Article Scraper

Back to Articles

Ransomware Targets Australian SMEs: A False Sense of Security

iTnews

SKIPPED

Details

URL: https://www.itnews.com.au/feature/ransomware-targets-australian-sme-false-sense-of-security-616196
Date Published: 1 Apr 2025
Priority Score: 2
Australian: Yes
Created: 8 Sept 2025, 07:12 pm

Authors (1)

Staff Writer
PROCESSING

Description

Ransomware attacks on Australian SMEs are rising, exposing their growing vulnerability to cyber threats.

Summary

Australian SMEs are increasingly becoming victims of ransomware attacks, largely due to a false sense of security and inadequate defenses compared to larger enterprises. As cyber attackers shift their focus to smaller businesses, they utilize AI tools and technologies to enhance the scale and ease of executing attacks. The report emphasizes the use of AI in crafting convincing phishing messages as a primary method to exploit human vulnerabilities. The significance of training employees to recognize such threats is underscored as a vital step in mitigating these attacks. This article highlights the shifting landscape of cyber threats in Australia but does not extensively address existential or catastrophic AI risks.

Body

Across Australia, telemetry and industry sources indicate that the number of local ransomware attacks are on the rise while average ransom amounts are down as cyber attackers are turning their sights beyond larger Australian enterprises to target SMEs. According to Gerald Beuchelt, Chief Information Security Officer at Acronis, one of the reasons Australian SMEs are vulnerable is because they are less prepared to defend against ransomware attacks. As larger enterprises bolster their defences, cyber criminals are targeting unsuspecting smaller businesses. SMEs can also mistakenly assume they are not worth attacking, or have a false sense of security because they incorrectly assume that default technologies offer complete cyber protection. Taking advantage of AI and the economics of scale to more easily launch attacks, attackers are "starting to go mid-market" with ransomware, Beuchelt says. "It's no longer the super advanced hacker who's been sitting in the dark corner of some room for many months, in order to put together a very sophisticated malware," he says. "Now it's literally just going out shopping and starting your attacks, just like you would set up a little bit of infrastructure on AWS." "Attackers can rent botnets, they can subscribe to malware-as-a-service, they can get a complete ransomware kit which only requires them ultimately to point it at their potential victims and then have the entire as-a-service industry in the underground execute for them." According to the latest Cyberthreats Report issued by the Acronis Threat Research Unit, phishing is an increasingly popular attack vector, as ransomware targets human frailties rather than technological shortcomings. Again, attacks are leveraging AI to generate convincing phishing messages designed to trick employees. Ensuring that employees are trained to recognise such threats is essential, Beuchelt says. " It's critical that everyone is trained to a basic level, and that includes new employees entering the business because they may not have had appropriate training prior."