The ACSC’s first public Threat Report, released in July 2015, refers to an increasing number of threats, including growing use of ransomware and DDoS for extortion, from an increasing range of actors. It advises that implementation of its Top 4 mitigations should address most threats.
· Threats are increasing.
· Users are increasingly targeted, with Spear phishing continuing to be popular with adversaries, and the use of watering-hole techniques increasing.
· Ransomware will also be increasingly used.
· Consideration should be given to implementing the ASD Top 4 Mitigations.
The Australian Cyber Security Centre (ACSC) released its first ever unclassified cyber security threat report in July 2015. New ACSC Co-ordinator, Clive Lines said that the Australian Cyber Security Centre Threat Report 2015 clearly demonstrates that the cyber threat to Australian organisations is unrelenting and continuing to grow. Malicious cyber incidents reported by Australian governments and business have more than tripled in the last three years and will cost more than $1 billion in damage in the future, but the country is yet to suffer a major attack, according to the report.
· Outlines current threats;
· Refers to issues raised by cloud computing; and
· Predicts future trends.
The report also contains mitigation and remediation information to assist organisations to prevent and respond to the threat, referring mainly to the ASD’s published mitigations.
There was a 20 percent rise in the number of IT security threats reported to the ASD last year, which reached 1131 from 940 the year prior, and up from 313 in 2011. CERT Australia responded separately to 11,073 cyber incidents last year, the report said, 153 of which involved government, critical infrastructure or national interest systems. The Energy sector reported the most incidents, following by banking and financial institutions.
The report refers to the following threats:
· Cyber espionage: The ACSC is aware of foreign state-sponsored adversaries using malicious software typically used by cyber-criminals, masquerading the identity of the true adversary.
· Spear phishing attacks: These continue to be a prevalent method used to target Australian organisations. Other user focused attacks that occurred involved Remote Access Tools and use of Watering-hole techniques (luring targets to a compromised legitimate website).
· Malware: Reports indicate the Zeus, ZeroAccess and Cornficker were the three malware variants most frequently detected on Australian IP ranges.
· Ransomware: Ransomware attacks against Australian and overseas computers are increasing.
· DDoS: Distributed Denial of Service attacks remained an issue though the level in 2014 remained steady compared to 2013. A growing trend in DDoS attacks is extortion, with the ACSC advising organisations not to respond to such threats.
In terms of mitigation, the ACSC recommends that organisations implement the top four strategies from ASD’s Strategies to Mitigate Targeted Cyber Intrusions. These are:
· use application whitelisting to help prevent malicious software from executing
· patch application vulnerabilities
· patch operating system vulnerabilities
· restrict administrative privileges to systems and applications based on user duties.
The combination of all four strategies, correctly implemented in a mature state, will help protect an organisation from low to moderately sophisticated intrusion attempts.
The report also refers to cloud computing, noting that it can introduce additional threats to an organisation’s information. The reports states that it is ‘essential’ that organisations conduct comprehensive risk assessments to identify and manage jurisdictional, governance, privacy, technical and security risks. In addition to issues raised by the location of your data, the report also refers to:
· Increased number of people accessing data because it is stored in multiple disparate locations, which increase the opportunities for information and networks to be compromised;
· Problems with the use of virtualisation. Proof-of-concept exploits have been developed to circumvent virtualisation software that underpins cloud computing technologies; and
· Lack of visibility of some security measures that are now responsibility of the CSP.
The report recommends that organisations consider the security of virtualised environments, including implementation of the Top 4 Strategies to Mitigate Targeted Cyber Intrusions.
Threat Trends for 2106
The Australian Cyber Security Centre predicts the following global trends:
· The number of state and cyber criminals with capability will increase.
· Due to the limited number of quality software developers, cybercrime-as-a-service is likely to increase, reducing the barriers for entry for cybercriminals.
· Detection and response will become more difficult and the number of cyber adversaries with a destructive capability will increase.
· Spear phishing will continue to be popular with adversaries, and the use of watering-hole techniques will increase.
· Ransomware will continue to be prominent.
· There will be an increase in the number of cyber adversaries with a destructive capability and, possibly, the number of incidents with a destructive element.
· There will be an increase in electronic graffiti, such as web defacements and social media hijacking, which is designed to grab a headline.
The report is available here://acsc.gov.au/publications/ACSC_Threat_Report_2015.pdf