Cyber threat landscape What Australia can expect now and in the future AISA NSW Chapter Meeting with Eugene Kaspersky – Chairman and CEO, Kaspersky Lab
P by Chris Cubbage Executive Editor, MySecurity Media
14 | Australian Cyber Security Magazine
resenting at AISA NSW Chapter’s May member meeting, held in the aloft George Street offices of Ernst & Young, overlooking Circular Quay, Eugene Kaspersky, visiting Sydney for just a few days, gave an entertaining, upfront account of what we can expect in the cyber security future, based on cyber-attacks of the recent past. “All operating systems are under attack with malicious files”, confirmed Kaspersky, referring to the Kaspersky Lab malware database, as at May 2017. Showing malicious code unique to each OS, with Windows being the highest at 474 million, Android at 23 million, Mac at 53,000, Linux at 33,000, but set to grow substantially with continued deployment of IoT devices, being predominantly Linux based and iOS at just 600. According to Kaspersky, it is mostly state sponsored actors behind iOS attacks and related malware. “We count the malware in the hundreds of millions and everyday we collect and download 300,000 new unique malicious script attacks.” Kaspersky said, “Application scripts, office files, every day. Being in Sydney for three days, in my time here we will see one million new, unique pieces of malware. The good news is we do it mostly automatically. Many cybersecurity companies now automate their response and cybercriminals are also doing the same – it’s like a cyber robotic war. Interestingly, we see it slowdown during weekends, Chinese New Year, Russian New Year and during Eastern European football matches – cybercriminals are
human as well!” Another takeaway from these results, observed by Kaspersky first hand, is that Mac engineers are difficult to find. “We tend to use Linux engineers and convert them to Mac. The same could be true for the cybercriminals – they will also find it hard to find Mac Engineers.” Next, Kaspersky highlights the cost of Cybercrime, costing the equivalent of AU$600 billion per year, based on findings sourced from two independent studies. This is equivalent to being 40 percent of Australia’s GDP and referring to the recent announcement of the Australian government to build the new Western Sydney airport, Kaspersky boasts, “the cost of cybercrime would build ‘60’ new Western Sydney airports.” Some notable attacks? Kaspersky highlights the Bangladesh central bank heist, the Carbanak bank heist and the Mirai botnet as being the most notable. “The Bangladesh central bank heist was not a sophisticated attack,” Kaspersky said, “with the bank’s security low and the criminals having got access to Swift software, they were able to gain access. “Had it not been for the criminals making a famous and expensive typo of ‘Fandation’ instead of ‘Foundation’, the 31 orders valued at $870 million was blocked. “One of the most expensive typo’s in cybersecurity history” joked Kaspersky. But four orders did get through and the group stole $81 million, with 35 transfer orders transacted via the New York Federal Reserve.