Posted on January 16, 2024
Want to interview Zoran?
ContactIn an era marked by digital evolution, safeguarding against cyber threats has become a significant challenge. The Australian Signals Directorate’s (ASD) Cyber Threat Report for 2022-2023 provides valuable insights into the growing cybersecurity challenges facing Australia.
The ASD report covers the expanding Australian cyber threat landscape, comprising diverse malicious actors who target critical systems, with motives ranging from espionage and societal disruption to financial gain. It also outlines steps that Australian businesses and organizations can take to enhance cyber resilience in general, and database security in particular.
The ASD Cyber Threat Report for the 2022-2023 underscores the increasing extent to which malicious cyber activity is impacting Australian entities. Through ReportCyber, Australian law enforcement received almost 94,000 reports, or one roughly every six minutes, throughout the year. ASD responded to over 1,100 cyber incidents, which included intentional attacks by both state and non-state actors, as well as opportunistic attacks.
Highlights of the ASD report include:
The ASD Cyber Threat Report reveals an increasing number of attacks on Australia’s critical infrastructure by state actors, issue-driven individuals and groups, and cybercriminals, with aims including data theft, service disruption and cyber espionage. Threat actors most often gained access to the critical infrastructure via the internet, corporate networks and connected systems, often using stolen credentials. which in recent years have presented new opportunities for attacks. The report details 143 incidents related to critical infrastructure, a 50% increase over the previous year, emphasizing the need for robust measures to safeguard systems that are vital for national security and public services.
For the most severe incidents, based on their effects, the extent of the compromise and the importance of the organization, 20% resulted from exploitation of public-facing applications and 17% from phishing. Common incident types included compromised assets, networks or infrastructure (23%), data breaches (19%) and ransomware (14%).
Cybercrime is a huge international business as well as a deadly serious cat-and-mouse game. As security solutions are developed to address effective tactics, criminals evolve and adopt new ones that enable them to cloak their activity and minimize risk to themselves while maximizing payments from victims. A global industry of access brokers, extortionists and digital currencies supports their activities, communicating via its own dark web.
In Australia, extortion-related incidents increased by 8% over the year, to 127. The number of DoS and DDoS crimes more than doubled versus the previous year. Of these, the majority – 118 — involved ransomware or other forms of restrictions on systems, files, or accounts. The evolution of cybercriminal operations, coupled with the deployment of tactics like business email compromise and denial-of-service attacks, poses significant challenges to organizations across various sectors.
Primarily spread through phishing, weaponized downloads, and malicious website content, ransomware attacks continue to inflict significant financial losses on businesses worldwide. In Australia, they contributed to a 14% increase in the average cost of a cybercrime over the past year, with costs including remediation, business loss and when relevant, ransom payments and/or legal or regulatory fines.
While the financial toll incurred by organizations is significant, the privacy toll to individuals in cases where data is sold or exposed to extort payment can be severe.
Significant data breaches, such as those that impacted many Australians this year, are highlighted in the report. Compromised data often finds its way onto the dark web, exposing individuals to various forms of exploitation. In some recent incidents, sensitive medical data was publicly revealed as a way to generate public pressure to pay ransoms.
In response to the evolving threats outlined in the Cyber Threat Report, the ASD advocates a proactive and multi-faceted approach to enhance Australia’s cyber resilience. The recommended strategies encompass not only technological considerations but also emphasize the importance of organizational practices and individual responsibilities.
The ASD underscores the critical need for organizations to adopt secure-by-design and secure-by-default products, particularly during the development phase. Collaborating with vendors to ensure that security is prioritized in their product design can help create digital solutions that are more inherently resistant to cyber threats. By instilling security measures from the outset, organizations can create a robust foundation that withstands potential vulnerabilities and reduces the risk of exploitation.
The concept of good cyber hygiene emerges as a cornerstone of ASD’s recommendations. For organizations, this encompasses actions such as:
The report notes that one in five critical vulnerabilities is exploited within 48 hours, even when patches or mitigation advice had been available. The exploitation of these vulnerabilities serves as a stark reminder of the importance of a proactive, always-ready cybersecurity approach.
Even worse, 40% of exploits of vulnerabilities in internet-facing and online devices occurred over one month after patches were released. In many cases exploits occur years later, most likely due to old, infected or vulnerable legacy equipment being powered on and connected to networks.
Clearly, protection that is more proactive and less human-dependent is needed to secure organizations from the most common cyberattacks as well as zero day exploits.
In light of the sobering trends detailed in the ASD report, organizations must identify and implement approaches that proactively defend their data, applications and networks, even when users click or IT does not – or cannot – immediately patch vulnerabilities that are newly revealed.
Ericom Zero Trust, isolation-based secure access solutions protect organizations from the most pernicious threats and cyberattacks. Unlike detection-based solutions, which search for and stop only known threats, Ericom solutions operate in the cloud to stop even zero-day exploits.
When a user types in a URL or clicks a link, the site is opened in a virtual browser that is isolated in the Ericom Global Cloud. Clean rendering data is sent to the user’s regular browser, where they interact with it just as they do with the native web site. Potential credential theft sites are opened in read-only mode. Attachments downloaded from emails or the web are sanitized within the cloud using content disarm and reconstruct (CDR) technology before being downloaded with desired functionality intact.
Don’t leave your organization exposed to evolving threats. Take action now to discover how you can safeguard your organization against cyberattacks.
Air Gapping Your Way to Cyber Safety
Physically air gapping enterprise networks from the web is a great way to protect operations, keep data safe … and squelch productivity. Virtual air gapping is a better approach.
Motion Picture Association Updates Cybersecurity Best Practices
The MPA recently revised its content security best practices to address, among other challenges, the issue of data protection in the cloud computing age.
FTC Issues Cybersecurity Warning for QR Codes
QR codes on ads are a simple way to grab potential customers before they move on. No wonder cybercriminals are using QR codes, too.