“We are seeing more instances of government contracting cyber criminals to execute some missions for them,” says Lim.
“An example of this is [China state-backed hackers] APT41 where they do espionage missions in the day and steal cryptocurrencies at night,” says Lim.
“Because these contractors are a third party, that achieves two things for the government – plausible deniability – they can say ‘I don’t know what’s going on – it’s just this outlaw group’.
“Secondly, because of the lack of manpower, they don’t have the skillsets to do certain aspects of offensive cyber operations so they have to rely on contractors, or rather criminals who have skills to do the work for them.”
Lim says one of biggest challenges that Australian companies will be facing in the next 12 months will be ransomware.
“The scale and complexity of ransomware attacks has evolved – there are over 30 types of different variants of ransomware in the wild,” says Lim.
“Ransomware now has evolved into ransomware-as-a-service model where threat actors essentially license out their ransomware software to other operators who will use it to target victims.”
He also explains that this ransomware-as-a-service model has dramatically lowered the barrier of entry for virtual gangsters.
“In the past, they would need to be an expert coder to be able to be a ransomware operator because they need to create their own malware to begin with, host and then deploy it to attack victims.
“But now there is no longer a need to do that – they just need to operate the platform that already holds the malware, and only require the victim’s IP address to attack.”
Lim says another challenge Australian businesses are facing are from the cyber hacktivists.
“In the past, they were just known for defacing websites or doing distributed denial-of-service attacks – but now we are observing them getting into cyber physical systems remotely and even manipulating them.
“This could be dangerous and could cause a lot of human damage or harm to properties, because if the building system is malfunctioning, for example, you turn on a tap and hot water gushes out, it could cause physical damage, and that is a big cause of concern for us.”
Mandiant’s latest threat intelligence update for Australia says that most cyber underworld activity continues to be linked to Chinese groups, with indications of Russian and Iranian activity as well.
The two most targeted industries during this period were construction and engineering, and financial services, the report says.
Following Intelligence Restructuring, Chinese Espionage Regional Realignment Mirrors PLA Theater Commands and cyber APT groups in PLA’s southern theatre focus its activities on Australia and New Zealand, says Lim.
The line between spies and cyber criminals will continue to blur. Cyber contractors will play a bigger role in the overall espionage threat landscape.
In the future he says, he also expects the trend for specialization to continue apace, with groups increasingly focusing on just one segment of the cyber outlaw value chain – which they can hawk on the Dark Web.
“Attackers are now also selling whatever they have on hand, including credentials to people who want to leverage ransomware.
“If they can buy login credentials from a seller, they have already skipped one step – leading to the shortened attack lifecycle.
“They need to spend less time to achieve their objective and it also gives defenders less time to react.”
So, what can Australian cyber warriors do to protect our business and government assets?
“The very first thing that they can do to protect against cyber attacks is understand who are they up against,” says Lim.
“This is where Mandiant’s deep intel expertise come in, we have a very thorough understanding of threat actors, their motivations and TTPs (Tactics, Techniques and Procedures) to help our clients understand what are the risks they face in their industry and the unique industry in Australia.”
“They will be able to more accurately prioritise resources to defend against these specific threats because it is impossible for you to defend against everything,” he says.
“The next key to cyber defence, is continuously validating the effectiveness of security controls. Mandiant’s industry leading managed security validation can help with this, and of course if something has happened, like an incident or an active attacker, Mandiant as the global leader in incident response, can definitely help you in incident response to deal with the lifecycle of the attack.
“Finally, organisations should continuously hunt for threats within their network. Utilizing Mandiant managed defense, Mandiant can look at your internal network traffic for hallmark threat indicators, with your permission of course.”
Cyber Security intelligence and expertise for all. Mandiant provides solutions that protect and defend organisations against cyber security attacks globally, leveraging innovative technology and expertise from the frontlines, to deliver a broad portfolio of world class consulting, innovative software-as-a-service solutions and managed security services. Mandiant Advantage is a comprehensive SaaS platform providing organisations of all sizes with to-the-minute, relevant cyber threat intelligence so you can focus on the threats that matter now and TAKE ACTION. To register for a free subscription, click HERE