As the Covid-19 tide goes out, a swell of ransomware attacks converges on Kiwi businesses. Photo / 123RF
COMMENT:
Picture this: just as the country starts to rebuild post-lockdown, a new adversity starts shattering businesses one after another.
Imagine it. A medical centre turns away patients with no ability to access its practice records. A freight company loses access to thousands of critical documents, creating havoc with customerdeliveries. A council department is brought to its knees, resorting to pen and paper to keep operating. A retail chain sends its staff home, unable to process and sell stock.
If Kiwi businesses don't act now, this could quickly become a reality.
Sophisticated cybercriminals have perfected the art of ransomware attacks, leaving behind a vast wake of victims, from local government and big enterprise to non-profits and hospitals. Just look at the havoc in the United States; the US coastguard, the city of New Orleans, and even big names like Travelex, are not immune.
A lucrative business
The prolific ransomware campaigns ravaging businesses can be put down to a couple of key factors.
Firstly, ransomware has become more efficient. Today any crooked person can leverage "ransomware as a service" packages, essentially purchasing a ransomware kit that allows even novices to launch highly effective ransomware attacks without much difficulty or technical knowledge. These quick and dirty attacks are particularly prevalent against small and medium businesses who may pay smaller ransoms to recover data.
Secondly, hacker behaviour has evolved. Sophisticated cybercriminals aren't in this business for the quick wins – they are making calculated plays to inflict critical damage and extract maximum reward. These criminals will spend months exploring networks and systems, withdrawing your precious data to hold ransom for extortionate fees.
Regardless of the size of the target, any ransomware attack is frightening and costly to remedy.
The true global impact of these types of attacks have been notoriously difficult to determine, in part because many victims suffer in silence, quietly paying off attackers and not reporting the crime.
You might think New Zealand isn't a target for most hackers, but consider this: organised gangs of cybercriminals, largely operating overseas, are competing against each other to find and exploit profitable victims.
US businesses, now aware of the vicious new attacks, are becoming attuned to the threats and are taking their cybersecurity defences more seriously. Much more seriously than we do in New Zealand. Not only that, the US "market" has become more saturated, with more than 98 per cent of the world's ransomware attacks hitting US businesses.
Suddenly, it's easy to understand why some hackers would turn their attention to new horizons like New Zealand. Even if a mere 1 per cent of the ransomware attacks reported globally in the first the three quarters of 2019 were redirected towards our country, we could expect to see a whopping 1.5 million attacks alone. Just imagine what that would do to our economy.
No small incident
The pain of a ransomware attack is devastating and lingering. Travelex,the target of a Sodinokibi ransomware attack in January which forced its systems offline, suffered a revenue drop of 36 per cent for the three months after. This, coupled with the pandemic's impact on global travel, has led to debt holders taking control of the company as part of a debt restructuring to help the currency service provider survive.
Closer to home, just as bars and restaurants reopened post-lockdown, Lion Brewery deliveries were halted across the country as the brewer's operations were frozen by a disastrously timed ransomware attack. Despite eventually regaining system access, Lion's most recent public statement on the attack warned that future repercussions were a very real possibility and data held on their systems may be disclosed in the future.
New Zealand's no longer safe
It's my belief, and that of many experts in the field, that the most recent attacks seen in New Zealand are just the tip of the iceberg. With the pandemic seeing more businesses operating online and our complacent attitude to cybersecurity, New Zealand is a prime spot for cybercriminals to set up shop.
Unfortunately, Kiwis often feel they're immune to international cyber-attacks. Our size, geographical distance and "she'll be right" attitude make us think we're out of harm's way. However, everyone who has a presence online is at risk, and if your business holds customer data, you are just as much a target as anyone else.
Phishing and ransomware attacks across New Zealand and Australia are being levelled at businesses of all sizes. Even the Government isn't immune, with Australian Prime Minister Scott Morrison warning of an elaborate cyber-attack threatening public infrastructure.
As a rule, most Kiwis are trusting and not suspicious enough of unexpected emails they receive. In 2018, New Zealand was labelled the most vulnerable country in the world for fraudulent attacks, not a statistic we should be proud of.
Taking control of your security
If you haven't already, the time to take control of your digital safety is now. For most businesses, doing some simple security hygiene is all that's needed to create layers of protection. This includes:
• Educate yourself and your staff, particularly around fraud and phishing email attacks
• Keep software updated, as old software is an easy entry point for hackers
• Use strong passwords that follow best practice and use multi-factor authentication where possible
• Keep data backed-up outside your existing network and regularly test to make sure data is still accessible in the event of a ransomware attack
• Larger organisations should carry out a gap analysis and set up a security road map accordingly, to progressively increase security
A ransomware storm is coming. It's our job to batten down the hatches, be prepared, and not give these criminals the opportunity to infiltrate.
- Peter Bailey is the Aura Information Security general manager.