Attacks and Vulnerabilities
Critical infrastructure
Industrial Cyber Attacks
IT/OT Collaboration
Malware, Phishing & Ransomware
News
Regulation, Standards and Compliance
Reports
SBOM
Supply Chain Security
System Design & Architecture
Technology & Solutions
Threat Landscape
Vulnerabilities

New ASD Cyber Threat Report reveals growing vulnerability of Australia’s critical infrastructure to cyber attacks

November 16, 2023
New ASD Cyber Threat Report reveals growing vulnerability of Australia's critical infrastructure to cyber attacks

The Australian Signals Directorate (ASD) through its Australian Cyber Security Centre (ASCS) published Wednesday a cyber threat report that provides an overview of cyber threats affecting Australia, how ASD is responding, and advice on how organizations can better protect themselves. Across the reporting period, ASD responded to over 1,100 cybersecurity incidents from Australian entities. Ransomware comprised over 10 percent of all incidents similar to the previous financial year. Separately, nearly 94,000 reports were made to law enforcement through ReportCyber – around one every 6 minutes. 

Titled ‘ASD Cyber Threat Report 2022-2023,’ the report highlighted the growing vulnerability of Australia’s critical infrastructure to cyber threats. It emphasized the need for organizations to prioritize cybersecurity and proactively stay ahead of these threats. The interconnected nature of operational technology (OT) and corporate networks has created opportunities for malicious cyber actors to target Australian critical infrastructure. 

Additionally, OT can be targeted to access a corporate network and vice versa, potentially allowing malicious cyber actors to move laterally through systems to reach their target. Even when OT is not directly targeted, attacks on connected corporate networks can disrupt the operation of critical infrastructure providers.

“Globally, government and critical infrastructure networks were targeted by state cyber actors as part of ongoing information-gathering campaigns or disruption activities,” the report disclosed. “The AUKUS partnership, with its focus on nuclear submarines and other advanced military capabilities, is likely a target for state actors looking to steal intellectual property for their own military programs. Cyber operations are increasingly the preferred vector for state actors to conduct espionage and foreign interference.”

It added that in 2022–23, ASD joined international partners to call out Russia’s Federal Security Service’s use of ‘Snake’ malware for cyber espionage, and also highlighted activity associated with a People’s Republic of China state-sponsored cyber actor that used ‘living-off-the-land’ techniques to compromise critical infrastructure organizations. 

Increasing from the 95 incidents reported in 2021–22, “in 2022–23, ASD responded to 143 cyber security incidents related to critical infrastructure. Cybercriminals continued to adapt tactics to extract maximum payment from victims,” the report detailed. “Cybercriminals constantly evolved their operations against Australian organisations, fuelled by a global industry of access brokers and extortionists.” 

Additionally, ASD responded to 127 extortion-related incidents: 118 of these incidents involved ransomware or other forms of restriction to systems, files, or accounts. “Business email compromise remained a key vector to conduct cybercrime. Ransomware also remained a highly destructive cybercrime type, as did hacktivists’ denial-of-service attacks, impacting organisations’ business operations.” 

It also identified that one in five critical vulnerabilities was exploited within 48 hours. “This was despite patching or mitigation advice being available. Malicious cyber actors used these critical flaws to cause significant incidents and compromise networks, aided by inadequate patching.”

“The report demonstrates the persistent threat that state cyber capabilities pose to Australia. This threat extends beyond cyber espionage campaigns to disruptive activities against Australia’s essential services,” Richard Marles, Deputy Prime Minister and Minister for Defence, wrote in the report. “The report also confirms that the borderless and multi-billion dollar cybercrime industry continues to cause significant harm to Australia, with Australians remaining an attractive target for cybercriminal syndicates around the world.”

Marles added that the threat environment characterized in this report underscores the importance of ASD’s work in defending Australia’s security and prosperity. “It also reinforces the significance of the Australian Government’s investment in ASD’s cyber and intelligence capabilities under Project REDSPICE (Resilience, Effects, Defence, Space, Intelligence, Cyber, Enablers). It is clear we must maintain an enduring focus on cyber security in Australia. The Australian Government is committed to leading our nation’s efforts to bolster our cyber resilience,” he added.

The main cyber security incident types affecting Australian critical infrastructure were compromised accounts or credentials; compromised assets, network or infrastructure; and denial of service (DoS). These incident types accounted for approximately 57 percent of the incidents affecting critical infrastructure for 2022–23. Other more prominent incident types were data breaches followed by malware infection.

The ASD cyber threat report comes as the Australian government announced the resumption of operations at DP World Australia’s ports nationwide at 9 AM local time. This decision follows successful overnight tests of crucial systems, following a three-day suspension of operations. It is crucial to acknowledge that an ongoing investigation and response to a cybersecurity incident are underway, which may lead to temporary disruptions in services as part of the investigation process.

Malicious cyber activity against Australian critical infrastructure is expected to rise as networks grow in size and complexity. Organizations must take steps to reduce the attack surface, secure systems, and protect sensitive data to ensure the resilience of essential services in Australia. 

Following best practice cyber security, such as ASD Essential Eight or an equivalent framework, is crucial for a critical infrastructure risk-management program. It is important to have a thorough understanding of networks, map them, and maintain an asset registry to effectively manage devices on all networks, including OT. When conducting routine architecture and asset reviews, consider the security capabilities of devices and the most secure approach to handling hard-coded passwords. Additionally, carefully examine the vulnerabilities and risks in the organization’s ICT supply chain.

Organizations must prioritize secure-by-design or secure-by-default products. Consider the security controls of any new software, hardware, or OT before it is purchased, and understand vendor support for future patches and ongoing security costs. They must also work towards building cyber security costs into budgets for the entire product lifecycle, including the product’s replacement, and understand what is necessary to keep critical services operating and protect these systems as a priority. Furthermore, they should ensure OT and IT systems can be, or are, segmented to ensure the service can operate during a cyber incident.

The report also called upon critical infrastructure organizations to treat a cyber incident as a ‘when’ not ‘if’ scenario in risk and business continuity planning, and regularly practice cyber incident response plans. They must also maintain open communication with ASD, as it has several programs to support critical infrastructure, including cyber uplift activities and cyber threat intelligence sharing, and follow the agency’s cybersecurity publications tailored for critical infrastructure entities available online.

In late October, the Australian government published its initial Critical Infrastructure Annual Risk Review addressing the dangers posed to the nation’s critical infrastructure sector. The review, developed by the Cyber and Infrastructure Security Centre (CISC), summarizes security risks concerning Australia’s critical infrastructure in the past year. It identifies foreign interference and espionage as the primary threats to Australia’s critical infrastructure. Additionally, the review highlights the increasing sophistication in targeting and exposing narrow risk mitigation efforts, as hackers persistently scan for and exploit vulnerabilities across interconnected critical infrastructure networks.

Anna Ribeiro
Industrial Cyber News Editor. Anna Ribeiro is a freelance journalist with over 14 years of experience in the areas of security, data storage, virtualization and IoT.

A complimentary guide to the who`s who in industrial cybersecurity tech & solutions

Free Download

Related

Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Securing cloud, IIoT in Industry 4.0 emerges crucial for protecting industrial operations across OT/ICS environments
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
Dragos reports decline in ransomware attacks on industrial sector amid law enforcement measures
MITRE's CREF Navigator aligns with DoD's CMMC to boost cyber resilience in defense industrial base
MITRE’s CREF Navigator aligns with DoD’s CMMC to boost cyber resilience in defense industrial base
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
UK’s NCSC debuts CAF v3.2 to address rising threats to critical national infrastructure, boosts cybersecurity readiness
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Cisco Talos details ArcaneDoor campaign found targeting perimeter network devices across critical infrastructure
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
Forescout report warns of growing security risks to critical infrastructure as OT/ICS exposed data escalates
ASIS Foundation reports on impact of autonomous vehicles on security and technology
ASIS Foundation reports on impact of autonomous vehicles on security and technology
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
European Commission makes €112 million investment in AI, quantum research under Horizon Europe program
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
MITRE unveils ATT&CK v15 with upgraded detections, analytic format, cross-domain adversary insights
RMC
Risk Mitigation Consulting acquires Securicon, boosting cybersecurity and mission assurance offerings