ACSC Cyber Threat Report - How to build a resilient cybersecurity practice

Posted by Mathew Clark on 22 September 2021 12:30:00 ACST
Find me on:

In the previous blog, we analysed the key trends that emerged out of ACSC Annual Cyber Threat Report (2020-2021). To summarise, in the last financial year, ACSC reported an increase in the number of reported cyber crimes perpetuated by individuals, groups and state actors alike, including:

  • Over the course of 2020 - 2021 financial year, the ACSC received over 67,500 cybercrime reports, an increase of nearly 13 per cent from the previous financial year.
  • The increase in volume of cybercrime reporting translated to one report of cyberattack every 8 minutes compared to one every 10 minutes reported in 2019 - 2020 financial year. 
  • Self-reported losses from cybercrime totalled more than $33 billion. 
  • ACSC received over 22,000 calls on the Cyber Security Hotline – an average of 60 per day and an increase of more than 310% from the financial year 2019 - 2020.
  • A higher proportion of cyber security incidents reported in the financial year 2020 - 2021, was categorised by the ACSC as ‘substantial’ in impact.

  • ACSC observed an increased reporting of attacks by cybercriminals on larger organisations. The observed impact of these attacks on the victims, included several cases of data theft and/or services rendered offline.
  • Easy accessibility of cybercrime services – such as ransomware-as-a-service (RaaS) – via the DarkWeb increasingly opened the market to a growing number of malicious actors without significant technical expertise and without significant financial investment.
  • Nearly 500 ransomware cybercrime were reported - an increase of nearly 15% from the financial year 2019 - 2020.
  • No sector of the Australian economy was immune from the impacts of cybercrime and other malicious cyber activity.
  • The highest proportion of cybercrime reports made in the 2020 - 2021 financial year were made from entities or individuals in Queensland and Victoria, accounting for approximately 30 per cent each. While a lower number of reports were made overall, the highest average financial losses were self-reported by victims located in SA and WA.

And while threat actors continue to devise new attack vectors, ACSC has ensured Australian businesses are aware of the ever-changing cybersecurity environment, including:

  • Published 27 alerts and 12 advisories.
  • Published more than 40 step-by-step guides to help elderly citizens, individuals, family-units, and business entities to apply cybersecurity best practices.

As the market continues to evolve, here are some best practices Subnet recommends, that businesses can implement to protect themselves from threats from ransomware, network vulnerabilities, and business email compromises.

How do you protect against Ransomware (https://www.cyber.gov.au/ransomware/protect-yourself-against-ransomware-attacks)
As outlined in the above government article:

  • Update devices according to E8M3
  • Enable MFA
  • Backup your data - 6 Months retention (minimum), 3 Copies, 2 Types of Media, 1 Offline. A great option that ticks off Business Continuity and Disaster Recovery is Datto, with Unlimited Restore points and Immutable backups, this fulfils a lot of the requirements for a business.
  • Implement Access Controls - Restrict Administrator Privileges. Consider using a Just-In-Time Administrative account service.
  • Turn on Ransomware protections
  • Prepare a Cyber Security Emergency Plan or Incident Response Plan

How to protect against vulnerabilities

  • Patch within 48 Hours
  • Implement Network segmentation and segregation
  • Harden your operating systems, the CIS have great, operating system specific guidelines that Subnet uses to build systems.
  • Have detections for Web Shell Malware - https://github.com/nsacyber/Mitigating-Web-Shells

How to protect email from fraud or compromise

  • Enable MFA
  • Implement Email Authentication services, like SPF, DKIM, DMARC.
  • Secure Email gateways and servers
  • Implement a banner for External Senders.
  • Validate strange requests with the person on the phone. Beware of writing style behaviour analysis, can make the emails seem very legitimate.

In the future, we're going to be seeing attacks on supply chains, with headline suppliers being a gateway to attack their customers, and then their customers' customers in turn. The SolarWinds and Kaseya attacks are high profile examples of this targeted attack. More attention will be brought to paying attention to threat feeds, and the CyberSecurity industry with emerging Blue, Red and Purple teams working to keep the environment safe for all. We're going to see the need for tools like the Essential 8 and the Cyber Security Guidelines be brought front and centre, and companies growing their CyberSecurity practices are going to lean on outsourced providers to deliver on all of the necessary tools and configuration changes to keep ahead of the game.

Know how to report a cyber security incident or cybercrime
The ACSC website (cyber.gov.au) provides extensive advice, guidance and information on a range of cybersecurity matters.

Large organisations and critical infrastructure, government organisations, small and medium businesses and individuals can all report cyber security incidents through the ReportCyber website.

The ACSC website also provides additional assistance and referral pathways depending on the nature of the incident or cybercrime.

The ACSC is contactable via email (asd.assist@defence.gov.au) or by calling the Australian Cyber Security Hotline on 1300 CYBER1 (1300 292 371).

You can also contact Subnet for assistance for your CyberSecurity Maturity Journey via phone 08 7127 9400, chat or email.

Topics: Security, ransomware, Cybersecurity