Key Points:

Fewer cyber-attacks on Government systems have been accompanied by a rise on attacks on the private sector.

The first unclassified Australian Cyber Security Centre Threat Report has been released, giving details of the cyber adversaries targeting Australian networks and mitigation advice for organisations seeking to defend themselves against cyber threats.

Where has the report come from?

The Australian Cyber Security Centre (ACSC) opened in November 2014, bringing together the cyber security capabilities of a number of government intelligence agencies, including the Australian Crime Commission, the Australian Federal Police, the Australian Security Intelligence Organisation, and Computer Emergency Response Team (CERT) Australia.

This first unclassified report by the ACSC describes the range of cyber adversaries targeting Australian networks, explains their motivations, the malicious activities they are conducting and their impact, and provides examples of activity targeting Australian networks during 2014. The report also offers mitigation advice on how organisations can defend against these activities.

There are three key areas of insight from the new report:

1. Mapping the Australian cyber threat environment

At the end of December 2014, there were more than 12.6 million internet subscribers in Australia, and 21 million subscribers to mobile services with an internet connection. The cost of cybercrime in Australia during the period from October 2012-October 2013 has been estimated to be A$1 billion, and the actual costs of cybercrime at the systemic level include financial losses from fraud, system remediation costs and the costs of immediate responses.

The range of cyber adversaries targeting Australian networks include foreign state-sponsored adversaries, organised cybercrime syndicates, issue motivated groups and individuals with personal grievances.

The report discloses some interesting empirical data:

  • while the overall number of cyber security incidents increased in 2014, the number of confirmed significant compromises of Federal Australian Government networks has decreased since 2012;
  • in 2014, CERT Australia responded to 11,073 cyber security incidents affecting Australian businesses, 153 of which involved systems of national interest, critical infrastructure and government;
  • in 2014, the top five non-government sectors assisted by CERT Australia in relation to cyber security incidents were: energy (29%), banking and financial services (20%), communications (12%), defence industry (10%), and transport (10%);
  • during 2014, CERT Australia handled more than 8,100 incidents involving compromised websites.

The ACSC predicts that the Australian cyber threat environment will experience an increase in:

  • the number of capable state and cyber criminals;
  • cybercrime-as-a-service, reducing the barriers for entry for cybercriminals;
  • the sophistication of the current cyber adversaries, making detection and response more difficult; and
  • the number of cyber adversaries with a destructive capability. 

2. What kind of illegal activity is targeting Australian networks?

The following techniques are being used by cyber adversaries to target network vulnerabilities of Australian government and business:

  • "Spear phishing" ‒ the process of using social engineering techniques such as carefully crafted emails to entice a user to click on a link or open an attachment;
  • malicious use of Remote Access Tools that allows someone to access a computer from a remote location;
  • "watering-hole" techniques, which take advantage of a user’s trust in a legitimate website by placing malware on the frequented website to compromise the computers of visitors to the site;
  • Malware ‒ MALicious softWARE designed to facilitate unauthorised access or cause damage to a system;
  • Ransomware ‒ extortion through the use of malware that often locks a computer’s content and requires victims to pay a ransom to regain access; and
  • Denial of Service activities that prevent legitimate access to online services by consuming the amount of available bandwidth or the processing capacity of the host computer.

The ACSC predicts that spear phishing and ransomware will continue to be prominently used by cyber adversaries, and that the use of watering-hole techniques will also increase. The ACSC further predicts there will be an increase in electronic graffiti in the near future, such as web defacements and social media hijacking, designed to grab a headline.

3. Key cyber security alerts

The ACSC issued the following four important cyber security alerts in 2014:

  • Heartbleed: In April 2014, a serious vulnerability in OpenSSL’s implementation of the TLS/SSL Heartbeat extension was publicly disclosed. In April 2015, 12 months after Heartbleed was first publicised, it was revealed that an estimated 84% of Australian businesses were yet to fully remediate this vulnerability;
  • Bash / Shellshock: In September 2014, an extreme risk vulnerability in the Bash shell (the default shell on Linux and Apple OS X systems) was made public. This vulnerability can be exploited to remotely execute arbitrary code;
  • End of Support for Windows XP and MS Office 2003: In April 2014, Microsoft ended support for Windows XP and Microsoft Office 2003, so the ACSC has warned that there may be risk associated with continued use of this software; and
  • Microsoft Active Directory Group Policy Preferences Vulnerability: In July 2014, the ACSC notified Australian Government customers of a vulnerability associated with Microsoft Active Directory Group Policy which will need to be patched.

Incident reporting

Australian organisations are encouraged to report cyber security incidents to the ACSC by following the links on the ACSC website acsc.gov.au. Australian government agencies and businesses reporting cyber security incidents to the ACSC can request advice and assistance on how to remediate these incidents.

Also, organisations that have outsourced ICT services may request that their service provider report cyber security incidents to the ACSC.

The state of the internet

Those interested in further harm minimisation strategies for cyber threats, and the current internet landscape more broadly, should consider Akamai's most recent State of the Internet Report. The Akamai Report is based off an analysis of more than 2 trillion internet interactions which occur daily through the Akamai Intelligent Platform, and recommends increased user awareness and system hardening as a way of mitigating the threat of cybercrime.