Cybercrime – the current state of play, 2013

Last year we highlighted the fact that cybercrime was fourth on the top 10 global risks identified during the World Economic Forum, so how is 2013 panning out for cybercrime? We would like to say we are getting smarter but unfortunately so are the hackers!

So what has been happening? In February many of Telecom’s YahooXtra email accounts were compromised by a massive malware attack which sent rogue emails containing links to websites that would infect computers with malware.

In March Australia’s central bank acknowledged that it had been targeted by cyber-attacks, though no data had been lost or systems corrupted. Emails titled “Strategic Planning FY2012” were sent to staff including department heads containing a compressed zip file with an executable malware application. Six workstations were affected and servers were considered comprised and removed from the network.

To give you an idea of how prevalent this problem is we’ve listed seven of the 48 cyber events documented during the first two weeks of March by Hackmageddon.

  • 2 March 2013 – Evernote joins the list of companies whose cloud-based services have suffered serious breach. Potentially 50 million of users could be involved (abridged).
  • 4 March 2013 – Unknown hackers take down some of Czech Republic’s main news websites, slowing or crashing their homepages.
  • 5 March 2013 – Attacks against Czech Republic’s largest local content provider and search engine website.
  • 9 March 2013 – Mazney hacks the official German Distributor of Avasti Antivirus, and dumps 20,000 accounts.
  • 13 March 2013 – The National Institute of Standards and Technology’s National Vulnerability Database’s website and other services are taken offline due to a malware infection on two web servers.
  • 13 March 2013 – The official website of one of India’s most high profile defence organisations, Defence Research and Development Organisation is breached by hackers.
  • 14 March 2013 – Australia’s biggest casino, the Crown is the victim of CCTV hack that allow the attackers to take $33m through an accomplice introduced into a high stake poker hand.

A report from the Attorney-General’s Office for Australia (Feb 2013) indicates that in a recent survey ‘more than 250 major Australian businesses show that cyber-attacks are becoming increasingly targeted and coordinated, with one in five experiencing an electronic attack in the last year’. We need to ensure that New Zealand organisations prepare for the impacts of cybercrime through testing and exercising of their systems, plans and crisis teams.

Is your organisation prepared for the unexpected?