Cyber attacks take smarter aim at companies rather than consumers: F-Secure

Cyber attacks take smarter aim at companies rather than consumers: F-Secure

Business email compromise is topping ransomware attacks

Mikko Hypponen (F-Secure)

Mikko Hypponen (F-Secure)

Credit: Mikko Hypponen

During the past two years cyber attacks have gone far beyond simply targeting consumers and are becoming an increasingly menacing threat to large enterprise.

This is according to F-Secure chief research officer, Mikko Hypponen, who took centre stage in his keynote address at CeBIT held in Sydney.

“We've seen factories stopped by ransomware. We've seen hospitals and medical systems targeted. We've seen whole cities being targeted,” he said. “Ransomware is a very big problem."

The most recent example of this was the ransomware attack that hit Victoria's Gippsland Health Alliance and South West Alliance of Rural Health, whereby access to several systems, including financial management, was blocked. So far, there have been no suggestions that patient data has been accessed.

But Hypponen said it wasn’t the first item on the list of cyber payments tabled by global insurance outfit, AIG. In the region of Europe, the Middle East and Africa, topping the list for the biggest reason for cyber insurance payments was business email compromise.

“This is the number one cause for cyber insurance payments today and we all know this problem. It's the problem where someone sends emails to financial people within an organisation trying to trick them into paying money to places where they shouldn't be paying money to. And this is not a new problem,” he said.

Hypponen also alluded to the Internet of Things (IoT) revolution, which could make every household device -- even the humble toaster -- an online device, he said.

“These are the kinds of stupid devices that don’t really need the internet, but will be going online as well,” he said. “Why will toasters go online? Because data is money and every manufacturer for every device wants to collect data. They will immediately know where their customers are, the cities they live in, and where they should advertise more.”

And as the IoT revolution takes shape, Hypponen claimed problems are already emerging with smart devices becoming infected with malware.

He cited F-Secure’s recent Attack Landscape study, which captures 2.9 billion hits on its global network of honeypot servers, which usually intercepts attack traffic from Windows devices, but for the first time, the number one attack traffic caught by these honeypots, were in fact, Linux-based.

“Why is this? Well, it's not because we would be seeing so much Linux malware online of servers and desktops. This is IoT Linux distributions,” he said. “This traffic is coming from infected doorbells, infected security cameras, infected coffee machines. This is what's happening right now.

“We tend to have these great innovations that initially seemed like a great idea. So we deploy them everywhere only to realise much later that it was a horrible mistake. So in some ways you could call this the IT asbestos.”

Tags f-securecyber

Show Comments