Report cyber attacks to the police ASAP, businesses told

The earlier businesses that fall prey to cyber attacks report the crime to the police, the better the quality of investigation, according to the AFP.

Commander Chris Goldsmid (pictured), acting assistant commissioner, cybercrime operations, at the Australian Federal Police (AFP), pushed businesses to report a cyber attack incident immediately to both the police and incident response teams.

“The earlier victims of cyber crime report it, the more the police could potentially do,” he told Cyber Daily ahead of his keynote session at the Australian Cyber Security Summit 2024 about the threats businesses are facing in the online world and the AFP’s role after a cyber attack.

“If a business has faced financial losses, working with the police alongside their financial institution could increase chances of recovering the money. We’ve had success when investigating major cyber incidents because early reporting has allowed us to follow the lines of enquiry and the theft of data offshore.”

============

However, he underscored that the roles of the police and first incident responders are different and that the police do not undertake incident response and remediation work.

Instead, they will collaborate with business owners to gather evidence of the attack from their networks in order to investigate the crime, find the criminals behind the attack and investigate them, and potentially prosecute or disrupt their activities.

The AFP has worked with its overseas counterparts to disrupt the criminals’ ability to use the stolen data from the organisation to commit additional crimes, Commander Goldsmid said.

“Investigating data theft, attacks on computer networks, and encryption of networks can be very complex and takes time to bring to fruition,” he said.

“We’ve worked with our global partners, including offshore law enforcement partners, to succeed in significant takedowns over the last few months.”

VIEW ALL

Indeed, the AFP helped with an international operation to disrupt the BlackCat ransomware group, a Russian-led hacking group that is estimated to have cost victims hundreds of millions of dollars around the world. The group targeted at least 56 businesses and government agencies in Australia over the past year, the AFP said in December 2023.

The AFP’s Operation Aquila also assisted law enforcement agencies from 10 countries in the campaign against the LockBit ransomware-as-a-service operation, the most prolific ransomware operator in the world.

Australian businesses and individuals can use the national cyber crime reporting system (by emailing [email protected]) to report a cyber crime, which is a shared responsibility between the AFP and the state and territory police.

The AFP investigates cyber crime against critical infrastructure, the Commonwealth government, and other systems of national significance, Commander Goldsmid said, while state and territory police would investigate incidents at small and medium-sized enterprises (SMEs).

During their investigations, the police typically seek evidence of data theft, infiltration and how the criminals accessed the network, what the exfiltration points are, and information around logins.

“We’re interested in evidence of activities by the criminal, including what they did well on the network, how they moved data off it, and if they stole data,” Commander Goldsmid said.

As such, he encouraged businesses to preserve any piece of evidence related to those areas.

Moreover, he urged them to exercise their incident response arrangements in the event that a cyber crime compromises their network and is inoperable through encryption.

“You should know who to call, what everyone’s responsibilities are, and who the decision makers are within your organisation for tasks like remediation and restoring data and files from backups,” Commander Goldsmid said.

“Thinking about the cyber crime threat up front and preparing by raising awareness are very important.”

Business owners can access resources at the Australian Cyber Security Centre (including the Essential Eight), with Commander Goldsmid noting that the AFP works seamlessly with ACSC during incidents and has teams of people in the centre.

To hear Commander Chris Goldsmid’s keynote address on how the AFP can help businesses in the event of a cyber attack, come along to the Australian Cyber Security Summit.

It will be held on Thursday, 20 June 2024, at the National Convention Centre, Canberra.

Click here to buy tickets and don’t miss out!

For more information, including agenda and speakers, click here.