Australian organisations face ‘undeniable, unrelenting’ cyber threats that continue to grow according to the Australian Cyber Security Centre’s first ever unclassified cyber security threat report.
“If an organisation is connected to the internet, it is vulnerable,” the report states. “The incidents in the public eye are just the tip of the iceberg.”
The report urges Australia to be vigilant and proactive in its approach to cyber security, investing resources to meet the challenges of a complex cyber environment, and says compromise is expensive.
“It can include financial losses, damage to reputation, loss of intellectual property and disruption to business,” the Australian Cyber Security Centre (ACSC) 2015 Threat Report says.
“Australia cannot afford this.”
Clive Lines, Australian Cyber Security Centre co-ordinator, says the report provides an overarching view of cyber adversaries, what they want and how they go about getting it.
The report was compiled from information contributed by all ACSC partner agencies - including the Australian Crime Commission, Federal Police, the Australian Security Intelligence Organisation and the Defence Intelligence Organisation - and is tailored to provide information for Australian organisations about the threats they face from cyber espionage, cyber attacks and cyber crime.
It also includes mitigation and remediation information to help organisations prevent, and respond to, threats.
The report says the number, type and sophistication of cyber threats to Australia are increasing.
“Due to the varied nature of motivations for cyber adversaries targeting Australian organisations, organisations could be a target for malicious activities even if they do not think the information held on their networks is valuable, or that their business would be of interest to cyber adversaries,” ACSC says.
It says attempts to compromise government, business and other networks of national importance ‘are regularly identified by, or reported to, the ACSC’.
ASD reported a 20% year on year increase in cyber security incident responses in 2014, with ASD predominantly focused on incidents involving Government networks and other networks of national importance.
When it come to the type of attacks Australian organisations are facing, the report says malware, including ransomware, is the predominant cybercrime threat in Australia.
Between 17 October 2014 and 14 January 2015 the Australian Internet Security Initiative program reported more than 15,000 malware compromises daily to Australian internet service providers for them to action.
Zeus, ZeroAccess and Conficker were the three most frequently detected malware variants on Australian IP ranges.
The report notes that spear phishing remained ‘a prevalent method used to target Australian organisations in cyber intrusions during 2014’, with increasing sophistication of the emails making them more difficult to detect.
The use of watering hole techniques continues to grow, with CERT Australia handling more than 8100 incidents involving compromised websites in 2014.
And while DDoS reports remained steady, ACSC says a growing trend is DDoS extortion, where adversaries threaten to launch DDoS activity against an organisation unless a fee is paid.
“These threats can be accompanied by a small-scale DDoS to demonstrate intent.”
The report includes a range of mitigation advice for each of the attack types, and says the Australian Signals Directorate’s top four strategies can prevent at least 85% of targeted cyber intrusions the ASD responds to.
Those strategies are using application whitelisting to help prevent malickious software and unapproved programs from running; patching applications such as Java, PDF views, Flash, web browsers and Microsoft Office; patching operating system vulnerabilities; and restricting administrative privileges to operating systems and applications based on user duties.
“Organisations must move now to implement cyber security measures to make Australia a harder target, increase the confidence of Australians when they are online and maximise the benefits of the internet for Australian organisations,” ACSC says.
“Ultimately, this will see organisations and their users taking greater responsibility for the security of their networks and information,” the report notes.