Malicious Cyber Activity in Australia (ACSC / ASD Report 2022–23)
Australia faced significant risks from malicious cyber activities, with various actors showing intent and capability to compromise vital systems, according to the Cyber Threat Report (2022-2023) from the Australian Signals Directorate (ASD) released this week. Australian networks were targeted by both opportunistic and deliberate cyber activities. The ASD responded to over 1,100 cyber security incidents and nearly 94,000 reports were made to law enforcement through the ASD website.
Key Cyber Security Trends
State Actors Targeting Critical Infrastructure: State actors globally targeted government and critical infrastructure networks for information-gathering or disruption, with the AUKUS partnership being a likely target for intellectual property theft. Cyber operations became a preferred method for espionage and foreign interference.
Russian and Chinese Cyber Espionage: ASD called out Russia’s Federal Security Service for using ‘Snake’ malware and highlighted activities of a Chinese state-sponsored actor compromising critical infrastructure.
Attacks on Australian Critical Infrastructure: There were 143 cybersecurity incidents related to critical infrastructure, facilitated by interconnected systems and internet-connected operational technology.
Evolving Cybercriminal Tactics: Cybercriminals adapted their methods, with ASD responding to 127 extortion-related incidents, mostly involving ransomware. Business email compromise and hacktivist denial-of-service attacks were also common.
Data Breaches: Significant breaches led to the theft and leaking of millions of Australians’ data on the dark web.
Exploitation of Vulnerabilities: One in five critical vulnerabilities was exploited within 48 hours, often due to inadequate patching.
Cyber Security Challenges and Responses
Complex ICT Supply Chains and AI: Advances in technology and complex supply chains pose new challenges. Emphasis on secure-by-design and secure-by-default products is crucial.
REDSPICE Initiative: ASD’s REDSPICE program enhanced cyberthreat intelligence sharing, critical infrastructure uplift, and national incident response.
Partnerships for Cyber-Resilience: Over 110,000 organisations and individuals joined ASD’s Cyber Security Partnership Program.
Year in Review – Cybercrime Statistics
Cost of Cybercrime: Increased for businesses of all sizes, with nearly 94,000 cybercrime reports (a 23% increase).
Cyber Security Hotline: Over 33,000 calls received, a 32% increase.
Top Cybercrime Types: For individuals, identity fraud, online banking fraud, and online shopping fraud were prevalent. For businesses, email compromise and business email compromise (BEC) fraud were common.
ASD Actions
Incident Response: Responded to over 1,100 incidents, with 10% involving ransomware.
Ransomware Notifications: Notified 158 entities of ransomware activity, a 7% increase from the previous year.
Domain Protection: Blocked millions of malicious domain requests and attacks against Australian servers.
Cyber Threat Intelligence Sharing: Expanded significantly with more partners.
Cyber Hygiene Improvement Program: Increased operational taskings and reports to organisations.
Critical Infrastructure Uplift Program (CI-UP): Progressed with several CI-UPs completed or in progress.
Guidance Publications: Published or updated numerous PROTECT and ISM guidance documents.
Cyber Security Exercises: Led exercises involving over 75 organisations to enhance cyber resilience.
Briefings for ASX200 Companies: Covered 33% of the ASX200 in briefings to board members and company directors.
Summary
Australia is being increasingly targeted by malicious cyberattacks, including those conducted by state-based actors for espionage or grey-zone activities. Robust cybersecurity practices and training are more crucial than ever to reduce these risks.