This year many organizations and events had to toss the planning guide out of the window and think innovatively about how to continue their business or hold events in a socially distanced world. EDGE 2020, Australia’s prestigious, invite-only technology focused conference was no different and successfully pivoted to deliver a fully virtual and engaging experience for the invited participants.
It perhaps was no surprise that a common theme emerging from many of the presentations was that the digitization, or digital transformation, achieved by businesses and society in response to the pandemic will have a permanent impact. Numerous presentations from industry leaders such as Johnson and Johnson, ANZ Bank, National Australia Bank and New Zealand Rugby discussed how the modernization of business processes and apps is a challenge for all businesses, regardless of size. However, the scale of change for an enterprise is considerable as highlighted by Steve Day from National Australia Bank when discussing the migration of 1000 applications in 1000 days.
It’s a theme playing out beyond the conference when you consider some of the technology projects and comments from enterprises in recent months; Australian supermarket chain Woolworths announced the migration of its IT infrastructure to Azure and Standard Chartered’s CIO stated that ‘embracing the cloud is non-negotiable for Standard Chartered’. These are just two of many examples reported in the media and we’ve all witnessed the speed of transformation in our daily lives as we adapted to using the online world to maintain some form of normalcy.
Some industry sectors have shown the ability to switch business model quickly, and efficiently, which in part is due to their early adoption of digitization making the business agile and flexible. For example, airlines such as Virgin and Lufthansa switched from passengers to cargo, delivering much needed protective equipment to healthcare workers and hotels have started offering remote workers a day work room with good connectivity and a desk.
While the challenges that businesses faced in 2020 may have seemed daunting, the acceleration of digital transformation presents a unique opportunity for businesses to benefit from the focus placed on technology to keep the business operational. During the conference reference was made by Nevash Pillay of Telstra to the PwC ‘Accelerating the digital economy in Australia’ report, specifically the mention of the $90 billion and 250,000 jobs that digitization could add to the Australian economy. The optimism was echoed by Mark Lies of Tech Research Asia who is quoted as saying: “Partners might not think it but suddenly the market is moving more quickly in the sense customers want different technologies and they want different technologies now”.
My presentation at EDGE looked at the darker side of digital transformation and how cybercriminals have stepped up and are also changing business models and campaign topics. With estimated revenues of US$1.5 trillion available to cybercriminals globally there is a lot at stake and the estimated cost to Australia alone is AU$29 billion. Early in the pandemic ESET’s research team discovered criminal infrastructure that had been used for sextortion attacks being switched to COVID-19 based cyberattacks. This demonstrates that while legitimate businesses struggled with the sudden need to shift to remote operations, cybercriminals recognized that the pandemic offered them new opportunities to monetize.
In an unusual twist, the cybercriminal group behind Maze ransomware announced that they would not attack healthcare establishments during the pandemic. Very noble of them, although the reality was that ransomware attacks have continued. For perspective, in 2017 the US city of Atlanta suffered a ransomware attack against its smart-city infrastructure servers. They refused to pay the US$51,000 demanded – the right decision – but the cost to rebuild from the attack is reported to be as high as US$10 million. Fast forward two years to 2019 and two cities in Florida paid cybercriminals US$500,000 and US$600,000. That’s a huge increase from the demand of US$51,000 made to Atlanta and definitely not in line with inflation. Attacks have continued through the pandemic and some of the notable ones are those against the University of California San Francisco, which negotiated with the cybercriminals resulting in it paying US$1.1 million, and Blackbuad, a company with offices globally, including Sydney.
The ransomware attack on Blackbaud was thwarted by their cybersecurity team with some assistance from law enforcement before any significant damage was inflicted. A good result? Unfortunately, it wasn’t. The cybercriminal switched tactics and threatened to release data they had exfiltrated prior to attempting to launch the malware that would result in encryption. Blackbaud paid an undisclosed sum of money to the cybercriminal for the deletion of the data and assurance that it would not be sold or listed on the dark web for others to abuse.
This demonstrates that cybercrime groups are transforming their businesses from a malware infested email attachment to a more sophisticated and prolonged attack. Identifying and extracting sensitive data from an organization takes time and skilled resources, starting with an incursion into the network using methods that exploit a vulnerability or maybe a credential stealing phishing attack. The attack then progresses to an information gathering phase by stealthily moving laterally through the network to identify the important data assets that the company are likely to pay to protect. Once that data is identified the attacker moves on to exfiltrating the data. Only then do they attempt to disable security mechanisms and launch the ransomware.