Stolen passwords used to breach companies and government

The ASD report said cybercriminals are continuing an aggressive credential theft campaign by purchasing stolen usernames and passwords from the dark web to access people’s personal emails, social media or financial accounts.

Loading

This can lead to financial losses, privacy breaches, and increased risk of identity theft. The average person lost $33,000 when they fell victim to cybercrime last year.

However, these stolen or captured credentials are also used to access corporate systems. Cybercriminals attempt to purchase and use stolen credentials associated with corporate accounts to gain initial access to one’s employer’s devices, customers and other systems, the report said.

When a cybercriminal logs into a corporate account using stolen information, it is much more difficult to detect the existence of a compromise. The subsequent impact on the company could be ransomware, extortion, or intellectual property theft.

The frequency of ransomware attacks, the number of reported data breaches, and average reported financial losses increased last year. Businesses affected by cybercrime lost an average of $80,850, while large businesses lost an average of $202,700 per incident; This represents an increase of over 200 percent since last year.

Threats to cybersecurity continue to come from both independent and state-sponsored criminals. ASD’s cybercrime focus is on high-level financially motivated criminals, often from Eastern European and Russian-speaking cyber gangs.

Meanwhile, state-sponsored hackers and spies “continue to pose a serious and growing threat to our country.”

“They target networks operated by Australian governments, critical infrastructure and businesses for state purposes,” the report said.

“State-sponsored cyber actors may seek to use cyber operations to disrupt and disrupt Australia’s critical services and undermine our ability to communicate at a time of strategic advantage.”

One way state-sponsored cyber organizations, such as a China-affiliated group known as APT40, operate is by targeting home internet devices (such as routers, firewalls, or VPN products) to help create a network from which they can conduct further attacks.

These home devices are attractive to cybercriminals because internet-facing vulnerabilities in these devices are common and often difficult for people to monitor or configure securely.

Loading

Exploiting these devices helps them confuse malicious traffic activity with the device owner’s legitimate traffic, complicating detection and prevention efforts.

ASD and other agencies found that state cyber actors with ties to China had compromised thousands of internet-connected devices, including home office routers and smart devices, to create a network that disguised their identities while conducting further malicious activities.

In one example, agencies detected a network of more than 260,000 devices, including one in Australia.

Home Affairs Minister Tony Burke says there are simple steps Australians can take to stay safe online.

“Always install the latest software updates, use unique passwords, enable multi-factor authentication wherever possible, and if you receive an unexpected cold call, hang up and call back on the official line,” he said.

Cut through the noise of federal politics with news, views and expert analysis. Subscribers can sign up for our weekly Inside Politics newsletter.