Contact us

1300 GOCYBER (1300 462 923)

Call or email us today!

Contact details:

Message:

Your message has been sent successfully. Close this notice.

Cyber Insurance Quote Form

Limit of Liability

Company Details

Do you process, transmit or store more than 10,000 financial transactions per year?

Yes No, less than 10,000

Do you use and keep up to date firewalls and anti-virus protection for all systems?

Yes No

Do you use third parties to complete audits of your system and security on a regular basis?

Yes NO

Are all portable devices password protected? (mobile phones, laptops, tablets, etc)

Yes No

Do you have encryption requirements for all data including portable media?

Yes No

Do you have back-up and recovery procedures for business critical systems, data and info assets?

Yes No

Do you outsource any part of your network, including storage?

Yes, we use third party providers. No, all managed in house

Do you store sensitive information on web servers?

Yes No

Do you know of any loss payments, fines or penalties being made on your behalf?

Yes No

Are you aware of any matter which might give rise to a claim or loss under such insurance?

Yes No

Have you suffered any loss or claim but not limited to a regulatory, governmental or administrative action brought against you, or any investigation or information request concerning any handling of personal info?

Yes No

The applicant or any subsidiaries have any knowledge of any loss payments, fines or penalties being made on behalf of any applicant or any person proposed for coverage any cyber policy or similar insurance?

Yes No
Your quote request has been sent successfully, one of our brokers will contact you today! Close this notice.

Business Insurance Quote

Contact details:

Sections

Property & Contents

Yes, please quote No, thank you

Public & Products Liability

Yes, please quote No, thank you

Cyber Liability

Yes, please quote No, thank you

Theft & Money

Yes, please quote No, thank you

Computers & electronic equipment

Yes, please quote No, thank you

Business Interruption

Yes, please quote No, thank you

Machinery Breakdown

Yes, please quote No, thank you
Your quote request has been sent successfully, one of our brokers will contact you today! Close this notice.
3 years ago · by · 0 comments

2016 Cyber Security Report released

The Australian Cyber Security Centre has released the 2016 threat report.

Australian Cyber Security Centre Logo

The ACSC is an important Australian Government initiative which brings together existing cyber security capabilities across Defence, the Attorney-General’s Department, Australian Security Intelligence Organisation, Australian Federal Police and Australian Crime Commission.

Each year the government departments release their collective data for an eye opening report about national, commercial and private online security.

Between July 2015 and June 2016, CERT Australia responded to 14,804 cyber security incidents affecting Australian businesses, 418 of which involved systems of national interest (SNI) and critical infrastructure (CI). The incidents affecting SNI and CI are broken down by sector below.

private industry cyber security breach pie chart

As CERT Australia relies on the voluntary self-reporting of information security incidents from private, commercial and government sources throughout Australia and internationally, CERT is unfortunately not able to get a complete view of all incidents. A large number of businesses which have been victims of a breach have paid a bitcoin ransom or fixed their system without notifying CERT or their cyber insurance provider.

According to CERT, the energy and communications sectors had the highest number of compromised systems. The banking and financial services and communications sectors had the highest number or DDoS attacks while the highest number of malicious emails was received by the energy and mining sectors.

Cyber Insurance Australia Logo

Insure your business against cyber crime.

Trending exploitation techniques

  • Spear Phishing – emails containing a malicious link or file attachment with methods used becoming more convincing and difficult to spot. As such, spear phishing emails continue to be a common exploitation technique used in the compromise of Australian industry networks.
  • Ransomware – Ransomware encrypts the files on a computer (including network fileshares and attached external storage devices) then directs the victim to a webpage with instructions on how to pay a ransom in bitcoin to unlock the files. The ransom has typically ranged from $500 – $3000 in bitcoins.
  • Web-seeding techniques – By compromising web sites frequently visited by targets, adversaries are able to exploit targets without overt communication, such as spear phishing emails. Strategic web compromises have proven effective for thematic campaigns, such as targeting foreign policy and defence organisations via the compromise of think tanks and media organisations, but pose an equal threat to all users.
  • Malicious advertising – “Malvertising” allows an adversary to target a specific audience by exploiting online advertisement networks used by popular websites that visitors trust. Typically, either malicious code is inserted into an ad being presented to users in the course of their normal browsing or a benign ad is used to redirect the user to somewhere that will download malicious code automatically.
  • Microsoft office macros  Adversaries are increasingly using Microsoft Office macros – small programs executed by Microsoft Office applications such as Microsoft Word, Excel or PowerPoint – to circumvent security controls that prevent users from running untrusted applications. Microsoft Office macros can contain malicious code resulting in a targeted cyber intrusion yielding unauthorised access to sensitive information.
  • DDoS extortion – A Distributed Denial of Service (DDoS) attack is an attempt to make an online service unavailable by overwhelming it with traffic from multiple sources. DDoS extortion occurs when a cyber adversary threatens to launch DDoS activities against an organisation unless a fee is paid.
  • Secondary Targeting – There has been an increase in the detection of cyber adversaries attempting to gain access to enabling targets – targets of seemingly limited value but which share a trust relationship with a higher value target organisation. It is imperative that organisations understand that they might be targeted solely based on their connections with other organisations – the real target of these adversaries.
  • Targeted Disclosures – While the theft and targeted disclosures of sensitive information is not a new threat, the employment of the tactic in such a brazen manner against high profile entities has almost certainly lowered the threshold of adversaries seeking to conduct such acts.
  • Credential Harvesting Campaigns –  emails direct the user to access a document via Google Drive, and by clicking on a “View Document” link, the user is then directed to a webpage where credentials are requested and thereby harvested by the adversary. Emails are then sent from the compromised user’s account to contacts contained in the compromised user’s address book, meaning the malicious emails will appear to be coming from legitimate and trusted sources.

What does a typical cyber security compromise look like?

Intial foothold

The attacker sends a spear phishing email with a malicious link to their target which when opened will execute malware creating an entry into the network.

Network Reconnaissance 

After access has been granted the attacker will continually monitor and study the network, search for domain administration credentials and possibly propagate through other linked networks. As an example, an adversary will regularly access the network to gain updated user credentials, thus avoiding losing access because of password changes.

cyber security flow chart

 

Establish Presence

Once in the network, adversaries will attempt to obtain legitimate user credentials with the goal of gaining legitimate remote administrative access. After legitimate credentials are obtained, the adversary will transition from malware dependant tradecraft to the use of Virtual Private Network (VPN), Virtual Desktop Infrastructure (VDI), or other corporate remote-access solutions combined with software native to the organisation.

Ensure Persistence

Adversaries strive to install malware or a web shell to ensure ongoing access should their legitimate accesses cease to function. Malware is typically configured with a limited “beacon rate” to minimise network traffic and evade network defenders. However, web shells are increasingly being used as they generate zero network traffic and are difficult to detect unless the adversary is actively interacting with them.

Execute Intent

Once persistent access is gained, the adversary will execute their intent. This intent could be anything from data exfiltration to enabling lateral movement to the real targeted organisation, exploiting circle of trust relationships between the organisations.

 

 

 Cyber Insurance Australia Logo

Insure your business against cyber crime.

 

Further Resources

Mitigation of Targeted Cyber Security Intrusions

The mitigation strategies tailor and provide additional controls that make the mitigation strategies relevant to current and emerging issues such as ransomware and other destructive malware, malicious insiders, and industrial control systems.More information can be found at http://www.asd.gov.au/infosec/mitigationstrategies.htm

The Australian Government Information Security Manual (ISM)

The Australian Government Information Security Manual (ISM) assists in the protection of official government information that is processed, stored or communicated by Australian government systems, and is available at http://www.asd.gov.au/infosec/ism/index.htm

CERT Australia (Computer Emergency Response Team)

CERT Australia’s public website contains useful information for Australian businesses in relation to mitigating cyber security incidents and security issues affecting major Australian businesses. More information can be found at: https://www.cert.gov.au/

Comments

Not found any comments yet.

Leave a reply

Your email address will not be published, and your website url is not required.

Take care of your business

Insurance for
your business future

Call us today for specialist business insurance packages.

Company information

Naga Risk Solutions Pty Ltd T/as Cyber Insurance Australia ABN 59 378 032 992. CAR 1250594

Authorised Representative for National Advisor Services Pty Ltd t/as Community Broker Network (CBN) ABN 60 096 916 184 | AFSL 233750

Financial Services Guide (FSG), Privacy Policy & Complaints & Dispute Handling, Insurance Brokers Code of Practice (FSG)

Contact details

E-mail address:
contact@cyberinsuranceaustralia.com.au

1300 GOCYBER

1300 462 923

Available 8:30am - 5:00pm

PO Box 1677, Milton LPO
Milton
Brisbane, QLD 4064

Join our monthly newsletter for:

Enter your email and stay up to date,

Subscribe to our monthly newsletter!