Australian Threat Intelligence Annual Report 2016-2017

Between January 2016 and July 2017, Mossé Security delivered 53 threat hunting exercises and responded to 67 separate security breaches. We observed 42 Australian firms attempting to deal with cyberattacks and saw firsthand how textbook approaches to information security failed to deter and dissuade attackers.

On one hand, adversaries consistently outsmarted, deceived, frustrated, overwhelmed their victims. And on the other hand, victims almost always failed to anticipate cyberattacks, understand the adversaries’ mindset and tradecraft, and fight-back. That is, until they called us and followed our recommendations (we have an emergency number to receive help when a breach is detected: 1300 730 035).

The key points from our report are:

• 52 out of 53 organisations that engaged us to deliver threat hunting exercises had high-fidelity indicators of compromise on their networks;
• 7 out of 10 customers were targeted by financially-motivated adversaries with professional hacking and social engineering skills. Most of them paid the ransom, or the extortion fees, or the fake invoice, at least once;
• Most organisations were breached multiple times by the same adversaries who later decided to come back for more money.

With this report, our company hopes to shed some light on the state of cyber security in Australia, the adversaries, and their tradecraft. We also offer some recommendations on the last page of the report. Call us with any questions you may have.