ne

ws

6In

fosecu

rity Tod

ayM

ay/June 2006

Australian computer crime changes tackIan Grant

Fewer reported attacks and less harm done suggestAustralian cybercrime is under control. Big mistake.

Bragging rights are passé;now it's about getting

away clean away with thecash.

This is the conclusion ofAusCERT's latest computercrime survey, published on22 May.Australia has theworld's most consistent re-search into the nature, caus-es and attack methods usedby cyber-criminals.

The latest survey, whichmore than doubled the num-ber of respondents, revealsthat reported attacks aredown slightly, but the prom-ise of easy cash through ID

theft has produced moremotivated and more sophis-ticated cyber-thieves.

Only 22% of respondentsreported an attack that dam-aged the confidentiality, in-tegrity or availability of net-work data or systems. In2005 the figure was 35%,and 49% in 2004.

The average financial lossrose 65% to over A$240,000.But this was skewed by asingle A$40 million loss re-ported by one firm.Excluding this, average loss-es dropped to A$42,000compared to A$153,000 in2005.

Attacks that use trojansand rootkits rose to 21% ofall attacks, says the report.Many are able to switch offcomputer defences andevade detection. In addition,60% were undetected bycurrent defensive softwareuntil discovered “in thewild”.This means actual in-fection rates may be muchhigher.

Kathryn Kerr, manager of analysis and assessmentsat AusCERT, says,“It is hardto know what is causingthe decline in figures. Itcould be sample anomalies

(e.g. manufacturers repre-sented 19% of respondentscompared to 10% in 2005and are low users of IT rel-ative to their size), and/or alower level of reportingdue to the nature of somemalware attacks, such asrootkits.

“We have separated tro-jan/rootkit attacks from oth-er attack vectors and we cannow see that one in five ofall victims reported a trojanor rootkit infection.

“This is remarkably highconsidering that such mal-ware does not self-propa-gate.We think this reflectshigh attacker activity. It isconsistent with the relative-ly high volumes of online IDtheft trojan attacks AusCERTis seeing.”

The report also showsfewer respondents using for-mal IT security standardsand practices, and lower uni-versity enrolments for com-puter and IT courses.Coupled with a decliningtrend in reported attacksand damage, is complacencyis setting in?

Kerr says this would be amistake.“Now is not thetime to be winding back on

adequate information secu-rity protection, detectionand response strategies, giv-en the growing evidence ofcybercrime motivated by il-licit financial gain thatAusCERT,Australian law en-forcement and many othersare seeing in Australia andinternationally.

“Many sectors are not af-fected by some of the newattacks. However, online IDthefts and other financialscams are likely to becomemore common as morecompanies increase theironline presence.We alreadyhave seen non-banking andfinance sector industries tar-geted, and there is every rea-son to believe it will extendfurther.

“Unfortunately, spendingon IT security has to com-pete for funds against newIT services.There is also alag between identifying newthreats, being affected bythem, and responding tothem, before IT securitystaff can make the businesscase for more funds.”

The report is published atwww.auscert.org.au/crimesurvey.AusCERT’s Kathryn Kerr