New cyber attack research from application security and delivery leader F5, Inc. in collaboration with Effluxio has found 80% of incidents reported to the F5 Security Incident Response Team in ANZ during 2021 so far were DoS (Denial-of-Service) attacks. Additionally, incidents targeting user profiles and remote administrative tools were seen alongside criminals launching sophisticated campaigns designed to seek out and target vulnerable business executives.
David Arthur, Security Solutions Architect at F5, said, “What we found is attackers have developed the capabilities to do extremely deep research on personas inside of organisations. While these attacks are not always targeting a C-level executive, it could be a pathway to them such as a personal assistant, with the express purpose of reaching those who are the most vulnerable to exploitation.”
“We’ve even had cases of cyber criminals impersonating elite, military intelligence groups in an attempt to extort businesses. Of course, if you’re not somebody who’s living and breathing security, you’ll be unfamiliar with how these groups operate, which is what they’re counting on,” Arthur continued.
The research also uncovered APCJ to be the global leader in reported DoS attacks from 2018-2021, as criminals focused their attention on regions and markets such as ANZ, which are viewed as easier and more vulnerable targets.
Arthur explains, “The reason we’ve seen such a spike in DoS incidents across APCJ and ANZ is other regions tend to have their defences already primed to deal with these attacks. Organisations have finite resources, and with the rate new technology is entering the market, you can’t solve every single problem to the highest level that you’d want to.”
Findings also revealed financial services had 78% more authentication attacks, dwarfing other industries such as government and services providers, in addition to more than 45 million scans targeting port 5900, the network port responsible for VNC, a popular desktop sharing and remote access control application.
Malcolm Heath, Senior Threat Researcher at F5, said, “Attacks targeting remote access solutions were already showing up in the data well before COVID, but it skyrocketed after the pandemic began. What you had was the use of fast, cheap and easy ways to provide remote access to employees who were suddenly working from home, and attackers realised that and just followed right along.”
Heath went on to say, “These systems are not always subject to a company’s password requirements, so you end up with individual employees setting basic passwords such as ‘ABC 123’, and there you go, it’s as if I’m sitting right at your desk.”
“It’s clear that attackers are quick to adapt to change in the world and will move quickly towards the newest, weakest links. For every new service or change to our environments, we must consider how attackers can use this to their advantage, and reconsider our defenses as well,” Heath explained.