All sectors of the Australian economy were affected by the impacts of cybercrime and other malicious cyber activity in the latest financial year. Government agencies at all levels, large organizations, critical infrastructure providers, small to medium enterprises, families and individuals were all targeted over the reporting period, which was predominantly by criminals or state hackers. The COVID-19 pandemic and the shift to remote work provided new opportunities to both scammers and financially driven thieves.
Data released by the Australian Cyber Security Centre (ACSC) said that the agency received over 67,500 cybercrime reports, an increase of nearly 13 percent from the previous financial year. The report covers the financial year from Jul.1, last year to Jun. 30 this year. The increase in the volume of cybercrime reporting equates to one report of a cyber attack every 8 minutes compared to one every 10 minutes in the previous financial year. A higher proportion of cybersecurity incidents this financial year was categorized by the ACSC as ‘substantial’ in impact.
The report also stated that over 1,500 cybercrime reports per month of malicious cyber activity were related to the coronavirus pandemic, averaging four attacks daily. Across this period, Australia remained a key and regular target of state-sponsored hackers. These cyberattackers employed a wide range of tactics to target Australian networks, seeking sensitive information that could be used to weaken Australia’s competitive advantage and degrade national security.
The latest ACSC annual cyber threat report has been produced with contributions from the Defence Intelligence Organisation (DIO), Australian Criminal Intelligence Commission (ACIC), Australian Security Intelligence Organisation (ASIO), the Department of Home Affairs, and industry partners. The report zeroes in on the key cyber threats affecting Australian systems and networks and uses strategic assessments, statistics, trends analysis, and case studies to describe the nature, scale, scope, and impact of malicious cyber activity affecting Australian networks.
Approximately one-quarter of reported cyber security incidents affected critical infrastructure organizations, including essential services such as education, health, communications, electricity, water and transport. Significant targeting, both domestically and globally, of essential services such as healthcare, food distribution and energy sectors has underscored the vulnerability of critical infrastructure to significant disruption in essential services, lost revenue, and the potential of harm or loss of life.
The ACSC is working closely with critical infrastructure organizations and industry partners to improve information sharing on the scale and scope of cyber security incidents affecting Australia, it added.
Ransomware has grown in profile and impact and poses one of the most significant threats to Australian organizations. The ACSC report recorded a 15 percent increase in ransomware cybercrime reports in the 2020–21 financial year, which has been associated with an increasing willingness of criminals to extort money from particularly vulnerable and critical elements of society. Ransom demands by cybercriminals ranged from thousands to millions of dollars, and their access to ‘darkweb’ tools and services improved their capabilities.
Extortion tradecraft evolved, with criminals combining the encryption of victim networks with threats to release or ‘on-sell’ stolen sensitive data and damage the victim’s reputation. Ransomware incidents disrupted a range of sectors, including professional, scientific and technical organizations, and those in health care and social assistance. The global impact of the Colonial Pipeline and JBS Foods attacks underscores the potentially debilitating and widespread impact of ransomware attacks.
“The 15% increase in ransomware attacks can be largely attributed to the rise in ransomware-as-a-service (RaaS) groups, which enables cybercriminals to make a significant profit, and the adoption of double extortion tactics,” Satnam Narang, staff research engineer at Tenable, wrote in an emailed statement. “Not only do organisations have to worry about computers in their network being encrypted, but they also have to worry about ransomware groups stealing their sensitive data and threatening to publish them on the dark web if their ransom demands are not met. Ransomware has always been considered a prominent part of the game so to speak, but now ransomware has become the game,” he added.
To increase the likelihood of ransoms being paid, cybercriminals may encrypt networks and also exfiltrate data, and then threaten to publish stolen information on the internet. These shifts in targeting and tactics have intensified the ransomware threat to Australian organizations across all sectors, including critical infrastructure, according to the ACSC report.
State and criminal cyber hackers continued to compromise large numbers of organizations by prosecuting publicly disclosed vulnerabilities at speed and scale. Malicious attackers exploited security vulnerabilities, at times within hours of public disclosure, patch release, or technical write up, especially if the proof of concept (PoC) code that identified the vulnerabilities in systems was also released.
Supply chains – particularly software and services – continue to be targeted by malicious players as a means to gain access to a vendor’s customers. Although the consequences of major supply chain attacks – such as SolarWinds – were not as severe for Australia, several organizations were forced to take mitigation actions to prevent more serious impacts to their networks, the ACSC report said. The threat from supply chain compromises remains high – it is difficult for both vendors and their customers to protect their networks against well-resourced hackers with the ability to compromise widely used software products.
While software supply chain compromises can be difficult to detect and defend against, some measures can minimize their impact. These include assessing the risks a vendor introduces to networks and reviewing internal and external network security vulnerabilities to prevent third-party access to systems. Once detected, mitigation can be particularly challenging, as the malicious actor has often been able to develop pervasive access to a range of victims over an extended time. The ACSC recommends organizations plan for incident response in the event of a software supply chain compromise.
Malicious cyber activity against the European Medicines Agency in late 2020, followed by the early 2021 targeting of an offshore university lab studying COVID-19, served to highlight the potential threat to Australia’s vaccine supply chain, according to the ACSC report. In tandem with this threat, the continued spate of ransomware attacks on health entities around the globe, including in Australia, demonstrated the tangible impacts cybercrime can have on critical infrastructure, particularly during a crisis. Following these attacks, medical staff was locked out of patient records, surgeries were delayed, and patients seeking emergency care were diverted to other facilities.
The ACSC supported the Australian Government and key industry organizations, including the health sector, to reduce the risk of malicious cyber activity against the COVID-19 vaccine rollout. This included providing technical advice and assistance, including sector-specific advice and assistance, an earlier cooperation with vaccine supply chain entities, threat intelligence sharing, and vulnerability scanning of research, health, biotechnology, logistics, and transport sectors.