AU ACSC Annual Cyber Threat Report: July 2019 to June 2020

こんにちは、丸山満彦です。

２週間ほど前なのですが、オーストラリア政府がサイバーセキュリティの年次報告書を公表していましたね。。。

この報告書は、2019年7月から2020年6月に、オーストラリア経済のさまざまなセクターに影響を与える既知および新興のサイバーセキュリティおよびサイバー犯罪の脅威について、ACSCが特定した重要な情報、悪意のあるサイバー活動の可能性を減らしその影響を防ぐためのアドバイスが含まれているとのことです。。。

● Australian Cyber Security Centre (ACSC)

・2020.09.04 (news) New ACSC report details cyber threats across Australia

・ACSC Annual Cyber Threat Report, July 2019 to June 2020

・・[PDF]ACSC Annual Cyber Threat Report 2019-20 (September 2020).pdf

---

Contents

Executive Summary

• Key cyber threats
• Cybercrime threat in Australia

Cyber security incidents

• Sectors Affected
• Types of Incidents
• National Cyber Security Incident

ReportCyber

• Cybercrime Categories
• Cybercrime Statistics
• Threats
• Ransomware

Phishing and Spearphishing campaigns

• Business email compromise
• Exploitation of vulnerabilities

Cyber security advice for individuals

Stay connected and up to date on cyber security

Cyber security advice for businesses

How to report a cyber security incident, cybercrime, scam or a data breach

---

 

 

---

Executive Summary

The Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC) is the leading operational arm for the Australian Government responsible for strengthening the nation’s cyber resilience, and for identifying, mitigating and responding to cyber threats against Australian interests.

The ACSC also manages ReportCyber on behalf of federal, state and territory law enforcement agencies, providing a single online portal for individuals and businesses to report cybercrime.

The Australian Federal Police (AFP) investigates cybercrimes against the Commonwealth Government, critical infrastructure and systems of national significance or those with impact on the whole of the Australian economy. The AFP works collaboratively with domestic and international partners to enhance cyber capabilities and make Australia a costly, hostile environment for cybercrime.

The Australian Criminal Intelligence Commission (ACIC) is Australia's national criminal intelligence agency. Its role is to discover and prioritise cybercrime threats to Australia, understand the criminal networks behind them and support the Australian Government’s response by working closely with law enforcement, intelligence and industry security partners in Australia and internationally. The ACIC develops comprehensive intelligence to understand the cybercrime environment, its evolution, and serious and organised cybercriminal activities and share this with our partners.

On average, the ACSC assists six entities to respond to cyber security incidents each day. At any one time, the ACSC is managing dozens of incidents simultaneously. Some incidents can take weeks or months to resolve depending on their complexity.

To manage the very broad range of cyber incidents reported, the ACSC uses a Cyber Incident Categorisation Matrix to triage and prioritise responses and mitigations required for each cyber incident. The Matrix helps the ACSC categorise the severity of the incident and allocate resources accordingly through assessing an incidents significance and impact.

The ACSC is a participant of the National Cyber Security Committee (NCSC), which provides strategic oversight and coordination of response efforts among Commonwealth, state and territory governments in the event of a national cyber incident. The NCSC’s role in responding to a national cyber incident includes facilitating the exchange of threat intelligence and solutions to enhance each jurisdiction’s situational awareness and response activities and to oversee the development of nationally consistent public information. The NCSC is also responsible for setting the Cyber Incident Management Arrangements (CIMA) level, which provides Australian governments with guidance on how they will collaborate in response to, and reduce the harm associated with, national cyber incidents.

The ACSC and our law enforcement partners ACIC and AFP, have developed this inaugural report to provide important information about emerging cyber security and cybercrime threats impacting different sectors of the Australian economy. It includes best-practice mitigation advice for implementation by individuals and organisations, so they can reduce the likelihood and impact of malicious cyber activity.

This report outlines key cyber threats and statistics over the period 1 July 2019 to 30 June 2020. Over this period, the ACSC responded to 2,266 cyber security incidents and received 59,806 cybercrime reports at an average of 164 cybercrime reports per day, or one report every 10 minutes.

 

Key cyber threats

Malicious cyber activity against Australia’s national and economic interests is increasing in frequency, scale, and sophistication. Phishing and spearphishing remain the most common methods used by cyber adversaries to harvest personal information or user credentials to gain access to networks, or to distribute malicious content. Over the past 12 months the ACSC has observed real-world impacts of ransomware incidents, which have typically originated from a user executing a file received as part of a spearphishing campaign.

Ransomware has become one of the most significant threats given the potential impact on the operations of businesses and governments. Cybercriminals often illicitly obtain user logins and credentials through spearphishing, before utilising remote desktop protocol (RDP) services to deploy ransomware on their targets. Recovering from ransomware is almost impossible without comprehensive backups.

While our cyber adversaries are becoming more adept, the likelihood and severity of cyber-attacks is also increasing due to our growing dependence on new information technology platforms and interconnected devices and systems. The 5G mobile network will underpin Australia’s transition to a more digital economy, and Internet of Things (IoT) devices will enable greater information flows and efficiencies than ever before.

The 5G network and IoT devices have the potential to be revolutionary, but they require new thinking about how best to adopt them securely. Insecure or misconfigured systems make it very easy for hackers looking to compromise networks, cause harm and steal information. Specifically, the increased use of consumer IoT devices such as internet-enabled home assistants, TVs, fridges, baby monitors and home security systems will create more vulnerabilities in networks.

Australians need to be mindful that cyber adversaries are constantly looking for vulnerabilities and weaknesses in systems and networks. The ACSC continues to identify many products and services being adopted and implemented by organisations that lack ‘secure by design’ principles. Applying the fundamentals of good cyber security as individuals, business owners and government agencies is vitally important and in many ways Australians are not necessarily learning from past experience.

The ACSC responds to hundreds of cyber security incidents each year. Many of these could have been avoided or substantially mitigated by good cyber security practices. Implementing ASD’s Essential Eight security controls will substantially reduce the risk of compromise, and help to prevent the most common tactics, techniques and procedures (TTPs) used by malicious cyber adversaries.

Equally, many of the methods used by cybercriminals to steal personal and financial information can be easily mitigated through measures such as not responding to unsolicited emails and text messages, implementing multi-factor authentication and never providing another party with remote access to your computer. It is critically important that individuals and businesses understand the cyber threat and are taking active steps to mitigate the risks.

 

Cybercrime threat in Australia

Cybercrime is one of the most pervasive threats facing Australia, and the most significant threat in terms of overall volume and impact to individuals and businesses. The Australian Competition and Consumer Commission’s (ACCC) Targeting Scams 2019 report, identified Australians lost over $634 million to scams in 2019. While the true cost of cybercrime to the Australian economy is difficult to  quantify, industry estimates have previously placed cyber security incidents as high as $29 billion annually1 .

Cybercriminals follow the money. Australia’s relative wealth, high levels of online connectivity and increasing delivery of services through online channels make it very attractive and profitable for cybercrime adversaries. Of particular concern are transnational cybercrime syndicates and their affiliates, who develop, share, sell and use sophisticated tools and techniques. There are lucrative underground marketplaces offering cybercrime-as-a-service (CaaS), or access to high-end hacking tools that were once only available to nation states. These marketplaces also offer less technical but equally valuable cybercrime enablers including personal information and other sensitive data such as compromised user credentials.

As a consequence, illicit tools, services and data can be purchased and used with minimal technical expertise to generate alternative income streams, launder the proceeds of cybercrimes and traditional crimes, or undertake network intrusions for non-financial purposes.