I have been writing about cybercrime for years and have witnessed the methodology and tools that criminals use to evolve. One truism about cybercrime is that it knows no boundaries. Unlike conventional crimes, where a criminal is stopped at a border and needs a passport to cross, no such barrier exists when committing a cybercrime in another country. That is why managed service providers (MSPs) must remain alert to what is going on across the globe. Awareness is an important and cheap defense.
As part of the global awareness that we try to promote, this week we are looking at the Australian Signals Directorate (ASD) Annual Cyber Threat Report, which was released earlier this month.
Often, what comes to Australia eventually comes to the shores of the United States. So, I dig into this report every year, looking for clues and trends. With Australia’s cyber-defenses being sophisticated and similar to the United States, cybercriminals often “test” new methods and crimes there. The population is smaller, and the stakes are perhaps not as high, so it is a good “testing ground” for cybercriminals.
The ASD report accurately describes Australia’s evolving place in the world:
In the post-Second World War period, Australia was protected by its geography and the limited ability of other nations in the region to project combat power. In the current strategic era, Australia’s geographic advantages have been eroded as more countries have enhanced their ability to project combat power across greater ranges, including through the rapid development of cyber capabilities.
I read the ASD report, so you don’t have to, but if you want to, click here. Meanwhile, let’s look at some of the highlights:
Cybercrime on the rise
First, cybercrime – or at least the reporting of it – is increasing in Australia.
ASD’s Australian Cyber Security Centre (ACSC) received over 94,000 reports of cybercrime in the 2022-23 financial year, an increase of 23 percent from the previous year.
This represents an average of nearly 300 cybercrime reports every day.
Remember the population difference between Australia and the United States when drawing comparisons: 25 million in Australia vs over 300 million in the USA.
Hacktivism is a troubling trend
Australia has been experiencing more cyber disruptions tied to hacktivism. The ASD points out that hacktivists are usually not as organized or well-funded as other groups, but they can still wreak havoc by launching DDoS or brute force attacks.
Russian hackers, for example, have primarily been targeting Europe in retaliation for their Ukraine support, but the ASD report says that they may be shifting their sights to Australia. These hacktivists are linked to a state and are better funded than homegrown operations.
A DDoS attack on an Australian organization was linked to the Russia-Ukraine war. The report states:
The partner linked the DDoS attack to the malicious cyber actor KillNet, a well-known pro-Russian hacktivist group. Since Russia’s war on Ukraine began, KillNet’s focus had been primarily Europe; however, recent trends suggest a shift to countries abroad, including Australia and its critical infrastructure.
DDoS attacks are increasing in Australia overall.
ASD responded to 79 cyber security incidents involving DoS and DDoS, more than double the 29 incidents reported to ASD last year.
Other attacks, however, like ransomware, continue to be a problem in Australia. For instance, 10 percent of all incidents reported to the ASD were ransomware, which is on par with the previous year’s report, so ransomware remains a potent threat in Australia as it does everywhere else.
Retail is a top target
In the United States, top targets for cybercrime include education, municipal governments, and manufacturing. In Australia, however, retail bears the brunt of the attacks. The top three industries experiencing cyberattacks in Australia include:
- Retail
- Construction
- Scientific and Technical Services
These three sectors comprised about a third of the total cybercrimes committed in Australia.
The majority of cyberattacks in Australia hit small businesses. When all the smoke clears for a small business, the average loss was a hefty $45,965 compared to $29,901 two years ago. For medium businesses, that jumps to $97,203. The losses are less significant for larger firms, which usually have better cyber defenses, clocking in at around $77,000.
A growing cyber menace in Australia, the ASD report shows that business email compromise (BEC) losses totaled almost $80 million from over 2000 BEC reports. On average, the financial loss from each BEC incident was over $39,000.
Drill down on the basics
The ASD report offers a variety of mitigation strategies for chief information security officers (CISOs) and MSPs, most focusing on cybersecurity fundamentals. Still, time and again, studies have shown that the most effective cybersecurity is to drill down on the basics, which, according to the ASD, include:
- Deploy multi-factor authentication (MFA) to mitigate stolen credential abuse
- Enforce strong passphrase policy to secure accounts
- Block internet-facing services that are not authorized to be internet-facing
- Immediately decommission unnecessary systems and services
- Configure server applications to run as a separate account with the minimum privileges to mitigate account abuse
- Mandate user training to recognize phishing or social engineering attempts.
We’ll continue to watch the cyber landscape in Australia because what shows up there will likely end up in the United States and Canada.
Photo: Ivelin Radkov / Shutterstock
