The Annual Cyber Threat Report 2023-2024 by the Australian Signals Directorate (ASD) provides a comprehensive overview of the cyber threat landscape in Australia, highlighting key trends, incidents, and mitigation strategies. Here’s a summary of the key points:
Key Themes and Findings
1. Strategic Environment:
Australia faces its most complex strategic environment since WWII, with increasing cyber threats from state and non-state actors. Geopolitical tensions, such as Russia’s invasion of Ukraine and conflicts in the Middle East, have exacerbated cyber risks. State-sponsored cyber actors, particularly from China and Russia, are targeting Australian critical infrastructure, businesses, and government networks for espionage, pre-positioning, and potential disruptive attacks.
2. Cybercrime Trends:
Ransomware and data theft extortion remain pervasive, with cybercriminals increasingly using artificial intelligence (AI) to enhance social engineering attacks. Business Email Compromise (BEC) and online banking fraud were among the top reported cybercrimes. The average cost of cybercrime for individuals increased by 17%, while costs for businesses decreased by 8%.
3. Critical Infrastructure:
Critical infrastructure, such as energy, water, and healthcare, remains a prime target for cyberattacks. Operational Technology (OT) systems are increasingly vulnerable due to their interconnectedness with IT systems. ASD responded to 128 critical infrastructure-related incidents, with phishing, exploitation of public-facing applications , and brute-force attacks being the most common attack vectors.
4. State-Sponsored Cyber Threats:
State actors, particularly from China and Russia, are using advanced techniques like living off the land (LOTL) and supply chain compromises to evade detection. These actors are pre-positioning themselves on networks to potentially disrupt critical services during crises.
5. Hacktivism:
Hacktivist activity has risen due to global tensions, with groups targeting governments and businesses to further political or social causes. These groups often use low-capability tools like Distributed Denial of Service (DDoS) attacks and website defacements.
6. Resilience and Mitigation:
ASD emphasizes the importance of cyber resilience , recommending organizations adopt the Essential Eight mitigation strategies. Phishing-resistant multi-factor authentication (MFA), regular patching , and secure-by-design practices are critical for defending against evolving threats. Organizations are encouraged to report cyber incidents early to ASD for timely assistance and to contribute to the national threat picture.
7. Key Statistics:
ASD responded to 1,100+ cyber security incidents , with 11% involving ransomware. Over 36,700 calls were made to the Australian Cyber Security Hotline, a 12% increase from the previous year. 11% of incidents involved critical infrastructure, with electricity, gas, and water sectors being the most targeted. Ransomware incidents increased by 3%, with 71% of extortion-related incidents involving ransomware.
ASD’s Response and Programs:
ASD’s Cyber Threat Intelligence Sharing (CTIS) platform and Cyber Security Partnership Program have grown, enabling better collaboration between government and industry.
ASD has issued 19 joint advisories with international partners and published 118 alerts and advisories to help organizations defend against threats.
The Critical Infrastructure Uplift Program (CI-UP) and Cyber Uplift Remediation Program (CURP) have been instrumental in improving the cyber resilience of critical infrastructure and government organizations.
Recommendations:
Individuals: Enable MFA, use strong passphrases, and stay vigilant against phishing and scams.
Businesses: Implement the Essential Eight , conduct regular backups, and develop incident response plans.
Critical Infrastructure: Adopt a “when, not if” mindset for cyber incidents, map networks, and ensure OT systems are secure.
Conclusion:
The report underscores the growing sophistication of cyber threats and the need for a collaborative approach to cyber defense. ASD continues to play a critical role in protecting Australia’s digital landscape, but all Australians—individuals, businesses, and government—must take proactive steps to enhance their cyber resilience.
For more detailed insights, the full report and associated resources are available on the ASD website.