New details have emerged on the seriousness of the Medibank hack, which has now affected all users. Optus, Medibank, Woolworths and, last Friday, electricity supplier Energy Australia are all now among the Famous names who have been victims of a data breach.
If it seems like barely a week goes by with no news of another incident like this, you’d be right. Cybercrime is on the rise – seven major Australian companies have been hit by data breaches in the past month alone.
But why now? And who is responsible for this latest wave of cyber attacks?
The increasing number of data breaches is in large part driven by the growth of a global illegal industry that trades in your data. In particular, hackers known as “initial access brokers” specialize in illegally gaining access to victims’ networks and then selling that access to other cyber criminals.
The Cybercrime Ecosystem
Hackers and initial access brokers are just part of a complex and diversifying ecosystem of cybercrime. This ecosystem contains several cybercriminals who increasingly specialize in a particular aspect of online crime and then work together to carry out the attacks.
For example, one of the fastest growing and most damaging forms of cybercrime – ransomware attacks – involves malicious software that cripples a victim’s device or system until a decryption key is provided upon payment of a ransom.
Ransomware attacks are big business. In 2021 alone, they made cybercriminals more than 600 million dollars. The vast amounts of money that can be made from ransomware and the rich plethora of targets from around the world are fostering the development of a massive ransomware industry.
Ransomware attacks are complex, involving up to nine different phases. These include accessing a victim’s network, stealing data, encrypting a victim’s network, and making ransom demands.
Increasingly, these attacks are not carried out by lone cybercriminals, but by networks of different cybercrime groups, each specializing in a different stage of the attack.
Initial access brokers often perform the first phase of a ransomware attack. Described by Google’s Threat Analysis Group as “the opportunistic locksmiths of the security world” their job is to gain access to a victim’s network.
Once they have compromised a victim’s network, they usually sell this access to other groups who then steal data and deploy the ransomware that paralyzes the victim’s computer systems.
There is a huge and growing underground market for this type of crime. Dozens of online marketplaces on both the dark web and surface web offering services of initial access brokers.
Responding to the Growing Cyber Threat
Over the past month we have seen different cases from cyber criminals who refrain from actual ransomware. Instead, they tried to directly extort companies by threatening to publicly release all the data they stole.
While not as devastating as a ransomware attack, data breaches can cause serious financial and reputational damage to an organization (just ask) Optus CEO Kelly Bayer Rosmarin), not to mention major problems for clients or customers who have now released their private information online.
In the last six months of 2021, more than 460 data breaches were reported to the government. Even more disturbing is that this number is almost certainly an underestimate.
While companies with revenues over AU$3 million are required by law to report data breaches involving personal information, most small businesses are not subject to mandatory reporting laws. Therefore, they have little reason to report a data breach that could deter customers and harm their brand.
Taking action against cybercrime
So what can we do about it? Initially, companies need to rethink their approach to data. Data should be treated not only as an asset that can be freely stored and traded, but also as an obligation that must be carefully protected.
some experts Call on Australia to follow the European Union’s approach and introduce stricter corporate regulations that better protect consumer data.
This week also the federal government plans introduced to fine companies that do not provide adequate cybersecurity and are subject to repeated data breaches.
Reforms like these can help, especially in preventing relatively simple data breaches, such as those that: recently hit Optus.
On the other hand, punitive fines for victims could further strengthen the hand of enterprising cybercriminals – they could try to use these fines to further extort their victims.
There is no panacea to solve cybercriminal threats. Both government and business must at least continue to work together to improve our cyber defenses and resilience. Through research, we also need to work to better understand the global cybercrime ecosystem as it continues to evolve.
- James Martinassociate professor of criminology, Deakin University and Chad Whelanprofessor of Criminology, Deakin University