Australia could be about to face the next big wave of cyberattacks, after the government issued a warning to businesses and raised its overall threat level.
Late last week, the Australian Cyber Security Centre (ACSC) confirmed that it is investigating a “widespread malware campaign” which delivers a trojan virus via email attachment.
The virus, known as Emotet, appears to be so concerning that National Cyber Security Arrangements (NCSA) have been increased to the third highest level.
“Trojan viruses like Emotet appear as normal files, but include hidden information allowing cyber criminals to access and control devices or systems,” explained the ACSC. “Email users should always exercise caution before opening emails and attachments.”
The government isn’t alone in issuing a warning - international law firm Clyde & Co also published a public briefing note after it observed an uptick in attacks.
“Over the past few weeks, we have identified a number of organisations and government agencies impacted by a new generation of a previously seen banking trojan malware,” read the update, which added that Victoria’s public and private health service industry has been hit hardest.
Elaborating on the warning, Clyde & Co partner John Moran said the Emotet malware moves quickly and aggressively, so it and can have disastrous effects on organisations.
“If opened, the attack rapidly spreads,” he said. “This is because content of emails from the mailbox of the user that opened the attachment are scraped, and emails are then automatically forwarded to all parties to those emails, containing the same malicious attachment.”
Moran also noted that the wave of malicious spam often continues even after the affected organisation has secured their own environment and removed Emotet from their systems, meaning the risk of third-party infection continues to persist.
Gerry Power, national head of sales for Emergence, said the Emotet malware was first detected around five years ago, but has continued to evolve since then.
“The ransomware isn’t new,” he told Insurance Business. “Previously, it was focussed on the banking industry, but it’s been evolving over the last few years.”
While Power said Emergence was yet to receive any claims originating from the most recent strain of Emotet, he did say the threat must be taken seriously by organisations.
“The most important thing we say to clients about all these ransomwares, is that it’s about how you prepare for them, in terms of educating your staff because they are your last line of defence,” he said.
“If all your technology controls, your anti-virus, your intrusion detection systems fail to pick something up, then it’s your employees who are going to protect you – so give them the tools to protect the business, let them know what they should be looking out for.”
According to Clyde & Co, the malicious email will usually contain an email trail of a previous conversation, with a document attached taking various forms (.doc, .docx, .pdf). Once the document is opened, malware will propagate throughout the recipient’s network.
Importantly, Power also warned that, just like Emotet, businesses need to be evolving and adapting in order to maintain a satisfactory level of cyber protection.
“We’re seeing a phenomenal amount of ransomware activity, the numbers are going up every year, and the challenge for clients is that cyber isn’t a static risk, you need to be constantly protecting your business, protecting your systems, educating your staff, because there’s new malware and there’s new attacks,” he said.
“Emotet has been going for five years, it’s just been morphing into different approaches over that time, so businesses need to take the same approach – you can’t just be static on cyber security, you need to do your patch management, you need to be updating your anti-virus, you need to be making sure that all your end points are protected and that you’re monitoring your network because if you’re not monitoring your network, you don’t know what’s happening from inside your system.”