CYBER INTELLIGENCE INSIGHTS

KEY INSIGHTS: Q1 and Q2 2021

• Financially motivated cybercrime is the most serious and persistent threat to the Australian and New Zealand healthcare and aged care sectors.
  • The aged care sector experienced an uptick in cybercrime in Q2 2021.
  • Highly profitable healthcare businesses such as dentistry and plastic surgery clinics are being actively targeted.

• All Australian and New Zealand organisations face a heightened risk of ransomware and data extortion attacks, which increased exponentially over Q2.
  • Although global law enforcement activity against ransomware operators increased in Q2, this is unlikely to substantially reduce the risk over Q3 and Q4.
  • Healthcare entities involved in the Covid-19 vaccine rollout face an elevated risk of financially motivated cyber attacks.

• Cyber espionage remains a highly likely and serious threat. Foreign governments’ intelligence collection priorities are shifting from Covid-19 research and development (R&D) into the areas of genetics, biomedicine, neurology and oncology research.

• Phishing and particularly spear phishing continue to be the most common way criminals obtain access to networks, but healthcare organisations are also at risk from:
  • Unpatched software vulnerabilities in legacy software, which threat actors continue to successfully exploit.
  • Insecure remote network access configurations, with state-sponsored actors linked to China, Russia and North Korea, and cybercriminal groups, actively using known vulnerabilities to gain network access.

• Healthcare organisations face an increased risk of being directly or indirectly affected by statesponsored disinformation campaigns, particularly those involved in Covid-19 vaccine rollouts.

SPOTLIGHT ON: RANSOMWARE

Ransomware incidents against Australian and New Zealand organisations more than doubled in Q2 2021 compared with Q1 2021. All organisations will continue to face a sustained high risk of being targeted.

Spike in ransomware attacks on Australian organisations in 2021

Common ransomware strains impacting Australian and New Zealand organisations

In the first half of 2021, the ransomware strains most commonly used against Australian and New Zealand organisations were Avaddon and REvil, followed closely by Cl0p*, Conti and Lockbit 2.0. This is largely consistent with the global threat landscape, where Locbit 2.0 and Conti dominate. Operators of all of these ransomware strains are known to have targeted healthcare sector organisations, either in Australia and New Zealand or overseas in 2021.

^* In recent CLOp extortion incidents against Australian and New Zealand organisations, no ransomware was deployed. Instead, the threat actors used data extortion strategies.

KEY INCIDENTS: Q1 and Q2 2021

This map summarises healthcare and aged care sector cyber incidents that occurred in Australia and New Zealand in the first half of 2021. Further details on the incidents are available in the full report.