Guarding Against the Storm: Insights from Australia’s Cyber Threat Report 2022-2023

In an era marked by digital evolution, safeguarding against cyber threats has become a significant challenge. The Australian Signals Directorate’s (ASD) Cyber Threat Report for 2022-2023 provides valuable insights into the growing cybersecurity challenges facing Australia.

The ASD report covers the expanding Australian cyber threat landscape, comprising diverse malicious actors who target critical systems, with motives ranging from espionage and societal disruption to financial gain. It also outlines steps that Australian businesses and organizations can take to enhance cyber resilience in general, and database security in particular.

ASD Cyber Threat Report 2022-2023 Highlights

The ASD Cyber Threat Report for the 2022-2023 underscores the increasing extent to which malicious cyber activity is impacting Australian entities. Through ReportCyber, Australian law enforcement received almost 94,000 reports, or one roughly every six minutes, throughout the year. ASD responded to over 1,100 cyber incidents, which included intentional attacks by both state and non-state actors, as well as opportunistic attacks.

Highlights of the ASD report include:

• Malicious cyber activity remains a persistent threat to Australia’s security and prosperity, with diverse actors demonstrating intent and ability to compromise vital systems.
• Australian critical infrastructure is increasingly being targeted, most often through systems that are connected to the internet and/or to corporate networks. During the period covered by the report, ASD responded to 143 incidents related to critical infrastructure.
• Data breaches impacted millions of Australians whose data was stolen, sold to malicious actors on the dark web and in some cases, publicly exposed.
• One in five critical vulnerabilities was exploited within 48 hours, underscoring the need to apply patches and attend to mitigation advice as soon as they are issued.
• Complex IT supply chains challenge traditional cybersecurity approaches. New, holistic approaches are required that include technical controls as well as a proactive security culture.
• Industries such as government, education, healthcare, finance, and telecommunications emerged as prominent targets for cyber threats.

Trends and tactics in the ASD cyber threat landscape

State actors, critical infrastructure, and interconnected systems

The ASD Cyber Threat Report reveals an increasing number of attacks on Australia’s critical infrastructure by state actors, issue-driven individuals and groups, and cybercriminals, with aims including data theft, service disruption and cyber espionage. Threat actors most often gained access to the critical infrastructure via the internet, corporate networks and connected systems, often using stolen credentials. which in recent years have presented new opportunities for attacks. The report details 143 incidents related to critical infrastructure, a 50% increase over the previous year, emphasizing the need for robust measures to safeguard systems that are vital for national security and public services.

For the most severe incidents, based on their effects, the extent of the compromise and the importance of the organization, 20% resulted from exploitation of public-facing applications and 17% from phishing. Common incident types included compromised assets, networks or infrastructure (23%), data breaches (19%) and ransomware (14%).

The Business of Cybercrime

Cybercrime is a huge international business as well as a deadly serious cat-and-mouse game. As security solutions are developed to address effective tactics, criminals evolve and adopt new ones that enable them to cloak their activity and minimize risk to themselves while maximizing payments from victims. A global industry of access brokers, extortionists and digital currencies supports their activities, communicating via its own dark web.

In Australia, extortion-related incidents increased by 8% over the year, to 127. The number of DoS and DDoS crimes more than doubled versus the previous year. Of these, the majority – 118 — involved ransomware or other forms of restrictions on systems, files, or accounts. The evolution of cybercriminal operations, coupled with the deployment of tactics like business email compromise and denial-of-service attacks, poses significant challenges to organizations across various sectors.

Financial Impacts of Ransomware

Primarily spread through phishing, weaponized downloads, and malicious website content, ransomware attacks continue to inflict significant financial losses on businesses worldwide. In Australia, they contributed to a 14% increase in the average cost of a cybercrime over the past year, with costs including remediation, business loss and when relevant, ransom payments and/or legal or regulatory fines.

Data breaches and exploitation

While the financial toll incurred by organizations is significant, the privacy toll to individuals in cases where data is sold or exposed to extort payment can be severe.

Significant data breaches, such as those that impacted many Australians this year, are highlighted in the report. Compromised data often finds its way onto the dark web, exposing individuals to various forms of exploitation. In some recent incidents, sensitive medical data was publicly revealed as a way to generate public pressure to pay ransoms.

Bolstering cyber resilience: ASD’s strategy recommendations

In response to the evolving threats outlined in the Cyber Threat Report, the ASD advocates a proactive and multi-faceted approach to enhance Australia’s cyber resilience. The recommended strategies encompass not only technological considerations but also emphasize the importance of organizational practices and individual responsibilities.

1. Secure-by-design and secure-by-default products

The ASD underscores the critical need for organizations to adopt secure-by-design and secure-by-default products, particularly during the development phase. Collaborating with vendors to ensure that security is prioritized in their product design can help create digital solutions that are more inherently resistant to cyber threats. By instilling security measures from the outset, organizations can create a robust foundation that withstands potential vulnerabilities and reduces the risk of exploitation.

2. Good cyber hygiene

The concept of good cyber hygiene emerges as a cornerstone of ASD’s recommendations. For organizations, this encompasses actions such as:

• Only using reputable cloud service and managed service providers that implement appropriate cybersecurity measures
• Regularly reviewing and testing cybersecurity detection, incident response, business continuity, and disaster recovery plans
• Reviewing the cybersecurity posture of remote workers, including their use of communication, collaboration, and business productivity software, and especially 3^rd party workers and others who access organization systems from unmanaged devices
• Training staff on cybersecurity matters such as how to recognize scams and phishing attempts

3. Patching strategy and rapid response

The report notes that one in five critical vulnerabilities is exploited within 48 hours, even when patches or mitigation advice had been available. The exploitation of these vulnerabilities serves as a stark reminder of the importance of a proactive, always-ready cybersecurity approach.

Even worse, 40% of exploits of vulnerabilities in internet-facing and online devices occurred over one month after patches were released. In many cases exploits occur years later, most likely due to old, infected or vulnerable legacy equipment being powered on and connected to networks.

Clearly, protection that is more proactive and less human-dependent is needed to secure organizations from the most common cyberattacks as well as zero day exploits.

Establishing Cyber Resilience with Ericom Solutions

In light of the sobering trends detailed in the ASD report, organizations must identify and implement approaches that proactively defend their data, applications and networks, even when users click or IT does not – or cannot – immediately patch vulnerabilities that are newly revealed.

Ericom Zero Trust, isolation-based secure access solutions protect organizations from the most pernicious threats and cyberattacks. Unlike detection-based solutions, which search for and stop only known threats, Ericom solutions operate in the cloud to stop even zero-day exploits.

• Web Isolation: Ericom’s remote browser isolation (RBI) solution neutralizes the primary delivery channel for cyberattacks by air-gapping active web content away from endpoints and networks, while enabling seamless, Zero Trust web use.

When a user types in a URL or clicks a link, the site is opened in a virtual browser that is isolated in the Ericom Global Cloud. Clean rendering data is sent to the user’s regular browser, where they interact with it just as they do with the native web site. Potential credential theft sites are opened in read-only mode. Attachments downloaded from emails or the web are sanitized within the cloud using content disarm and reconstruct (CDR) technology before being downloaded with desired functionality intact.

• Web Access Isolation (WAI): WAI protects vulnerable applications from threats that may be introduced via unmanaged devices. The simple, clientless solution enables IT teams to quickly and easily enable safe, least-privilege access from devices used by contractors, customers or employees working from home, while protecting application surfaces from threats. Granular data controls prevent exfiltration or sensitive data and DLP keeps PII from being exposed.
• Zero Trust Network Access (ZTNA): Addressing the remote work landscape emphasized in the report, Ericom’s ZTNA solutions contribute to a secure-by-design approach. By implementing Zero Trust principles, Ericom ensures that users, whether in the office or working remotely, access applications and resources securely.
• Comprehensive Data Loss and Threat Prevention: Ericom Secure Web Gateway (SWG) includes effective web filtering as well as policy based clipboarding controls and Data Loss Prevention (DLP) to prevent exposure of sensitive content and PII.

Don’t leave your organization exposed to evolving threats. Take action now to discover how you can safeguard your organization against cyberattacks.

---

Share this on:

---

About Zoran Pupovac

Zoran Pupovac is a seasoned IT Security Professional, boasting an extensive history of fortifying organizations against the constantly evolving landscape of cyber threats. With over two decades of experience, he offers a wealth of expertise in designing robust security strategies encompassing SASE, Cloud, DLP and Endpoint security. Zoran is adept at implementing cutting-edge technologies and conducting thorough risk assessments.