SYDNEY, 14 April 2016 – In anticipation of the upcoming launch of the Australian Government’s Cyber Security Review, BAE Systems has today unveiled research into the cyber criminals that represent the biggest threats to Australian business. The Unusual Suspects profiles six prominent types of cybercriminals, exposing how they cause harm, and provides practical guidance for companies to defend themselves.
Threat intelligence experts at BAE Systems have developed ‘The Unusual Suspects’ based on extensive analysis of thousands of cyber attacks on businesses to reveal the motivations and methods of the most common types of cybercriminal.
The research shows the increasing ‘industrialisation’ of cyber crime. With the majority of Australian businesses still practising a traditional, ’perimeter based’, security approach, the Unusual Suspects is intended to help enterprises understand the enemies they face so they can better defend themselves.
“Some cyber criminals are becoming even more professional, offering skills and services, such as “project management” to other criminal organisations. They are writing their own software that comes with service agreements and money-back guarantees if the code gets detected, with the promise of a replacement. This ‘industrialisation’ of cyber crime means it has never been more important for businesses to understand and protect themselves against the risks they face,” said Dr Rajiv Shah, regional general manager, BAE Systems Applied Intelligence, Australia and New Zealand.
BAE Systems has profiled six cybercriminals:
- The Professional – career criminals who ‘work’ 9-5 in the digital shadows;
- The Insider – disillusioned, blackmailed or even over-helpful employees operating from within the walls of their own company;
- The Mule – naive opportunists that may not even realise they work for criminal gangs to launder money;
- The Nation State Actor – individuals who work directly or indirectly for their government to steal sensitive information and disrupt enemies’ capabilities;
- The Activist – motivated to change the world via questionable means;
- The Getaway – the youthful teenager who can escape a custodial sentence due to their age.
The majority of attacks are still motivated by short term financial gain, such as the theft of card payment details. However, cyber criminals can also seek out an organisation’s intellectual property. Once cyber criminals steal business data, they are able to sell it on underground forums where Australian data is highly valued.
Sergei Shevchenko, senior security researcher, BAE Systems Applied Intelligence commented:
“We anticipate that organised cyber criminals will go to greater lengths to improve their own operational security and increase their use of deception; that is, the placing of false flags to throw off researchers and hamper attribution.
“Researchers will need to tread more carefully to effectively guide the enforcement activities by the relevant authorities.”
According to Dr Rajiv Shah, Australian businesses can prepare for the forthcoming Cyber Security Review by making sure they understand the risks to their organisation; by making sure they elevate cyber risk to be considered at a board level; and, by making sure their approach to cyber defence takes into consideration the full range of motivations of a potential attacker.
For more information on each of the Unusual Suspects, please visit www.baesystems.com/unusualsuspectsaustralia
For further information, please contact:
Felicity Walker, BAE Systems
M: +61 (0) 499 154 420
Rose Kelly, Fuel Communications
T: +61 2 8217 6504
Notes for Editors
About BAE Systems
At BAE Systems, we provide some of the world’s most advanced technology defence, aerospace and security solutions.
We employ a skilled workforce of 82,500 people in over 40 countries. Working with customers and local partners, our products and services deliver military capability, protect people and national security, and keep critical information and infrastructure secure.
At BAE Systems Applied Intelligence, we help nations, governments and businesses around the world defend themselves against cybercrime, reduce their risk in the connected world, comply with regulation, and transform their operations.
We do this using our unique set of solutions, systems, experience and processes - often collecting and analysing huge volumes of data. These, combined with our Cyber Special forces - some of the most skilled people in the world, enable us to defend against cyber-attacks, fraud and financial crime, enable intelligence-led policing and solve complex data problems.
We employ over 4,200 people across 18 countries in the Americas, APAC, UK and EMEA. For further information about BAE Systems Applied Intelligence, please visit www.baesystems.com/businessdefence