The most recent cyber incident involving Optus, which resulted in the exposure of personal information of more than 9 million customers, has been a wake-up call for Australian businesses small and large.
While media focus on high-profile attacks has previously given the impression that only big business is a target for hackers, the reality in the aftermath of the Optus data breach is that it could happen to any Australian business.
And while organisations of all sizes might have good IT security in place, the way cybercrime is evolving means no business leader can afford to be complacent. Everyone is vulnerable but being aware and alert can minimise the risk. Now is a good time to think about your IT security and to take action.
For many people, the word ‘hacker’ conjures up an image of a guy in a hoodie hunched over a computer in a cybercafé. However, just as hacking has evolved, so too have hackers.
1. Hackers earn good money.
Today’s hacker might work for an offshore company that pays them well. They get training, resources, and support to be successful in their job.
2. Hackers choose their targets.
They spend hours researching social media, carefully selecting potential targets – usually roles with authority, or perhaps a company’s customers and suppliers.
3. Hackers use sophisticated tools of the trade.
Hackers are equipped with advanced software that allows them to try many combinations of usernames and passwords until they find the weakest ones. Alternatively, they buy compromised credentials from the dark web. These include credentials for Office 365.
4. Hackers don’t need super-technical skills.
They can purchase the technology that does all the work for them. Investment of a few hundred dollars can lead to a return many times that amount.
5. Hackers create fake web pages.
Some hackers develop fake web pages to fool users – they may look exactly like your Xero or Office 365 log-in page, but they’re designed to harvest your credentials.
The biggest threat to organisations today comes from hackers scouting potential targets. Hackers take time to research a company and identify its key team members and customer relationships. Through this, they find an access point, usually via a weak password without multi-factor authentication. Once in the system, the attacker monitors, observes and gathers intelligence, carefully choosing the time to strike. And for organisations, the first sign there’s a problem is when it’s too late – and often that means discovering that money has been sent to the wrong place.
For example, we came across an accounting company where an attacker used automated systems to try many username and password combinations until they ‘cracked’ one and gained access to a key employee’s email account. Undetected, the hacker observed email flows until they worked out they could access the company’s tax office portal, set up a new company, and unlawfully extract thousands of dollars.
In another case, an attacker identified the weakest password in a small business and monitored that email account for a month. They used that account and forwarded the information to another external email address. All the time, the hacker kept adding to the intelligence they had on the company and its customers and suppliers, hoping to find something they could use. Finally, they did. They crafted a convincing email to a customer asking for payment directly into their own bank account.
In both of these examples, the security breach could have been prevented if multi-factor authentication had been deployed. This would have made unlawful access a lot more difficult (see our article ‘Eight tips to protect your small business from cyberattack’).
The main thing for business leaders is to be aware and make it a priority to understand and be across the IT security landscape. Or they can work with a partner that can help them do this.
Considering the Optus data breach, it’s critical to be alert and aware as we’re likely to see an increase in phishing scams. We’ve identified the following ‘flags’ that could be an indicator that a company might get hacked.
1. Fake log-in page.
Hackers might create a fake Office 365 or Xero log-in page, so users key in their password.
Be wary of any unexpected pop-up pages asking for your details at an unusual time or that don’t look ‘quite right’ – maybe the domain email address is just slightly off, perhaps by one letter or digit.
3. ‘Forwards’ and ‘sents’
If you spot any unusual rules or forwarded or sent items in your email, there could be someone active in there sending information on. Also, be aware of any missing emails you might have.
4. Payment detail changes
Double-check any email that provides new payment details and verbally confirm.
5. Industry attacks
Stay alert to reports of hacking incidents in your industry. Attacks tend to come in waves – hackers access one system and target customers and suppliers from there.
It’s critical that you conduct a security assessment across all software and applications used within your business to make sure that IT has got those covered.
Working with a partner can help organisations stay across the ever-evolving security landscape. For example, at Retrac we can automatically check our partners’ Office 365 accounts to see if they feature on the dark web – and if they do, we take action and implement extra precautions.
Unsure how your security stacks up? Take our security challenge today.