16 Sep ACSC Annual Cyber Threat Report 2020-21
ACSC Annual Cyber Threat Report 2020-21
On the 15th of September, the Australian Cyber Security Centre (ACSC) released its Annual Cyber Threat Report. The Report provides an overview of the key cyber security threats affecting Australian networks that the ACSC observed during the 2020-21 financial year. We have provided extracts from the Report that are relevant and applicable to CRM Brokers’ clientele.
Over the 2020–21 financial year, Australian individuals, organisations and government entities’ engagement online was largely influenced by the impacts of the COVID-19 pandemic. The pandemic has significantly increased Australian dependence on the internet – to work remotely, to access services and information, and to communicate and continue our daily lives. This dependence has increased the attack surface and generated more opportunities for malicious cyber actors to exploit vulnerable targets in Australia
- Cyber threats are increasing in both complexity and frequency, with a cybercrime reported every eight minutes in Australia.
- Over $33 billion (AUD) in financial losses to cybercrime were reported by Australian individuals and organisations via ReportCyber.
- The top three cybercrime types reported via ReportCyber were:
- Fraud cybercrime – approximately 23 per cent
- Shopping cybercrime – approximately 17 per cent
- Online banking cybercrime – approximately 12 per cent
- During the reporting period, the ACSC issued 39 Alerts and advisories to help combat urgent and critical threats.
- The ACSC received over 22,000 calls on the Cyber Security Hotline
Key threats and trends
The ACSC identified the following key cyber security threats and trends in the 2020–21 financial year:
- Exploitation of the pandemic environment: Malicious actors exploited the coronavirus pandemic environment by targeting Australians’ desire for digitally accessible information or services. For example, spear phishing emails were regularly associated with COVID-related topics, encouraging recipients to enter personal credentials for access to COVID-related information or services.
- Disruption of essential services and critical infrastructure: Approximately one quarter of cyber incidents reported to the ACSC during the reporting period were associated with Australia’s critical infrastructure or essential services. Significant targeting, both domestically and globally, of essential services such as the health care, food distribution and energy sectors has underscored the vulnerability of critical infrastructure to significant disruption in essential services, lost revenue and the potential of harm or loss of life.
- Ransomware: has grown in profile and impact, and poses one of the most significant threats to Australian organisations. The ACSC recorded a 15 per cent increase in ransomware cybercrime reports in the 2020–21 financial year. This increase has been associated with an increasing willingness of criminals to extort money from particularly vulnerable and critical elements of society. Ransom demands by cybercriminals ranged from thousands to millions of dollars, and their access to darkweb tools and services improved their capabilities. Extortion tradecraft evolved, with criminals combining the encryption of victim networks with threats to release or on-sell stolen sensitive data and damage the victim’s reputation. Ransomware incidents disrupted a range of sectors, including professional, scientific and technical organisations, and those in health care and social assistance. The global impact of the Colonial Pipeline and JBS Foods attacks underscores the potential debilitating and widespread impact of ransomware attacks
- Rapid exploitation of security vulnerabilities: State and criminal cyber actors continued to compromise large numbers of organisations by prosecuting publicly disclosed vulnerabilities at speed and scale. Malicious actors exploited security vulnerabilities, at times within hours of public disclosure, patch release or technical write up – particularly if proof of concept (PoC) code that identified the vulnerabilities in systems was also released.
- Supply chains – particularly software and services – continue to be targeted by malicious actors as a means to gain access to a vendor’s customers. Although the consequences of major supply chain attacks – such as SolarWinds – were not as severe for Australia, a number of organisations were forced to take mitigation actions to prevent more serious impacts to their networks. The threat from supply chain compromises remains high – it is difficult for both vendors and their customers to protect their networks against well-resourced actors with the
ability to compromise widely used software products.
- Business email compromise (BEC) continues to present a major threat to Australian businesses and government enterprises, especially as more Australians work remotely. In the 2020–21 financial year, the average loss per successful event has increased to more than $50,600 (AUD) – over one-and-a-half times higher than the previous financial year. Cybercriminal groups conducting BEC have likely become more sophisticated and organised, and these groups have developed enhanced, streamlined methods for targeting Australians.
What you should do
Given the cyber threat landscape over the past year, the ACSC continues to recommend all Australian organisations prioritise implementation of the Essential Eight Maturity Model and, in particular, consider the following six actions:
- Report all cybercrime and cyber security incidents, via ReportCyber. This is the central place to report a cyber security incident, cybercrime, or a cyber security vulnerability. The ACSC website (cyber.gov.au) provides extensive advice, guidance and information on a range of cyber security matters. The website also provides additional assistance and referral pathways depending on the nature of the incident or cybercrime. The ACSC encourages the reporting of cyber security matters to assist the ACSC in understanding the Australian cyber threat environment.
- Become an ACSC Partner. Australian organisations who partner with the ACSC receive threat insights, advisories and advice to enhance their situational awareness. Cyber security professionals in our partner organisations also receive collaboration opportunities across industry and the Australian Government.
- Know your networks. The ACSC encourages all users to understand and review their networks to establish where valuable or sensitive information and infrastructure is located, and apply appropriate cyber security measures proportionate to the risk of compromise.
- Patch within 48 hours where an exploit exists. Malicious cyber actors monitor reporting of security vulnerabilities and use automated tools to regularly scan for and exploit network vulnerabilities. This means that organisations can no longer follow monthly patch update cycles, and should prioritise patching to protect their networks from cyber security incidents. Ensure patches, updates or vendor mitigations for security vulnerabilities in internet-facing services are applied within two weeks of release, or within 48 hours if an exploit exists. Where this is not possible, it is important that organisations have robust cyber incident detection and response plans in place. For organisations that cannot patch their internet-facing services in a very timely manner, adopting trustworthy Software as a Service (SaaS) or Platform as a Service (PaaS) cloud approaches to internet-facing services, which immediately apply patches on the customer’s behalf, may assist.
- Evaluate risks associated with cyber supply chains. The ACSC encourages organisations to follow the ACSC’s advice on cyber supply chain risk mitigation.
- Prepare for a cyber security incident by having incident response, business continuity and disaster recovery plans in place, and testing them. An incident response plan enables organisations to respond decisively to a cyber security incident, limit its impact and support recovery. Testing the incident response, business continuity and disaster recovery plans, including through cyber security exercises involving restoration of systems, software and important data from backups, provides an opportunity to review and improve in a controlled environment.
The ACSC Cyber Threat Report provides vital advice on how you can protect yourself against common cyber security threats, including that you:
• Be alert for phishing emails.
• Turn on multi-factor authentication whenever possible, especially for your main online accounts.
• Update your devices regularly and patch known exploits within 48 hours.
• Back up your important information to the cloud or an external hard drive.
Remember that cyber.gov.au is your one-stop-shop for cyber security advice and guidance, including step-by-step guides for individuals, families, small-to-medium business and large-scale organisations and government organisations.
You can read the full report on the website.
Stay Smart – Act Now
A cyber insurance policy should be part of every successful business’s risk management framework. Cyber insurance is not the first line of defence; it is designed to protect a business when it’s IT security, policies and procedures fail to stop an attack.
Don’t wait until it’s too late – click here to obtain a Cyber Insurance quote online in a matter of minutes.
If you have any further questions regarding Cyber Insurance and how it can protect your business, contact Vikram Choudhry on 1300 880 494.
This article provides information rather than financial product or other advice. The content of this article, including any information contained in it, has been prepared without taking into account your objectives, financial situation or needs. You should consider the appropriateness of the information, taking these matters into account, before you act on any information. In particular, you should review the product disclosure statement for any product that the information relates to it before acquiring the product.
Information is current as at the date the article is written as specified within it but is subject to change. CRM Brokers make no representation as to the accuracy or completeness of the information. Various third parties have contributed to the production of this content. All information is subject to copyright and may not be reproduced without the prior written consent of CRM Brokers.