The Australian Cyber Security Centre (ACSC) has released its first unclassified Threat Report , which describes a number of cyber adversaries targeting Australian networks, explaining their motivations, the malicious activities they are conducting, and their impact. This threat report also provides a number of examples of activity targeting Australian networks during 2014. The report further offers mitigation advice on some of the types of malicious activity targeted to Australian organisations, how best to deal with these threats, and how to both prevent and respond to these activities to limit the severity of the damage.
The report calls out a number of techniques that are being used by cyber adversaries to target Australian government and business. These include:
Australian Government agencies that have implemented the ASD (Australian Signals Directorate) Top 4 Strategies to Mitigate Targeted Cyber Intrusions , and a number of other strategies, are improving their protection against cyber espionage activities. When implemented, the Strategies can mitigate at least 85 percent of targeted cyber intrusions responded to by the ACSC.
While the overall number of cybersecurity incidents increased in 2014, the number of confirmed significant compromises of federal Australian Government networks has decreased since 2012.
In 2014, CERT Australia responded to 11,073 cybersecurity incidents affecting Australian businesses, 153 of which involved systems of national interest, critical infrastructure and government.
In 2014, the top five non-government sectors assisted by CERT Australia in relation to cybersecurity incidents were: energy (29%), banking and financial services (20%), communications (12%), defence industry (10%), and transport (10%).
During 2014, CERT Australia handled more than 8,100 incidents involving compromised websites.
Australian organisations are urged to report cybersecurity incidents to the ACSC by following the links on the ACSC website. Australian government agencies and businesses reporting cybersecurity incidents to the ACSC can request advice and assistance on how to remediate these incidents.
The threat report calls out a number of trends, which will continue, locally and globally:
Cybersecurity efforts should aim to make Australian organisations a harder target and, thereby, increase the trust and confidence of all Australians to engage in the benefits the Internet brings. The report explains that “Effective cyber security requires a partnership between government and the private sector.” One such partnership could be around information sharing, which ultimately shifts more costs to the cyber adversaries.
Many adversaries often write one piece of malware and send it to multiple organisations. However, if we, as a community – in partnership with government and the private sector – can force cyber adversaries to create multiple unique attacks each time, forcing their costs to go up. And if we can share the information, the defender costs go down. The benefits grow exponentially if we automate this process whereby organisations do this in real time, whilst preventing the attacks.
It is unlikely we will ever stop all cyber intrusions, but through a concerted effort to share information, we can significantly raise their costs, thus making it harder for them to threaten Australian and global organisations.