MailGuard Blog

As I write this, the threat of Ransomware is rapidly on the rise. So much so that the Australian Federal Police has formed a task force - Operation Orcus - following in the footsteps of the US Government, in an attempt to combat the specialised criminal infrastructure that is wreaking havoc across large scale organisations here and globally. High profile victims such as Nine Entertainment, JBS and Uniting Care, along with the recent Kaseya interception have been making headlines and may continue to do so without superior intelligence targeting organised crime groups.  

A personalised and targeted email, an opportune offer and the impersonation of multiple brands – some of the techniques employed by cybercriminals in a phishing email scam that resulted in a property buyer losing thousands of dollars as part of a ‘deposit’, supposedly for his new apartment.

“By any measure, 2020 was the worst year ever when it comes to ransomware and related extortion events. And if we don’t break the back of this cycle, a problem that’s already bad is going to get worse.”

- Acting Deputy Attorney General John Carlin, the United States Department of Justice (DOJ), April 2021

Your business data is being held hostage, encrypted with only your attackers holding the keys. So, do you pay up the ransom, or try to recover without handing over company profits to cybercriminals?

Business email compromise (BEC) scams have been around for a while, but their continued success at bringing down organisations (both large & small) shows we’re dealing with an adversary that is constantly looking for ways to exploit our systems, our psychology & our trust.  

It’s integral that businesses proactively take steps to enhance identity-related security measures like MFA because since the COVID-19 pandemic, “identity has become the new security perimeter” according to many experts, including Microsoft. 

The tax season has always been a busy one for scammers, but the ongoing uncertainty triggered by COVID-19 last year enabled them to augment their attacks and take further advantage of the fragile mental state of taxpayers and professionals – essentially, presenting scammers with an opportunity to use an enhanced sort of psychological warfare.

It’s been called the “largest cyber-attack on a media company in Australia's history," something that has never been seen before in the country. 

A PwC survey released at the end of 2020 highlighted fears of growing cyber-attacks targeting local critical infrastructure. Australian business leaders said that they were expecting more cyber-attacks in the next 12 months than their global peers, including 56% of local executives who anticipated “attacks on the nation's critical infrastructure which could shut down vital services such as hospitals.”  

Cybersecurity was a significant catalyst in facilitating productive remote work and ensuring business continuity in 2020. 

Commenting on paradigm shifts in cybersecurity in 2020, Ann Johnson, Corporate Vice President, SCI Business Development at Microsoft wrote: 

“As we look past the pandemic to a time when workforces and budgets rebound, Zero Trust will become the biggest area of investment for cybersecurity. This means, that right now, every one of us is on a Zero Trust journey—whether we know it, or not.” 

Against the backdrop of a global pandemic, and with more businesses operating remotely, the global scourge of cybercrime became even more calamitous in 2020.

In the final weeks of 2020, news of the SolarWinds hack broke – a cyber-attack that has been dubbed as “the Pearl Harbor of American IT”.   

This week marks Identity Theft Awareness Week, a public awareness campaign by the U.S. Federal Trade Commission (FTC) dedicated to mitigating the impact of identity theft. The week comprises a series of events organized by the FTC and its partners that focus on reducing the risk of identity theft and on concrete steps to recover if identity theft occurs.

While challenging, 2020 drove a long-overdue review of our approach to cybersecurity for many, especially with the explosion of COVID-19 themed cybercrime targeting remote workforces.