Raj Samani, the Chief Scientist at NASDAQ listed cyber security giant Rapid7, said ransomware incidents were on the rise and Australian organisations continue to be at serious risk of being compromised.
“The biggest challenge for organisations is the sheer volume of data they need to contend with as well as the number of vulnerabilities and attacks,” he said.
“It’s about getting the ability to be able to prioritise and it’s about making smarter decisions using data that comes through intelligence. If you’ve got 20 vulnerabilities, which are the three that you need to be concerned about? Which ones do you need to prioritise? It comes down to how can I use the data and the insights to make better decisions quicker and more effectively.
“That’s what our Rapid7 Labs team does. It develops the intelligence that goes into the data that enables people to make those decisions.”
Rapid7 has set up one of its Labs in Melbourne, which plays a crucial role in enabling the company to offer 24/7 coverage. “You need teams around the globe – APAC, EMEA, the US – so as a threat evolves, we can hand over to different teams in different time zones.”
Samani is one of the world’s most respected cyber security experts, assisting multiple law enforcement agencies in cybercrime cases and is special advisor to the European Cybercrime Centre in The Hague, providing intelligence and insights on major security breaches and emerging threats.
Samani said Australian businesses needed to remain vigilant. “Motivated by intellectual property extraction, data theft and intelligence gathering, these nation-state groups are using a range of tactics such as targeted spear-phishing campaigns, poor device configurations and unpatched vulnerabilities.”
He said Rapid7 has taken a deep dive into the most prevalent threat groups targeting Australia and the tactics and techniques these criminals are using to make them successful.
“We also analysed what’s different about them and how vulnerable Australia is compared to everywhere else. It turned up some interesting statistics and insights.”
The Rapid7 threat intelligence team identified several cybersecurity groups and nation-state actors actively targeting and compromising Australian entities by exploiting poor cybersecurity practices. These groups include Russian APT groups such as APT29 (Cozy Bear) and Midnight Blizzard, as well as Chinese threat groups including APT19.
Samani said the research paints a clear picture on why Australian organisations urgently need to understand their attack surface, see the vulnerabilities being exploited by these groups, and urgently act to protect themselves.
“There is a level of uniqueness in regards to some of the threat groups targeting Australian companies. Some are exclusive to Australia, but most are just opportunistic. If we look at FunkSec as an example. There were 40 attacks in December with a large proportion targeting Australian businesses. They are very aggressive and if you don’t pay the ransom, they will simply auction your stolen data off.”
FunkSec, which is believed to use generative AI to develop its code, is a relatively new criminal group but getting recognised for its growing victim count. Samani said they were targeting three specific sectors in Australia – Finance, Education and Retail.
Samani said businesses needed clear ransomware policies. “There should be no discussion around do we pay or don’t we pay. You should already know the answer. It is crucial the company has a policy.” He said the latest statistics showed that 32.9 per cent of organisations pay the ransom, which according to Coveware research, the average ransomware demand in late 2024 was approximately $US479,000.
Samani said one of the other issues facing the industry was the skill shortage. “There is a really good pool of cyber security professionals – including here in Melbourne - but there is always a need for more. For me one of the issues is how do we show kids at a younger age that this is a career for them. I try to do my bit when I am back home in England. Every three months I go and speak at a local school to explain what I do and when I finish the feedback is always the same - they had no idea that this is a career they could pursue, and they thought you had to be technical whereas you don’t.”
