2022 has been a year like no other for Australian businesses experiencing cyber attacks. With high-profile cases such as Optus on the rise, it is no wonder that cybersecurity is the top agenda of every Board, C-Suite and Executive alike.
Full visibility of cybersecurity vulnerability and risk, both inside and outside of the network perimeter, is often challenging to attain. Even the most robust cybersecurity strategy can fall short through simple circumstances such as infrastructure misconfigurations or a lack of patch management. This is where a robust and frequent cybersecurity penetration testing program can provide visibility and clarity of the organisation's vulnerabilities even by the most recent attack vectors.
With this in mind, our cybersecurity Penetration Testing team has shared the most commonly used style of cyber attack used by malicious actors that we have seen across Australian businesses in 2022.
Social Engineering - Phishing, Smishing and Vishing Attacks: Social engineering is a type of attack that uses a fake trusted persona in order to get the attack victim to share personal or confidential information. These types of attacks are seen commonly inside Australian corporate organisations usually through impersonation of the CEO or someone in Finance requesting certain types of information.
In a standard social engineering attack, the approach message can be delivered by email, text or through a web page and asks you to click a link or download an infected attachment. If an infected file is downloaded, the computer and subsequent network can then be remotely accessed by the threat actor and damage is inflicted.
Malware Injecting Systems and Devices: Malware is an umbrella term for any piece of software or hardware that has malicious intent. There are many types of malware, from trojans to compromised USB sticks that have a single purpose to gain unauthorised control of your computer systems. The most common malware types experienced in Australia at the moment are Emotet, Formbook and Trickbot. Malware is often delivered using social engineering techniques but largely successful due to a misconfiguration that enables a vulnerability and/or vital security updates that are missing and in some cases running on an unsupported end-of-life platform.
Poor Security Patch Management: The speed at which technology evolves, in particular digital technology and cloud computing, means that traditional security and systems require frequent patches and updates to protect them against evolving threats. However, a busy IT team that is dealing with BAU and project work will often ignore patching notifications or a management schedule due to lack of resources. With over 60% of cybersecurity breaches in 2019 coming from unpatched devices, this is an area that our cybersecurity Penetration Testing team will often identify during the course of testing.
Distributed Denial-of-Service Attacks (DDOS): This type of attack technique involves delivering large influxes of traffic to a website or corporate network so that the system overloads with too many requests and the server crashes. The distributed nature of the attack means it cannot be readily pinpointed to a singular source. This is particularly harmful for organisations that require 24x7 Internet connectivity such as digital, manufacturing or airline businesses.. Some organisations will want to test their defences against these kinds of attacks. Cybersecurity Penetration Testing can be performed to test network volume usage and verify that chosen security protection methods and products are effective.
How cybersecurity Penetration Testing can help build resilience toward these styles of attack:
This is where Cythera challenges the status quo. As we run our own Security Operation Centre for our Managed Detection and Response (MDR) clients, our Penetration Testers are constantly exposed to the tools, tactics and techniques used by cybercriminals in the real world every day.
Meet with the Cythera Cybersecurity Penetration Testing team to learn:
- How a skilled attacker’s lateral thinking leads to lateral movement on your network;
- Learn about the tactics and techniques used by hackers, cybercriminals and state sponsored adversaries;
- How to use a collaborative approach involving process and code auditing, to gain a much deeper understanding of the target scope; and
- How penetration testing can be used to educate the C-Suite and key decision makers about the security risks your organisation is facing in order to help build the business case for cybersecurity
In exchange for your time, and to thank you for choosing Cythera, we will make a $100 AUD donation to one of the following charities of your choice:
- Women’s Domestic Violence Shelter;
- First Nations Indigenous Development Fund; and
- Men’s Prostate Cancer Charity.
