The latest threat report from the Australian Cyber Security Centre warns that businesses including hotels, restaurants and auto repairers were being “robbed, held to ransom, or shut down”.
The centre identified 47,000 cyber security incidents in 2016-17 — a 15 per cent increase on the previous year — and more than half were online scams or fraud.
Cyber Security Minister Dan Tehan will tell the National Press Club on Tuesday “business is booming for cyber criminals” and mums and dads, small business owners need to protect their data, money and identities.
“The days of the cyber threat being deployed by a hooded computer geek in a basement are over,” he said.
“Sophisticated organised criminal networks are taking control and franchising their business model.
“The ACSC has seen operators of cyber threat software and hardware selling their kits and easy-to-use applications to other operators or affiliates who may not have the technical skill to create the software from scratch.”
The ACSC found one area of focus for criminals was business email compromise through targeted phishing emails.
Over the course of 2016-17, reports to the ACSC indicated losses of over $20 million related to business email compromises.
This was more than double the $8.6 million in 2015-16.
“Small businesses in particular were targeted by themed phishing emails, which use common payment arrangements to steal money,” Mr Tehan said.
“They are using increasingly personalised techniques to trick their victims. They will then create a fake invoice that looks exactly like the original and change one thing: the bank account details.
“The small business pays the invoice thinking it is going to the stationery supplier, for example. No one is any the wiser until the stationery company calls chasing its unpaid invoice.”
 |
| Cyber Security Minister Dan Tehan |
“The small business pays the invoice thinking it is going to the stationery supplier, for example. No one is any the wiser until the stationery company calls chasing its unpaid invoice.”
The report showed that overall, 7283 cyber security incidents had affected major Australian businesses.
The ACSC also responded to 734 cyber incidents affecting private sector systems of national interest and critical infrastructure providers.
Mr Tehan revealed that in November, a hacker had compromised the network of a small Australian company with contracting links to national security projects. “Most concerning is that these attacks were more elaborate than the attacks we have seen in previous years,” he said.
But in good news, the Australian Signals Directorate responded to fewer cyber security incidents considered “serious enough to warrant operational responses”. Last financial year, the ASD responded to 671 of such incidents, down from 1095 in 2015/16.
Mr Tehan encouraged Australians to report suspected cybercrime to authorities.
