Cybercrime continues to grow to an alarming level
Cybercrime is the biggest threat to businesses who have on online presence. Bad actors from every country are growing in numbers and our security tools are detecting a significant attack.
We have been detecting and recording hundreds of thousands of malicious internet activity for some time now, this includes Distributed Denial of Service, Denial of Service, Phishing, Web Site Attacks, Spam, Unauthorized Login attempts to IMAP, SMTP, Remote Access etc., As a result we have gain detailed knowledge by Country, Service Provider, IP Addresses and range of offending IP Addresses.
All our research is based on attacks to Australian targets.
System Administrators are frustrated by the lack of responsibility by Data Centres, Hosting Providers, ISP’s and RSP’s when reporting abuse.
Lets consider a typical response, in this example OVH SAS France:
Thank you for taking the time to contact the OVH Abuse Team, this message confirms that we did receive your report, and created the Abuse Ticket [sanitised] to reference it.
OVH conducts its activities in conformity with applicable laws, we forbid any use of our products that don’t conform to our general terms and conditions of services.
It’s important to note that most of our services are rented “unmanaged” to our customers. This means that we only have physical access to the server and cannot access its content (no root, administrator, or user access). We are technically unable to modify or delete content, or making an abusive behavior stop by intervening directly on the server, as it is not managed by us.
We will however transmit the technical information of your report to the customer managing the infrastructure concerned, and we will follow this ticket to its resolution.
You’ll find at the end of this e-mail the technical details you’ve sent us, for reference.
The OVH Abuse Team.
As we can see from a typical respond the real concerning issue is related to “Unmanaged Servers” where the Host is basically taking no responsibility for harboring cybercrime activities on their hardware and network. In addition many hosts offer a huge bundle of IP Addresses for cyber attackers to use, thus moving activity to a new set of addresses.
In Australia we appear to have very weak options to report abuse that has become seriously disruptive.
How should this be addressed?
Frankly, as internet speeds increase higher that the totally unsatisfactory Australian NBN the problem will be worse for Australian’s use of technology, attacks are currently at a all time high, (those that get identified), and there is very poor results from reporting cybercrime.
What should be addresses is a government abuse reporting site that is quick and easy to report activities, much like AbuseIPDB where system admins report abuse to share with other support experts. A single government body should be submitting the collected abuse data to the abuse contacts of the registrant, instead of individual users or companies. When there is not action taken then an alert should be raised and eventually the attackers IP addresses blocked in Australia.
In Australia we have “The Australian Cyber Security Centre” which is part of the Australia Signals Directorate https://cyber.gov.au/ however it appears to impose a manual requirement to report cyber crime,where it should have an API for system admins to submit reports that can provide an early warning of real-time trends to actually deliver it’s promise to protect Australians from cybercrime.
The Australian Government is currently boasting it’s successes of the National Broadband Network however as System Administrators and Business Owners we know that we are being surpassed by other countries who are adopting 10Gb fibre networks and with little protection against cybercrime that is effective then we are heading for failure. A network without cybercrime protection will impact everything dependant on a public network.
As mentioned previously, a huge part of the current cybercrime issue is that data centres, hosting companies and service providers are hiding cybercrime with an excuse that that can do little to stop cybercrime on servers that they house for unmanaged contracts. These unmanaged servers are typically cheap and can have short term leases specifically for cybercrime.
We would welcome opportunities to discuss with The Australian Cyber Security Centre on implementing significant changes to protect Australia well into the technology future. depending on individual community reporting is not delivering the real extent of the activities and metrics required to build any protection policies that will work.
Australia needs to be proactive and a leader in this field, it’s a framework that is critical to our success.