Australia’s latest cyber threat report a sobering message for industry and government leaders
The Australian Cyber Security Centre’s (ACSC) Annual Cyber Threat Report 2020-21 has several sobering messages for Australia’s industry and government leaders. It highlights key themes and trends for Australia’s industry and government leaders to use, together with their own business intelligence, to assess their current cyber posture and prioritise efforts to strengthen their cyber security and get ahead of the threats.
Our six key observations from the report –
- Cyber incidents are continuing to increase in number and cost individuals, businesses and the Australian economy significant financial losses.
Cyber incidents voluntarily reported to the ACSC in 2020-21 increased by 13 percent on the previous financial year and self-reported losses from cybercrime was over $33 billion (AUD). Over 67,500 cybercrime reports were observed by the ACSC. As these figures only represent self-reported incidents, we expect the actual numbers to be higher.
- Our government institutions and critical infrastructure operators continue to be targeted by malicious cyber adversaries.
Thirty five percent of all cyber incidents reported to the ACSC were from Commonwealth, state, territory and local government agencies.
Twenty five percent were associated with Australia’s critical infrastructure, including our education, health, communications, electricity, water and transport sectors.
If passed, the Australian Government’s Security Legislation Amendment (Critical Infrastructure) Bill 2020, which introduces new cyber security requirements for critical infrastructure organisations across eleven sectors, including mandatory reporting obligations, will likely see an increase in the number of cyber incidents reported in subsequent years.
- Ransomware and Business Email Compromise (BEC) were top cyber threats for 2020-21.
Ransomware and business email compromise (BEC) are highlighted as two of the most common incident types.
Nearly 160 of the 1,630 cyber incidents the ACSC responded to related to ransomware. A trend with ransoms is cybercriminals are also stealing data such as intellectual property and personal information of employees and customers. Adversaries then demand payment to decrypt and restore access to files/networks and not publicly release the stolen data.
The ACSC does not recommend paying ransom demands as this does not guarantee files will be unlocked and may increase the risk of being retargeted in the future.
While it is possible to recover from ransomware without paying ransoms, this can take time. We recommend preventative action including ransomware protection, updating devices and applications, multi-factor authentication, restricting administrator privileges and regular data backups.
Total financial loss from BEC was approximately $81.45 million (AUD) for 2020–21, and unfortunately one case resulted in bankruptcy of a company. BEC can be difficult to detect, as emails appear legitimate and aren’t always stopped by anti-virus programs and spam filters.
Organisations can reduce BEC risks by implementing technical solutions to scan each message on arrival at an enterprise boundary, training staff to recognise suspicious emails and social engineering methods, and have business processes to verify information such as bank account details and payment requests.
- Malicious cyber adversaries are exploiting the COVID-19 pandemic environment.
Adversaries continue to take advantage of crises and exploit organisations’ stretched resources. Activities to deceive individuals into making payments and handing over personal information included impersonating government authorities in phishing texts and illegitimate COVID-19 themed websites.
As businesses have implemented work from home arrangements and dependency on the internet has increased, this has increased the attack surface (more vulnerable connections), giving adversaries more opportunities to exploit vulnerabilities. Organisations can strengthen defences by using secure remote access solutions with multi-factor authentication.
- Supply chains – particularly software and services – are being targeted.
The ACSC assesses the threat from supply chain compromises will remain high. Although the effects of the SolarWinds Orion attack did not have severe consequences for Australia, this case was provided as an example of an attack difficult for vendors and customers to protect networks from given the well-resourced and highly capable adversaries who undertake these types of attacks.
- State-sponsored adversaries and cybercriminals rapidly exploit publicly reported security vulnerabilities.
Malicious cyber adversaries – both state-sponsored and cybercriminals – will continue to exploit publicly reported vulnerabilities given the ease, scalability and low costs. The ACSC recommends organisations patch their applications within 48 hours. If this is not possible, organisations should have robust cyber incident detection and response plans in place.
We encourage organisations to read the ACSC Annual Cyber Threat Report 2020-21.