The Australian Cyber Security Centre (ACSC) has issued the Annual Cyber Threat Report for the 2021-2022 financial year. It’s the ACSC’s flagship unclassified publication, providing insight into what’s happening in Australia’s cyberspace. I highly recommend that you spare some time to read it in detail.
Every year I eagerly await this report to be published and then spend quality time reading it. In this blog post, I am sharing some of the key highlights, recommendations, initiatives and resources that I found to be both interesting and beneficial to help the industry focus on what matters most.
- In 2021-2022 the ACSC received over 76,000 cybercrime reports, an increase of nearly 13 per cent from the previous financial year. This equates to one report every 7 minutes, compared to every 8 minutes last financial year. However, it remains underreported.
- Cyber security incidents responded to by the ACSC are growing in severity. Nearly 15 per cent of incidents in the 2021–22 financial year were categorised as C3 (isolated compromise), up by 6 per cent from the previous year.
- Australia has the world’s highest median wealth per adult, making individual Australians an attractive target to cybercriminals. Online banking and shopping compromise remained among the most common cyber crimes, while Business Email Compromise (BEC) trended towards targeting high-value transactions like property settlements.
- Both state actors and cybercriminals view critical infrastructure as an attractive target.
- The time between vulnerability disclosure and exploitation is closing rapidly; what once took weeks is now taking days or even hours. The majority of significant incidents ACSC responded to in 2021–22 were due to inadequate patching due to the rapid exploitation of critical public vulnerabilities.
- The average cost per cybercrime report in 2021–22 has increased by 14 per cent compared to 2020–21, with the highest cost for medium businesses (20 – 199 employees)
- While the more populous states (VIC and QLD) continue to report more cybercrimes, the Northern Territory and Western Australia reported the highest average reported losses.
- Ransomware represents a very small percentage of total cybercrime reports. It’s not surprising that it remains the most destructive cybercrime threat due to business disruption and reputational damage impacts.
- The expansion of Australia’s commercial incident response sector means incidents that previously required an ACSC response may now be handled by in-house or contracted incident response teams. During the 2021-22 financial year, the ACSC responded to 36 per cent fewer incidents compared to the 2020-2021 financial year.
- Cybercrime-as-a-Service (CaaS) has lowered the barrier to entry for actors seeking to conduct cybercrime and continued to increase the overall cybercrime threat to Australia.
- Cyberspace has become a battleground to pursue strategic interests. Australia would be vulnerable in future regional or global conflicts to cyber operations that target the supply chains that Australian systems depend upon.
- The ACSC estimates that at least 150,000 to 200,000 devices in Australian homes and small businesses are vulnerable.
- Implementing the Essential Eight cyber security strategies remains the most effective means of defending against cyber threats.
- The ACSC urges Australian organisations and individuals to report all cybercrimes and cyber security incidents.
- Australian network owners need to consider how to secure their critical systems and protect their sensitive information. This could be through improved segmentation between their corporate and operational networks, patching applications and devices, implementing mitigations against phishing and spear phishing attacks, ensuring that logging and detection systems are fully updated and functioning and reviewing incident response and business continuity plans.
- The ACSC advises against paying a ransom. Doing so does not guarantee a victim’s files will be restored, nor does it prevent the publication or sale of any stolen data. Along with increasing the likelihood of a victim being targeted again, each ransom payment also bolsters the viability of the ransomware market and puts other Australian organisations at greater risk.
- As vulnerabilities and interdependencies increase, preventative cyber security measures are not sufficient; organisations should also develop and test incident response, business continuity and disaster recovery plans.
- Operation Dolos is an AFP-led, multi-agency taskforce that counters transnational cybercriminals conducting or facilitating BEC (Business Email Compromise) —a cybercrime that commonly crosses borders. Operation Dolos targets and disrupts the BEC crime model, ultimately disrupting transnational organised cybercrime syndicates.
- Operation Orcus is an AFP-led multi-agency task force to coordinate law enforcement efforts against ransomware, particularly targeting ransomware developers and those who use RaaS. The task force comprises AFP, ACSC, ACIC, AUSTRAC and state and territory police. Operation Orcus also works with international partners, including Interpol and Europol.
- AquaEx is an ACSC lead initiative that coordinated a national cyber security exercise series in partnership with Australia’s urban water and wastewater sector and government agencies. The exercise series provided an opportunity for industry and government to exercise arrangements for responding to and recovering from a ransomware incident impacting Australia’s urban water and wastewater sector.
- Critical Infrastructure Uplift Program (CI-UP). CI-UP is a voluntary service provided by the ACSC to help protect Australia’s essential services from cyber threats by raising the cyber security levels of critical infrastructure organisations.
- CHIPs is an ACSC capability that tracks and monitors the cyber security posture of Australian, state, territory and local government entities’ internet-facing assets. CHIPs also conduct rapid operational tasking when potential cyber threats emerge, such as newly disclosed vulnerabilities.
- CTIS is an ACSC lead initiative that enables the sharing of cyber threat intelligence at machine speed. Through automation, participating entities receive cyber threat intelligence in a structured and timely manner.
- The Australian Protective Domain Name System (AUPDNS) is dedicated to protecting government networks. The system uses verified threat intelligence to build a ‘block list’ of known malicious web domains.
- Domain Takedown Service is an ACSC lead initiative created in response to the increasing threat posed by domains hosting malicious software. Upon detecting suspected malicious software, the service verifies maliciousness before issuing a takedown notification request to the relevant Domain Host.
While the report has shared many scary facts, it did share great recommendations that every business should follow to be secure in today’s world. Furthermore, the report presented lots of beautiful stories about the extraordinary work the ACSC and the industry do to protect Australians and their businesses. One story I liked most was the ACSC’s efforts to support the Australian Bureau of Statistics (ABS) census in August 2021, which resulted in a successful census without any cyber security incident or disruption to service.
Author: Mouaz Alnouri
Skillfield is an Australian based IT services consultancy company empowering businesses to excel in the digital era. Across our two main practices of Cyber Security & Data Services, our talented and committed professionals provide smart and simplified solutions to complex cyber security and big data challenges.