Cybercriminals are increasingly targeting builders
“We’ve seen a huge increase in social engineering scams, phishing and whaling attacks, and identity theft attempts in recent years,” said a person from a large construction company who refused to be identified.
“We are in touch with other CIOs and IT managers from construction companies and are aware of the tradeoffs in other organizations and have discussed prevention strategies and technologies together. “
But as large companies beef up their defenses, attacks focus on smaller players with less sophisticated systems and fewer resources to devote to the problem.
This is clear from the size of the scams reported. More than half of construction-based commercial email scams reported to the Australian Cyber Security Center last year resulted in losses of less than $ 25,000. The largest was over $ 1.1 million.
While large builders were at the center of the industry, cybercriminals increasingly targeted the second circle of consultants such as architects, design offices, project management companies, and the third circle of suppliers providing materials. projects, said Michael McKinnon, chief information officer at ASX-listed cybersecurity firm Tesserent.
“Criminals have had a few years now to hone their craft and really start to realize where these relationships are and start to infiltrate further down the supply chain,” McKinnon said.
The true extent of the problem is unknown. Companies are not required to report incidents of fraud.
Rebecca Bishop, whose family home builder outside Melbourne suffered two ransomware attacks in 2018, has not reported the cases to the police or the agency.
“I haven’t done it yet,” said Ms Bishop. The Australian Financial Review Wednesday.
Elite Building, which builds custom homes for second and third home buyers in the south-eastern suburbs of Melbourne, discovered the first attack when Ms Bishop started up her computer one day and was unable to access any files. A message demanded payment to access it.
“They were all locked,” Ms Bishop said. “He asked you to pay them in bitcoin, in order to retrieve the documents. They said if you tried to contact the authorities or tried to fix it, they had video footage of me doing sex acts that they were going to share. They said it was on my computer. I knew it was all bullshit.
Ms Bishop paid a computer contractor, who took three days and around $ 10,000 to retrieve all the files.
“We didn’t have to pay a ransom. We have recovered all of our data.
His business was attacked by a second ransomware attack a few months later. With backup data stored in the cloud, rather than on-premises, as it had been the first time around, it was easier to recover it, Bishop said.