Despite taking precautions, cyber crime in Austraila is progessing at an alarming rate, according to a new report.
The Australian Cyber Security Centre (ACSC) 2017 Threat Report , released on Tuesday as part Stay Smart Online week, addresses the challenges, targets, trends and emerging threats posing risks to the Australian cyber landscape.
Launching the report at the National Press Club, the Minister Assisting the Prime Minister for Cyber Security, Dan Tehan, said over the past 12 months, 47,000 cyber incidents had been identified – a 15% increase from last year’s ACSC results.
“Most concerning, is that these attacks were more elaborate than those we have seen in previous years,” said Tehan.
More than half of these incidents were online scams or fraud, up by 22%.
The only instance of cyber crime to have decreased was the prevalence of illegal or prohibited material, down by 3.1%.
Continued ransomware attacks, the use of credential-harvesting malware (targeting Android devices in particular), social engineering, the use of Distributed Denial of Service (DDS) systems, and phishing emails targeting businesses, were all reported as continued or increased cyber security challenges.
An emerging risk identified in the report was the lack of security in Internet of Things (IoT) devices, such as smartphones and tablets.
Increased integration into the ecosystem, and the lack of security features implemented in IoT devices during manufacturing, introduce significant security risks.
However, while trends were emerging, the report found criminals were continuing to use rudimentary techniques and known network vulnerabilities to target poorly secured networks by developing ransomware variants, which Tehan said would continue until baseline security measures were implemented.
“Backing up data and proven data restoration processes are vital to mitigate data being encrypted, corrupted or deleted by ransomware,” he said.
Other security measures outlined were limiting the amount of information shared online, and creating strong passwords.
The report states that staying one step ahead of cyber criminals remains an "enduring challenge" as they improved their cyber tools and methods -- successfully enough that some businesses have begun to expand into franchises -- in tandem with security measures being constantly updated.
One such tool contributing to cyber crime’s rapid expansion is ransomware-as-a-service, a service providing ransomware kits for a fee which can then be installed through a computer for malicious purposes.
So, what makes cyber crime so attractive to criminals? According to Tehan, the large profits and minimal risk of identification and interdiction, particularly when using ransomware, were driving factors.
The responsibility lies with you, too
Tehan honed in on how cyber crime could affect anyone, and to tackle it, a collaborative approach was necessary.
“Cyber security is as relevant for mums and dads, small business owners and local communities, to keep their data, their money and their identities secure.
“The best way to improve our cyber security is for government, business and individuals to work together,” he said.
Of the reported incidents that impacted business, fewer than 60% of reports came from the business themselves – 40% were identified by the ACSC. Tehan said it was imperative victims of cyber crime file reports in order to pursue counteraction.
“It’s hard enough to catch the criminals who did it.
“But if you don’t report it, it makes it impossible and leads to more victims.
“When your house or car is broken into, you report it to the police. We must have the same mindset when it comes to cyber crime [to ACSC],” he said.
Tehan cautioned that in the following twelve months, there would be more globally significant attacks and new cyber threats such as cyber terrorism would emerge.
That is why, he said, cyber security must become second nature to all Australians.
Attacks on government
Over the last 12 months, the government was reported to have been increasingly targeted by cyber criminals, issue-motivated groups, individuals and, in particular, foreign states. This saw Australian government and private sector networks in support of economic, foreign policy and national security objectives being highly susceptible to attacks.
One such incident addressed was publicly detailed for the first time in Tehan’s speech. In November 2016, ACSC became aware that a significant amount of data had been stolen by a cyber actor who had infiltrated the network of a small Australian company with contracting links to national security projects.
Tehan referenced other national attacks that occurred in Ukraine and the United Kingdom as the context behind the formation of the report, and said no federal or state government network was exempt from malicious cyber activity.
A strong year for security
With the increase in attacks and use of advanced malicious cyber activity threatening Australian cyber security, a surge of counteraction infrastructures have recently been implemented.
Over the past year, initiatives such as the Australian Cyber Security Growth Network, Australia’s first International Cyber Engagement Strategy, two Academic Centres of Cyber Security Excellence, the ASX 100 Health Check of Australia’s leading businesses and the commitment of $140 million towards a Cyber Security Cooperative Research Centre have been established.
Australia’s latest initiative to improve cyber security is the opening of the second Joint Cyber Security Centre in Melbourne on Wednesday.
Led by CERT Australia, headed by Attorney-General George Brandis, the new centre will capitalise on the concentration of cyber expertise in the region, provide up to-date information about the nature and number of cyber threats, and help business and government better understand and respond to cyber risks.
Another two centres, one each in Sydney and Perth, are expected to be operational by the end of the year.
Tehan said the use of these offensive cyber capabilities would add to the Government’s crime-fighting arsenal and form part of Australia’s broader strategy to prevent and shut-down safe-havens for offshore cyber criminals.
“Cyber security and law enforcement measures will naturally continue to sit at the forefront of our response to cyber threats,” Tehan said.