Australia’s 3 biggest cyber threats that target over 60s
Cyber-attacks can take a variety of forms, from compromising personal information to capturing control of computers and demanding a ransom to release control back to the user. In simple terms, most attacks are an attempt to change a computer user’s behaviour through dodgy, and often undetected, computer tactics. And the reason these attacks spread so quickly is that they are often hard to spot.
So not only is it important to know how to protect yourself from being hacked, it’s just as important to understand how cyber-attacks occur.
Cybersecurity Ventures has predicted that cybercrime will cost the world $6 trillion annually by 2021, up from $3 trillion in 2015. This represents the greatest transfer of economic wealth in history. It also risks the incentives for innovation and investment and will be more profitable than the global trade of all major illegal drugs combined.
The evidence is clear, as technology advancements continue to develop, and cyber criminals become more sophisticated, the older generation are likely to become growing targets. This blog aims will look at the three main cyber threats to Australian’s, and those that are likely to target the over 60s. The article will also offer ways to identify such threats in effort to safeguard your use of the internet, when at work and / or at home.
As identified by a number of cyber crime experts, the three most common forms of cyber crime in Australia are Spear-phishing, Ransomware and Malvertising. Whilst these are predominantly associated to businesses of all shapes and sizes, it is the individual user that causes the cybercrime to occur.
So let’s explore these cyber terms in more detail so you can avoid being a victim of cyber attacks.
Spear-phishing is a targeted version of phishing emails, which attempt to trick users into downloading infectious software or transferring large sums of money without realising.
The users targeted are commonly higher-up industry professionals or workers in a business or organisation, and the emails are crafted to be familiar to that individual. However, more recently, these emails are becoming more personable to an individual home user.
Reports from 2017 suggested that 91% of attacks by sophisticated cybercriminals start through spear-phishing emails. Cyber criminals are creating an average of around 1.4 million phishing websites every month with fake pages designed to mimic the company they’re spoofing.
Emails are the most common way for cyber criminals to complete spear-phishing attacks, with thousands of businesses and individuals coming under attack every month.
Phishing attempts are common and effective, with businesses potentially losing thousands of dollars at a time, or having data siphoned away for future hacking attempts. Personal emails for home users can also be as harmful, falling to loss of wealth through personal information and banking details. The ACSC warns these methods are becoming “more convincing and difficult to spot”.
“Adversaries are targeting industry personnel in order to gain access to corporate networks; individuals with a large amount of personal or corporate information online make it easier for adversaries to target that individual or their organisation,” the report says.
“Adversaries also make use of publicly available industry information such as annual reports, shareholder updates and media releases to craft their spear-phishing emails and use sophisticated malware to evade detection.”
“It’s quite targeted, usually at a specific employee or division, and the attacker is looking to gain specific information for a purpose, sometimes for future attacks,” McDonald says.
“These sorts of attacks are an easy payoff, attackers have many vectors of choice these days.”
Below is an example of a typical email phishing scam attempt.
See more examples of phishing emails can be seen at our blog: How to identify potential email scam attacks.
Ransomware is the fastest growing cybercrime. In 2017, every 40 seconds a business fell victim to a ransomware attack. And Cybersecurity Ventures predicts that will rise to every 14 seconds in 2019. The FBI estimates that the total amount of ransom payments is approaching $1 billion annually, with Ransomware damages increasing x15-times in the past 2-years. Closer to home, a Malwarebytes’ report found that ransomware attacks showed a 1,000% increase in Asia Pacific in 2017 when compared to 2016. In addition, according to data from Sophos, nearly half of Australian businesses (48%) were targeted by ransomware exploit attempts during 2017.
Ransomware attacks are similar to phishing attacks, but typically are less targeted and can come from a malicious download or website. Ransomware acts in accordance to its name, holding data and files under ransom so users must pay to access them. Most ransom demands are through cryptocurrency as it makes it extremely difficult for authorities to track the identity behind the account.
Software disguised as an invoice or other file type is sent to a large group of recipients, who are infected as soon as the file is opened. A current example is an email from what appears to be ‘Apple’, with an invoice attached. Or from an individual that states unpaid or overdue invoice, and to act urgently before further action is taken.
The Australian Cyber Security Centre (ACSC) says these attacks commonly target businesses, saying, “Individuals and businesses continue to be infected with ransomware via malicious emails and websites.”
The ACSC states ‘almost all’ ransomware attacks are delivered via email. “These campaigns are constantly evolving and highly successful,” the ACSC says.
Amounts requested from hackers holding the data vary from $300 to $3000, but targeted attacks to some businesses can see ransom amounts upwards of $10,000. However, according to Sophos, they estimate ransomware costs to businesses are on average A$822,251 per attack, globally.
In America, the FBI reported $209 million in ransom was paid in the first three months of 2016, compared to just $24 million in ransom payments in all of 2015. According to McAfee’s latest cybercrime report, the median cost of buying a ransomware package is only $10, allowing many hackers to carry out ransom attacks. Currently, more than 6,000 online criminal marketplaces sell ransomware products and services, offering more than 45,000 different products.
The third most common cyber threat is served to users through malicious advertising, known as “malvertising”. This advertising allows cyber criminals to target specific audiences by infecting certain advertising networks online, infecting users when they click the ad.
Put simply, malvertising is what happens when attackers buy ad space in popular, legitimate websites and load them with ads that are infected by viruses, spyware, malware and all kinds of cyber filth you wish you’d never heard of.
“Typically, either malicious code is inserted into an ad being presented to users in the course of their normal browsing, or a benign ad is used to redirect the user to somewhere that will download malicious code automatically,” the ACSC says.
These ads can be hard to spot, as they are commonly scattered among legitimate ads served by a normal advertiser. For example, some of the world’s most trusted websites have been targeted, such as Reuters, YouTube, MSN, Yahoo, The New York Times and Spotify.
So what happens, exactly? Attackers piggyback on trusted, popular websites as a lure. They target clean and respectable places with lots of visitors like the ones we mentioned above. The sites themselves aren’t infected, and the ad providers don’t know they are blasting malicious ads into potentially millions of computers until it’s too late.
How can you avoid clicking on dodgy ads? Always hover your mouse over the online advert to see where the ad is sending you. If you hover over any link or banner ad, you will see the website URL at the bottom left of the web browser. This tells you exactly where the ad will take you. If the URL reads something strange like www.sketchyclicksanonymous123.biz then chances are this is malvertising.
There are a number of other ways to protect yourself against malvertising:
- Get a good antivirus, or upgrade your current one
- Install an ad blocker
- Disable Java
- Keep your plugins updated
- Update your browser to the latest available version
So whilst it’s great surfing the internet, we all know how easy it is to start browsing one website, then end up in a totally different website – forgetting why you logged online in the first place. So it’s important to remember that there are cybercriminals out there looking at sneaky ways to infect your computer, steal your files or all of the above.
For more insights on how to identify potential email phishing scams, or tips to safeguard yourself against online scams – read our cyber-related blogs below:
- How to identify potential email scam attacks
- Avoid falling victim to cybercrime – 8 tips for baby boomers
– Telstra, Cyber security. Read more
– What you need to know about Australia’s three most common cyber threats. Dominic Powell, 13 October 2016. Read more
– Berkeley Information Security and Policy. Top 10 Secure Computing Tips. Read more
– Lifewire. Could a Cyber Attack Knock Out Your Computer? Jerri Ledford, 10 February 2019. Read more
– McAfee, Economic Impact of Cybercrime No Slowing Down. February 2018. Read more
– Cybint News. 13 Alarming Cyber Security Facts and Stats. 3 December 2018. Read more
– Symantec, Internet Security Threat Report, volume 23. Read more
– Cybersecurity Ventures, Cybercrime Damages $6 Trillion By 2021. Steve Morgan, 16 October 2017. Read more
– ARN. Ransomware was levelled at half of Aussie businesses in 2017. Samira Sarraf, 30 January 2018. Read more
Subscribe to our newsletter