Security Market Segment LS
Wednesday, 15 September 2021 11:11

ACSC reports fall in cyber-security incidents in 2020-21 Featured

ACSC reports fall in cyber-security incidents in 2020-21 Image by Gerd Altmann from Pixabay

Cyber-security incidents reported by victims fell during the 2020-21 financial year, the Australian Cyber Security Centre says in its annual threat report, adding that there was also a drop in the most severe types of incidents.

A total of 1630 incidents were reported, with the categorisation ranging from 1 (most severe) to 6 (least severe). In 2020-21, there were no incidents that were in either category 1 or 2. But a higher proportion were classified as category 4 that in the previous financial year.

The highest number of reports of cyber crime during the financial year 2020-21 came from Queensland (30%), with Victoria just behind (29%).

The highest average financial losses were reported by victims in South Australia and Western Australia. Total losses totalled about $33 billion.

The number of cyber crimes reported was up by about 13% year-on-year, with 67,500 reports received, and the ACSC said in its report that it had categorised a higher proportion of the reports as "substantial" in impact this year.

cyber crime month by month

A graph showing the incidents during the two years, 2019-20 and 2020-21, indicated that there was a spike in April last year which was attributed to a bulk extortion campaign.

More than 1500 incidents related to the pandemic were reported every month, with three-quarters of them relating to the loss of money or personal information.

There were about 500 ransomware incidents reported, an increase of about 15% from the previous financial year. The report can be downloaded here.

Satnam Narang, staff research engineer at security shop Tenable, said the findings underscored much of what security professionals had been seeing and warning about.

"Cyber criminals are operating with a fierce determination now more than ever before," he said. "The COVID-19 pandemic and the shift to remote work has provided new opportunities to both scammers and financially-driven thieves alike.

cyber crime map

"The 15% increase in ransomware attacks can be largely attributed to the rise in ransomware-as-a-service groups, which enables cyber criminals to make a significant profit, and the adoption of double extortion tactics.

"Not only do organisations have to worry about computers in their network being encrypted, but they also have to worry about ransomware groups stealing their sensitive data and threatening to publish them on the dark web if their ransom demands are not met. Ransomware has always been considered a prominent part of the game so to speak, but now ransomware has become the game."

Narang said some of the tried and true methods used by cyber criminals to target organisations were well-known: spearphishing via email, exploitation of unpatched or zero-day vulnerabilities and brute force attacks, including those targeting Remote Desktop Protocol.

"Despite this knowledge being widely discussed, we continue to witness cyber criminals successfully utilising these tactics. Readily available proof-of-concept exploit code typically provided for defenders is being routinely incorporated into toolkits by cyber criminals and used against vulnerable systems," he said.

"There are important lessons and reminders to be gleaned from the ACSC report and one of which highlights the importance of cyber hygiene. This includes identifying all vulnerable assets within a network and ensuring they are properly patched in a timely manner."

He suggested a number of steps that firms could take to avoid cyber disasters:

  • Ensure multi-factor authentication is in use across the organisation.
  • Have proper endpoint security and gateway security solutions in place.
  • Provide cyber-security awareness training to your employees on a regular basis.
  • Ensure that offline back-ups are available and tested.
  • Regularly audit the permissions on user accounts to ensure ghost accounts aren't still available on your systems and that permissions are not too lax.
  • And finally, have an incident response plan in place and perform tabletop exercises to ensure your organisation is adequately prepared to respond to an incident when it happens.

Matthew Lowe, area vice-president ANZ at IT service management vendor Ivanti, said “The ACSC took down over 100 malicious, COVID-themed, credential harvesting websites that were distributed not only through phishing emails, but also in the form of SMS and social engineering via messaging applications.

"These types of attacks target users on often forgotten about, less secure, and less actively managed devices that contain similar levels of access, data and therefore risk to an organisation — devices that are extremely common in today’s ‘Everywhere Workplace’.

“Adopting a zero trust model that takes into account the whole context of the user’s environment, and allows an organisation to identify the device, network, application and data before an access decision is made, is therefore key."

Lowe said the the ACSC’s Essential Eight recommendations were still the best baseline for any organisation to mitigate threats outlined in the report.

“While any organisation would benefit greatly from aligning with these recommendations, medium and large-sized organisations, schools and universities, state government agencies and supply chains — that is, those groups that have been primary targets for incidents in the ACSC’s reports — should absolutely prioritise this," he emphasised.

“On a positive note, a recent Ivanti survey of Australian CISOs revealed that 100% of respondents intend to align their cyber-security efforts with the Essential Eight within the next 12 months.”

Raymond Maisano, head of ANZ at Web performance and security company Cloudflare, said: "The shift to remote work has made the corporate perimeter more difficult to control. IT departments are now managing complex, conflicting configurations across VPNs, firewalls, proxies and identity providers, while often not restricting lateral movement of devices.

"Well-meaning employees are connecting to corporate networks via shared Wi-Fi services that may or may not be secure, and potentially using their devices for everything—work, recreation, social media, online shopping and more.

"With Australian businesses more exposed, they are experiencing an increase in cyber threats and cyber crime, including phishing, infected malware and man-in-the-middle attacks.

"The solution is zero trust—enforcing consistent access controls across cloud, on-premise and SaaS applications and only connecting multi-factor authenticated employees to their required services, leaving room for zero lateral movements.

"By shifting to zero trust access for all applications, businesses can protect themselves from cyber threats like malware, ransomware, shadow IT, and other Internet risks over all ports and protocols, ultimately mitigating their risk of becoming a statistic in the next ACSC report.

Raj Samani, McAfee Fellow and chief scientist at McAfee, said: "Over the past 18 months, cyber criminals have become smarter and quicker to pivot their tactics alongside a whole host of new bad-actor schemes. If we look at the variants targeting Australia, based on the proliferation of victims based on the leak sites from ransomware operators we see Hive and Lockbit having compromised organisations in retail, IT, and the chemical sectors.

"What we're seeing is many of the usual ransomware techniques used by cyber criminals are linked to Web access – such as targeting Windows Remote Desktop Protocol, user execution, and exfiltration to cloud storage.

"On a cultural level, adopting a zero trust mindset can help businesses to maintain control over access to the network and all instances within it. Ultimately, Zero Trust demands constant verification as users access data, apps are installed, and information is shared."

H. Daniel Elbaum, chairman and co-chief executive of Australian cyber security company VeroGuard, said: "This assessment reflects a global vulnerability in critical infrastructure security. It is a result of organisations migrating to cloud-based operations that allows access to data and operations via open networks.

"It makes sense that business and government want to automate and leverage Internet-based open networks to support mobility, connectivity, and the flow of data. However, the current focus on software-based detection tools, two-factor authentication and biometrics as methods to secure access are clearly not closing the gaps in security when working over the Internet with the cloud.

"Greater than 90% of attacks and breaches are on users' identity and credentials as accessing a system remotely by assuming an authorised user's identity allows the cyber-criminal to remain undetected for an average of 207 days. This is the logical and only place to focus that action."

Read 2494 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


Hybrid cloud promises to bring together the best of both worlds enabling businesses to combine the scalability and cost-effectiveness of the cloud with the performance and control that you can get from your on-premise infrastructure.

Reducing WAN latency is one of the biggest issues with hybrid cloud performance. Taking advantage of compression and data deduplication can reduce your network latency.

Research firm, Markets and Markets, predicted that the hybrid cloud market size is expected to grow from US$38.27 billion in 2017 to US$97.64 billion by 2023.

Colocation facilities provide many of the benefits of having your servers in the cloud while still maintaining physical control of your systems.

Cloud adjacency provided by colocation facilities can enable you to leverage their low latency high bandwidth connections to the cloud as well as providing a solid connection back to your on-premises corporate network.

Download this white paper to find out what you need to know about enabling the hybrid cloud in your organisation.



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News