The Australian Cyber Security Centre (ACSC) has released its first unclassified Threat Report [1], which describes a number of cyber adversaries targeting Australian networks, explaining their motivations, the malicious activities they are conducting, and their impact. This threat report also provides a number of examples of activity targeting Australian networks during 2014. The report further offers mitigation advice on some of the types of malicious activity targeted to Australian organisations, how best to deal with these threats, and how to both prevent and respond to these activities to limit the severity of the damage.
The report calls out a number of techniques that are being used by cyber adversaries to target Australian government and business. These include:
- Spear Phishing ‒ the process of using social engineering techniques, such as carefully crafted emails, to entice a user to click on a link or open an attachment.
- Remote Access Tools – the malicious use whereby someone accesses a computer from a remote location.
- Watering Hole – a technique which takes advantage of a user’s trust in a legitimate website by placing malware on the frequented website to compromise the computers of visitors to the site.
- Malware ‒ malicious software that is designed to facilitate unauthorised access or cause damage to a system.
- Ransomware ‒ extortion through the use of malware that often locks a computer’s content and requires victims to pay a ransom to regain access.
- Denial of Service ‒ an activity that prevents the legitimate access to online services by consuming the amount of available bandwidth or the processing capacity of the host computer. This may also include the use of ransomware.
Australian Government agencies that have implemented the ASD (Australian Signals Directorate) Top 4 Strategies to Mitigate Targeted Cyber Intrusions [2], and a number of other strategies, are improving their protection against cyber espionage activities. When implemented, the Strategies can mitigate at least 85 percent of targeted cyber intrusions responded to by the ACSC.
While the overall number of cybersecurity incidents increased in 2014, the number of confirmed significant compromises of federal Australian Government networks has decreased since 2012.
In 2014, CERT Australia responded to 11,073 cybersecurity incidents affecting Australian businesses, 153 of which involved systems of national interest, critical infrastructure and government.
In 2014, the top five non-government sectors assisted by CERT Australia in relation to cybersecurity incidents were: energy (29%), banking and financial services (20%), communications (12%), defence industry (10%), and transport (10%).
During 2014, CERT Australia handled more than 8,100 incidents involving compromised websites.
Australian organisations are urged to report cybersecurity incidents to the ACSC by following the links on the ACSC website. Australian government agencies and businesses reporting cybersecurity incidents to the ACSC can request advice and assistance on how to remediate these incidents.
The threat report calls out a number of trends, which will continue, locally and globally:
- Number of state and cybercriminals with capability will increase.
- Cybercrime-as-a-service is likely to increase, reducing the barriers for entry for cybercriminals.
- Sophistication of the current cyber adversaries will increase, making detection and response more difficult.
- Ransomware and watering-hole techniques will increases and continue to be prominent.
- An increase in the number of cyber adversaries with a destructive capability.
- Increasing amounts of web defacements and social media hijacking.
Cybersecurity efforts should aim to make Australian organisations a harder target and, thereby, increase the trust and confidence of all Australians to engage in the benefits the Internet brings. The report explains that “Effective cyber security requires a partnership between government and the private sector.” One such partnership could be around information sharing, which ultimately shifts more costs to the cyber adversaries.
Many adversaries often write one piece of malware and send it to multiple organisations. However, if we, as a community – in partnership with government and the private sector – can force cyber adversaries to create multiple unique attacks each time, forcing their costs to go up. And if we can share the information, the defender costs go down. The benefits grow exponentially if we automate this process whereby organisations do this in real time, whilst preventing the attacks.
It is unlikely we will ever stop all cyber intrusions, but through a concerted effort to share information, we can significantly raise their costs, thus making it harder for them to threaten Australian and global organisations.
[1] https://www.acsc.gov.au/publications/ACSC_Threat_Report_2015.pdf
[2] http://www.asd.gov.au/infosec/mitigationstrategies.htm