Wednesday, 15 September 2021 11:11

ACSC reports fall in cyber-security incidents in 2020-21 Featured

By
ACSC reports fall in cyber-security incidents in 2020-21 Image by Gerd Altmann from Pixabay

Cyber-security incidents reported by victims fell during the 2020-21 financial year, the Australian Cyber Security Centre says in its annual threat report, adding that there was also a drop in the most severe types of incidents.

A total of 1630 incidents were reported, with the categorisation ranging from 1 (most severe) to 6 (least severe). In 2020-21, there were no incidents that were in either category 1 or 2. But a higher proportion were classified as category 4 that in the previous financial year.

The highest number of reports of cyber crime during the financial year 2020-21 came from Queensland (30%), with Victoria just behind (29%).

The highest average financial losses were reported by victims in South Australia and Western Australia. Total losses totalled about $33 billion.

Web Analytics
The number of cyber crimes reported was up by about 13% year-on-year, with 67,500 reports received, and the ACSC said in its report that it had categorised a higher proportion of the reports as "substantial" in impact this year.

cyber crime month by month

A graph showing the incidents during the two years, 2019-20 and 2020-21, indicated that there was a spike in April last year which was attributed to a bulk extortion campaign.

More than 1500 incidents related to the pandemic were reported every month, with three-quarters of them relating to the loss of money or personal information.

There were about 500 ransomware incidents reported, an increase of about 15% from the previous financial year. The report can be downloaded here.

Satnam Narang, staff research engineer at security shop Tenable, said the findings underscored much of what security professionals had been seeing and warning about.

"Cyber criminals are operating with a fierce determination now more than ever before," he said. "The COVID-19 pandemic and the shift to remote work has provided new opportunities to both scammers and financially-driven thieves alike.

cyber crime map

"The 15% increase in ransomware attacks can be largely attributed to the rise in ransomware-as-a-service groups, which enables cyber criminals to make a significant profit, and the adoption of double extortion tactics.

"Not only do organisations have to worry about computers in their network being encrypted, but they also have to worry about ransomware groups stealing their sensitive data and threatening to publish them on the dark web if their ransom demands are not met. Ransomware has always been considered a prominent part of the game so to speak, but now ransomware has become the game."

Narang said some of the tried and true methods used by cyber criminals to target organisations were well-known: spearphishing via email, exploitation of unpatched or zero-day vulnerabilities and brute force attacks, including those targeting Remote Desktop Protocol.

"Despite this knowledge being widely discussed, we continue to witness cyber criminals successfully utilising these tactics. Readily available proof-of-concept exploit code typically provided for defenders is being routinely incorporated into toolkits by cyber criminals and used against vulnerable systems," he said.

"There are important lessons and reminders to be gleaned from the ACSC report and one of which highlights the importance of cyber hygiene. This includes identifying all vulnerable assets within a network and ensuring they are properly patched in a timely manner."

He suggested a number of steps that firms could take to avoid cyber disasters:

  • Ensure multi-factor authentication is in use across the organisation.
  • Have proper endpoint security and gateway security solutions in place.
  • Provide cyber-security awareness training to your employees on a regular basis.
  • Ensure that offline back-ups are available and tested.
  • Regularly audit the permissions on user accounts to ensure ghost accounts aren't still available on your systems and that permissions are not too lax.
  • And finally, have an incident response plan in place and perform tabletop exercises to ensure your organisation is adequately prepared to respond to an incident when it happens.

Matthew Lowe, area vice-president ANZ at IT service management vendor Ivanti, said “The ACSC took down over 100 malicious, COVID-themed, credential harvesting websites that were distributed not only through phishing emails, but also in the form of SMS and social engineering via messaging applications.

"These types of attacks target users on often forgotten about, less secure, and less actively managed devices that contain similar levels of access, data and therefore risk to an organisation — devices that are extremely common in today’s ‘Everywhere Workplace’.

“Adopting a zero trust model that takes into account the whole context of the user’s environment, and allows an organisation to identify the device, network, application and data before an access decision is made, is therefore key."

Lowe said the the ACSC’s Essential Eight recommendations were still the best baseline for any organisation to mitigate threats outlined in the report.

“While any organisation would benefit greatly from aligning with these recommendations, medium and large-sized organisations, schools and universities, state government agencies and supply chains — that is, those groups that have been primary targets for incidents in the ACSC’s reports — should absolutely prioritise this," he emphasised.

“On a positive note, a recent Ivanti survey of Australian CISOs revealed that 100% of respondents intend to align their cyber-security efforts with the Essential Eight within the next 12 months.”

Raymond Maisano, head of ANZ at Web performance and security company Cloudflare, said: "The shift to remote work has made the corporate perimeter more difficult to control. IT departments are now managing complex, conflicting configurations across VPNs, firewalls, proxies and identity providers, while often not restricting lateral movement of devices.

"Well-meaning employees are connecting to corporate networks via shared Wi-Fi services that may or may not be secure, and potentially using their devices for everything—work, recreation, social media, online shopping and more.

"With Australian businesses more exposed, they are experiencing an increase in cyber threats and cyber crime, including phishing, infected malware and man-in-the-middle attacks.

"The solution is zero trust—enforcing consistent access controls across cloud, on-premise and SaaS applications and only connecting multi-factor authenticated employees to their required services, leaving room for zero lateral movements.

"By shifting to zero trust access for all applications, businesses can protect themselves from cyber threats like malware, ransomware, shadow IT, and other Internet risks over all ports and protocols, ultimately mitigating their risk of becoming a statistic in the next ACSC report.

Raj Samani, McAfee Fellow and chief scientist at McAfee, said: "Over the past 18 months, cyber criminals have become smarter and quicker to pivot their tactics alongside a whole host of new bad-actor schemes. If we look at the variants targeting Australia, based on the proliferation of victims based on the leak sites from ransomware operators we see Hive and Lockbit having compromised organisations in retail, IT, and the chemical sectors.

"What we're seeing is many of the usual ransomware techniques used by cyber criminals are linked to Web access – such as targeting Windows Remote Desktop Protocol, user execution, and exfiltration to cloud storage.

"On a cultural level, adopting a zero trust mindset can help businesses to maintain control over access to the network and all instances within it. Ultimately, Zero Trust demands constant verification as users access data, apps are installed, and information is shared."

H. Daniel Elbaum, chairman and co-chief executive of Australian cyber security company VeroGuard, said: "This assessment reflects a global vulnerability in critical infrastructure security. It is a result of organisations migrating to cloud-based operations that allows access to data and operations via open networks.

"It makes sense that business and government want to automate and leverage Internet-based open networks to support mobility, connectivity, and the flow of data. However, the current focus on software-based detection tools, two-factor authentication and biometrics as methods to secure access are clearly not closing the gaps in security when working over the Internet with the cloud.

"Greater than 90% of attacks and breaches are on users' identity and credentials as accessing a system remotely by assuming an authorised user's identity allows the cyber-criminal to remain undetected for an average of 207 days. This is the logical and only place to focus that action."


Subscribe to ITWIRE UPDATE Newsletter here

GRAND OPENING OF THE ITWIRE SHOP

The much awaited iTWire Shop is now open to our readers.

Visit the iTWire Shop, a leading destination for stylish accessories, gear & gadgets, lifestyle products and everyday portable office essentials, drones, zoom lenses for smartphones, software and online training.

PLUS Big Brands include: Apple, Lenovo, LG, Samsung, Sennheiser and many more.

Products available for any country.

We hope you enjoy and find value in the much anticipated iTWire Shop.

ENTER THE SHOP NOW!

INTRODUCING ITWIRE TV

iTWire TV offers a unique value to the Tech Sector by providing a range of video interviews, news, views and reviews, and also provides the opportunity for vendors to promote your company and your marketing messages.

We work with you to develop the message and conduct the interview or product review in a safe and collaborative way. Unlike other Tech YouTube channels, we create a story around your message and post that on the homepage of ITWire, linking to your message.

In addition, your interview post message can be displayed in up to 7 different post displays on our the iTWire.com site to drive traffic and readers to your video content and downloads. This can be a significant Lead Generation opportunity for your business.

We also provide 3 videos in one recording/sitting if you require so that you have a series of videos to promote to your customers. Your sales team can add your emails to sales collateral and to the footer of their sales and marketing emails.

See the latest in Tech News, Views, Interviews, Reviews, Product Promos and Events. Plus funny videos from our readers and customers.

SEE WHAT'S ON ITWIRE TV NOW!

BACK TO HOME PAGE
Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous

WEBINARS ONLINE & ON-DEMAND

GUEST ARTICLES

VENDOR NEWS

Guest Opinion

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News

Comments