action from legal counsel
  • 20% chose not to report the matter to a law enforcement agency because of the fear of negative publicity
  • the most common responses as to why incidents were successful, were that they used powerful automated attack tools, or exploited unpatched or unprotected software vulnerabilities or misconfigured operating systems, applications or network devices
  • over half of all organisations have increased their expenditure on IT security in the previous 12 months.

CET says that as there was a strong response rate of almost 60% for this inaugural survey, the findings are considered to be representative of this particular sample. The strong response rate also indicates a good level of trust between CERT and its business partners.

Subscribe to ITWIRE UPDATE Newsletter here


The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.



iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.


Graeme Philipson

Graeme Philipson sadly passed away in Jan 2021 and a much valued senior associate editor at iTWire. He was one of Australia’s longest serving and most experienced IT journalists. He is the author of the only definitive history of the Australian IT industry, ‘A Vision Splendid: The History of Australian Computing.’

He was in the high tech industry for more than 30 years, most of that time as a market researcher, analyst and journalist. He was founding editor of MIS magazine, and is a former editor of Computerworld Australia. He was a research director for Gartner Asia Pacific and research manager for the Yankee Group Australia. He was a long time weekly IT columnist in The Age and The Sydney Morning Herald, and is a recipient of the Kester Award for lifetime achievement in IT journalism.

Graeme will be sadly missed by the iTWire Family, Readers, Customers and PR firms.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News