Craig McDonald 26 May 2016 17:58:23 AEST 3 MIN READ

'Drift Netting' - How secure is your payroll system?

With the constant evolution of cyber threats, it is all too easy for businesses to get lost in the sea of terms used to describe different types of attacks.

'Drift Netting' is a new term coined by the Australian Federal Police to describe the latest mode of phishing attack targeting human resources and payroll.

At the recent Australian Cyber Security Centre conference in Canberra, AFP cybercrime operations team leader Scott Mellis said, "Drift netting refers to the process where a crook changes something, waits for the natural process to run on the platform, and then cashes out. We saw this against payroll systems especially towards the end of last year."

While most people think of cybersecurity as an IT issue, the rapidly evolving nature of these attacks demonstrate that it’s a wider business issue.

Drawing on their patience and stealth, these attackers use credentials that they have gained through attacks like spear phishing, whaling and command-and-control type malware to target human resources and payroll platforms.

Even businesses whose employees are aware of, and up to date with, cyber security can get caught in the net of these new techniques. By impersonating staff members, hackers change the payroll details and sit back while normal automatic business processes continue, thereby cashing out when employees are paid.

No business is immune to these types of attacks, and the costs involved are extensive. These cyber criminals are experienced in navigating rough waters and each employee is a potential point of weakness.

In order to stay afloat, companies need to recognise that phishing, spear phishing and other targeted attacks are a wider business issue. Their reach extends to every facet of the business, beyond IT, particularly with the continued evolution of drift netting. The payroll system is the hub of all business activity and once this system is breached, the responsibility to remain aware and sceptical of any unusual movements falls on the shoulders of all business units, and every employee.

The key to mitigating drift netting is to employ a multi-layered approach to security. By establishing and following a well tested security strategy, companies can put forward the strongest possible wall of defence. This means looking at security from all sides, with the most ideal approaches involving a combination of the following:

  • Protecting both email and web vectors against attack,
  • Knowing where your critical information system assets reside, and who should have access to them,
  • Continually evaluating user privileges by monitoring any escalations to ensure the integrity of user access,
  • Adding additional controls to ensure transaction credibility,
  • Enforcing a stringent password policy with frequent changes to reduce the risk of long term access to critical systems,
  • Risk monitoring and reporting to enable a continuously updated assessment of the risk profile,
  • Network and security configuration management to establish baseline standards and ensure compliance,
  • Vulnerability assessment testing which involves both automated tools and manual techniques,
  • Patch management, including rigorous testing of patches before deployment, and
  • Security monitoring to facilitate and prompt detection of unauthorised or malicious activities by internal or external actors.

When you assess your controls against the security controls above, ask yourself how secure are your human resources, payroll systems and processes against attack?


Craig McDonald is the CEO and founder of MailGuard, a leading Australian technological innovator providing complete enterprise-grade protection against email and web security threats such as phishing and malware, spyware, viruses and spam

Keep up to date on the latest email scams by subscribing to MailGuard’s weekly update or follow us on social media.

Keep Informed with Weekly Updates

^ Back to Top