United Communication Group

Anubhav said the site was hosting a .zip archive that contained JavaScript that included obfuscated PowerShell. The PowerShell downloads a gif file which is in reality a Cerber executable. Cerber has been in circulation for more than a year, and like most crypto-ransomware families, it has been spread by exploit kits, spam campaigns, and the same botnet used by the Dridex financial malware. Earlier this year, attackers were exploiting a critical Apache Struts vulnerability on Windows servers and dropping Cerber on the machines. Anubhav and Mariano Palomo Villafranca, a malware analyst with Spanish telco Telefonica, today published an analysis of the attack. They point out that most U.S. .gov sites are whitelisted by reputation services, making them ideal malware hosts for attackers wishing to elude detection.

Unfortunately, there is a trend of Australian organisations who have experienced infections not reporting them, which is counter-productive to developing ways companies can implement safeguards against these types of attacks," he said. While the recent wave of cyber attacks have raised public awareness of Australia's vulnerability, Savvides said it's important to note that despite the country's geographic isolation, it has never been isolated from threat. "Australia consistently ranks in the top 10 of most attacked countries for a variety of cyber attacks, particularly ransomware due to Australians' tendency to pay," he explained. "Australians have high disposable incomes, and a fairly laid-back attitude towards cybersecurity and data backup, making us ideal victims of cybercrime.