The Australian Signals Directorate (ASD) Cyber Threat Report for the fiscal year 2022-23 presents a detailed analysis of the cyber threats facing Australia. The report underscores the persistent risk posed by malicious cyber activities to the nation’s security and prosperity.
Key Findings
- Malicious Cyber Activity: Australia’s networks faced regular targeting by both opportunistic and deliberate cyber activities, with malicious actors demonstrating the intent and capability to compromise vital systems.
- ASD’s Response to Incidents: ASD responded to over 1,100 cybersecurity incidents from Australian entities. Additionally, nearly 94,000 reports were made to law enforcement through ReportCyber, averaging one report every six minutes.
- State Actors and Critical Infrastructure: State actors increasingly targeted government and critical infrastructure networks globally. These activities were part of information-gathering campaigns or disruption activities. The AUKUS partnership, focusing on advanced military capabilities, emerged as a likely target for intellectual property theft.
- ‘Snake’ Malware and ‘Living-off-the-land’ Techniques: ASD called out Russia’s Federal Security Service for using ‘Snake’ malware for cyber espionage and highlighted activities by a People’s Republic of China state-sponsored cyber actor compromising critical infrastructure organizations.
- Cybercriminal Tactics: Cybercriminals adapted their tactics, with ASD responding to 127 extortion-related incidents, including ransomware attacks and business email compromise. Hacktivists’ denial-of-service attacks also remained a significant threat.
- Data Breaches: Significant data breaches led to millions of Australians having their information stolen and leaked on the dark web.
- Exploitation of Critical Vulnerabilities: One in five critical vulnerabilities was exploited within 48 hours of patching or mitigation advice being available, highlighting the need for prompt and effective patching.
- Challenges in Cybersecurity: The complexity of ICT supply chains and advancements in fields like artificial intelligence pose new challenges. Emphasizing secure-by-design and secure-by-default products is crucial, along with fostering a positive cyber-secure culture.
- REDSPICE Initiative: ASD’s first year of the REDSPICE program enhanced cyber threat intelligence sharing, uplifted critical infrastructure, and improved national incident response capabilities.
- Partnerships for Cyber Resilience: The Cyber Security Partnership Program, involving over 110,000 organizations and individuals, underscores the importance of public-private partnerships in bolstering Australia’s cyber resilience.
Table: ASD Cyber Threat Report – Year In Review (FY 2022-23)
Category | Detail | Statistic/Action |
---|---|---|
Cybercrime Impact | Average cost of cybercrime per report | Up 14% |
Small business | $46,000 | |
Medium business | $97,200 | |
Large business | $71,600 | |
Cybercrime reports | Nearly 94,000 (up 23%), one every 6 minutes | |
ASD Response | Calls to Cyber Security Hotline | Over 33,000 (up 32%), 90 calls/day |
Top 3 cybercrime types for individuals | Identity fraud, online banking fraud, online shopping fraud | |
Top 3 cybercrime types for business | Email compromise, BEC fraud, online banking fraud | |
CVEs reported | Increased by 20% | |
Cyber security incidents responded to | Over 1,100 | |
Ransomware incidents | 10% of all incidents | |
Ransomware notifications | 158 entities (up 7%) | |
Malicious domain requests blocked | Over 67 million (up 176%) | |
Attacks blocked against Australian servers | Over 127,000 (up 336%) | |
Cyber Threat Intelligence Sharing partners | Grew by 688% to over 250 | |
Cyber Hygiene Improvement Program | High-priority Operational Taskings | 103 (up 110%) |
Reports distributed | Around 4,900 to 1,360 organisations (up 16% and 32%) | |
Critical Infrastructure Uplift Program (CI-UP) | Completed CI-UPs | 3, covering 6 CI assets |
CI-UPs in progress | 3 | |
CI-UP Info Packs sent | 20 | |
CI-UP workshops held | 5 | |
Notifications to critical infrastructure entities | 7 (up from 5) | |
Publications and Partnerships | PROTECT and ISM guidance publications | 34 |
Alerts, advisories, reports published | 64 | |
Cyber Security Partnership Program growth | Around 110,000 partners | |
Individual Partners growth | Up 24% | |
Business Partners growth | Up 37% | |
Network Partners growth | Up 29% | |
Cyber Security Exercises and Briefings | Cyber security exercises led | 20, involving over 75 organisations |
Briefings to board members and directors | Covering 33% of the ASX200 | |
Cyber Security Incident Categorization | C2 incidents | Rose from 2 to 5 |
C3 incidents | 15% of all incidents, 30% related to critical infrastructure | |
Most common C3 incident types | Compromised assets (23%), data breaches (19%), ransomware (14%) | |
Sector Reporting | Cyber security incidents by sector | Government sectors and critical infrastructure most reported |
Cyber-Enabled Data Breaches: A Growing Concern
The report underscores the ubiquity of data and its attractiveness to malicious actors. In 2022-2023, millions of Australians experienced compromised private information due to significant data breaches. These breaches not only entail substantial financial costs but also lead to productivity losses, legal repercussions, and reputational damage. The protection of sensitive personal information emerges as a vital aspect for community safety, business prosperity, and national security.
The Essential Eight: A Shield Against Cyber Threats
ASD’s Essential Eight mitigation strategies are emphasized as one of the most effective defenses against cyber threats. These strategies include application control, patching applications, configuring Microsoft Office macro settings, user application hardening, restricting administrative privileges, patching operating systems, multi-factor authentication, and regular backups. The report highlights the importance of contemporary and actionable cyber security advice, shaped by feedback from government and industry partners.
State Actors: A Persistent Cyber Threat
The report notes a deterioration in the global and regional strategic environment, with state actors increasingly using cyber operations to gain a geopolitical edge. These actors target critical infrastructure and networks of strategic value, aiming to destabilize or disrupt economic, political, and social systems. The theft of sensitive and valuable data, including proprietary information and personal details, is a key concern.
Cybercrime Techniques: Evolving and Diversifying
Cybercriminals employ various techniques like phishing, spear phishing, ransomware, and data-theft extortion. The report details how these methods are used to harvest sensitive information or facilitate other malicious activities. The emergence of Ransomware-as-a-Service (RaaS) models, enabling affiliates with limited technical knowledge to deploy ransomware attacks, is particularly alarming.
Critical Infrastructure: A Target for Cyber Attacks
The report includes case studies, such as the ransomware incident involving Dole, a global food distributor. This incident highlights the importance of network segmentation and firewall policies in preventing malware impacts on critical infrastructure. Effective separation through network segmentation is recommended as a crucial strategy to protect sensitive data.
Exploitation of Vulnerabilities: An Increasing Trend
The report observes a steady rise in the number of published Common Vulnerabilities and Exposures (CVEs). It notes that around 82% of vulnerabilities had a network attack vector, indicating a preference for remotely exploitable vulnerabilities by malicious actors. The rapid exploitation of these vulnerabilities post-release of patches or mitigation advice is a significant concern.
Conclusion
The ASD Cyber Threat Report 2022-2023 provides a comprehensive overview of the current cyber threat environment. It highlights the critical need for robust cyber security measures, including the implementation of the Essential Eight, to protect against a diverse range of cyber threats. As cyber threats continue to evolve, staying informed and proactive is imperative for safeguarding national security, business interests, and personal privacy.
Below is a table that quantifies the issues and risks outlined in the article.
Table: Quantification of Cyber Threats and Risks (July 2022 – June 2023)
Category | Statistic/Issue | Quantification/Detail |
---|---|---|
Data Breaches | Average data exfiltrated per breach | Approx. 120 gigabytes |
Highest data exfiltrated in a single breach | Approx. 870 gigabytes | |
Types of information compromised | Health info (32%), Unknown (18%), Tax numbers (14%), etc. | |
Cyber Security Incidents | Total incidents responded to | Over 1,100 |
Most affected sectors | Federal government (30.7%), State/local government (12.9%) | |
Case Study: Dole Ransomware | Direct costs due to ransomware attack | USD $10.5 million |
Key protective measure highlighted | Network segmentation and firewall policies | |
Exploitation Techniques | Breaches involving valid account exploitation | 41% |
Breaches involving internet-facing applications | 34% | |
Sector Analysis | Sector most targeted by cyber incidents | Federal government (30.7%) |
Next most targeted sectors | State/local government (12.9%), Professional services (6.9%) |