Policy terms influence cyber crime outcomes: ACSC
The level of coverage provided under cyber insurance policies is “a contributing factor” in how ransomware incidents are handled and resolved by victims, and whether a business decides to pay the ransom, the Australian Cyber Security Centre (ACSC) says.
In its latest Cyber Threat Report, published annually, ACSC says in the year to June 30, it received over 76,000 cybercrime reports, up 13% from a year earlier which it says equates to a report every seven minutes.
The report comes as Medibank, which did not have cyber insurance, says it will not cede to ransom demands by a malicious actor that stole the personal data of millions of Australians who were customers of the health insurer.
ACSC’s report cites another case in which a medium-sized Australian healthcare business was targeted by REvil. The cyber criminal encrypted critical files and prevented access to critical systems, demanding several hundred thousand dollars in exchange for decryption keys and an assurance that the stolen data would not be publicly released.
ACSC says despite help from an insurer, and a third-party negotiator and law firm – and a willingness by the victim to pay the ransom – resolution and restoration of data took three months, severely impacting business operations.
“Even with the involvement of specialists, ransomware incidents can take months to resolve,” the report said. “The cost of ransomware extends beyond the ransom demands, and may include system reconstruction, lost productivity, and lost customers.
“The level of coverage provided under cyber insurance policies is also a contributing factor in how these incidents are handled and resolved by victims, and whether a business decides to pay the ransom.”
The average cost per cyber crime reported rose to over $39,000 for small business, $88,000 for medium business, and over $62,000 for large business.
Cyber crimes directed at individuals, such as online banking and shopping compromise, remain among the most common, ACSC says, while Business Email Compromise targeted high value transactions like property settlements – accounting for over $98 million losses averaging $64,000 per report.
Ransomware groups stole and released the personal information of hundreds of thousands of Australians in extortions, and worldwide, critical infrastructure networks are increasingly targeted.
"The continued targeting of Australia’s critical infrastructure is of concern as successful attacks could put access to essential services at risk. Potential disruptions to Australian essential services in 2021–22 were averted by effective cyber defences, including network segregation and effective, collaborative incident response,” the report said.
The majority of significant incidents ACSC responded to were due to inadequate patching as Australians were “indiscriminately targeted” by persistent scanning for these systems.
ACSC blocked over 24 million malicious domain requests through the Australian Protective Domain Name System, took down over 29,000 brute force attacks against Australian servers and over 15,000 domains hosting malicious software targeting Australia’s COVID-19 vaccine rollout.
It responded to 135 ransomware incidents – up over 75%.
Deputy Prime Minister and Minister for Defence Richard Marles says too many Australians have felt the impacts of malicious cyber activity and the government considers cyber security and reinforcing online resilience to be “a national priority”.