The last year has again demonstrated the growing public appetite to understand and defend against the evolving cyber threats facing Australia. High profile incidents of cybercrime have exemplified the speed with which cyber threats can propagate globally, how rapidly adversaries can adapt to security responses, and how easily a compromise can impact an organisation’s core functions or services.
There are thousands of adversaries around the world willing to steal information, illegally make profits, and undermine their targets. Malicious software in the form of ransomware – such as the WanaCry incident – is deliberately crafted to exploit known vulnerabilities and take advantage of gaps in cyber defences. Australia was not significantly impacted by WanaCry, but as tradecraft and threats adapt and evolve, adversaries will act faster to exploit new vulnerabilities and develop more innovative approaches.
The ACSC has observed two distinct trends when it comes to the level of sophistication employed by adversaries and cybercriminals. At one end of the spectrum, increasingly sophisticated exploits are being developed and deployed against well-protected networks, particularly government networks. This reflects investment in new tools and techniques to keep pace with our efforts to protect networks. On the other end, the ACSC continues to observe many adversaries, particularly criminals, compromising networks using publicly known vulnerabilities that have known mitigations. Too many of the incidents the ACSC responds to could have been prevented had organisations employed established and relatively straightforward cyber security measures. WanaCry, for example, used a publicly known vulnerability that had been patched months before and that the ACSC had publicly reported.
Also worthy of highlighting has been the global campaign by advanced adversaries to compromise some private sector providers of ICT services, including ICT security. Some managed services providers and ICT providers around the world, including in Australia, have been compromised by these adversaries. And of concern, we know that through this compromise, adversaries have accessed the networks of some of these companies’ clients. The ACSC has been working with affected services providers, but when even ICT security providers are being compromised and exploited, it is a clear wake-up call for everyone to be conscious of contemporary cyber security risks and best practice mitigations.
For the first time, this year’s report also includes insights into how the ACSC works and highlights some of the ways in which we have both proactively and reactively responded to cyber threats. Due to the sensitivity of some of the information used by the ACSC, and because of our focus on protecting relationships with victims, much of what we do is not visible and very little of the efforts of the staff of the ACSC agencies, or the significant success stories, can be promoted publicly. Similarly, much of the preventative efforts and tailored advice is not recognised. By highlighting our efforts, we hope to build public awareness of the role the ACSC plays within the cyber security environment, and draw attention to the tools and information available to government agencies, businesses and the public alike.