//
you're reading...
IT & TECHNOLOGY, Palo Alto Networks

The Australian Threat Environment


PANW-New-Logo-3

The Australian Cyber Security Centre (ACSC) has released its first unclassified Threat Report [1], which describes a number of cyber adversaries targeting Australian networks, explaining their motivations, the malicious activities they are conducting, and their impact. This threat report also provides a number of examples of activity targeting Australian networks during 2014. The report further offers mitigation advice on some of the types of malicious activity targeted to Australian organisations, how best to deal with these threats, and how to both prevent and respond to these activities to limit the severity of the damage.

The report calls out a number of techniques that are being used by cyber adversaries to target Australian government and business. These include:

  • Spear Phishing ‒ the process of using social engineering techniques, such as carefully crafted emails, to entice a user to click on a link or open an attachment.
  • Remote Access Tools – the malicious use whereby someone accesses a computer from a remote location.
  • Watering Hole – a technique which takes advantage of a user’s trust in a legitimate website by placing malware on the frequented website to compromise the computers of visitors to the site.
  • Malware ‒ malicious software that is designed to facilitate unauthorised access or cause damage to a system.
  • Ransomware ‒ extortion through the use of malware that often locks a computer’s content and requires victims to pay a ransom to regain access.
  • Denial of Service ‒ an activity that prevents the legitimate access to online services by consuming the amount of available bandwidth or the processing capacity of the host computer. This may also include the use of ransomware.

Australian Government agencies that have implemented the ASD (Australian Signals Directorate) Top 4 Strategies to Mitigate Targeted Cyber Intrusions [2], and a number of other strategies, are improving their protection against cyber espionage activities. When implemented, the Strategies can mitigate at least 85 percent of targeted cyber intrusions responded to by the ACSC.

While the overall number of cybersecurity incidents increased in 2014, the number of confirmed significant compromises of federal Australian Government networks has decreased since 2012.

In 2014, CERT Australia responded to 11,073 cybersecurity incidents affecting Australian businesses, 153 of which involved systems of national interest, critical infrastructure and government.

In 2014, the top five non-government sectors assisted by CERT Australia in relation to cybersecurity incidents were: energy (29%), banking and financial services (20%), communications (12%), defence industry (10%), and transport (10%).

During 2014, CERT Australia handled more than 8,100 incidents involving compromised websites.

Australian organisations are urged to report cybersecurity incidents to the ACSC by following the links on the ACSC website. Australian government agencies and businesses reporting cybersecurity incidents to the ACSC can request advice and assistance on how to remediate these incidents.

The threat report calls out a number of trends, which will continue, locally and globally:

  • Number of state and cybercriminals with capability will increase.
  • Cybercrime-as-a-service is likely to increase, reducing the barriers for entry for cybercriminals.
  • Sophistication of the current cyber adversaries will increase, making detection and response more difficult.
  • Ransomware and watering-hole techniques will increases and continue to be prominent.
  • An increase in the number of cyber adversaries with a destructive capability.
  • Increasing amounts of web defacements and social media hijacking.

Cybersecurity efforts should aim to make Australian organisations a harder target and, thereby, increase the trust and confidence of all Australians to engage in the benefits the Internet brings. The report explains that “Effective cyber security requires a partnership between government and the private sector.” One such partnership could be around information sharing, which ultimately shifts more costs to the cyber adversaries.

Many adversaries often write one piece of malware and send it to multiple organisations. However, if we, as a community – in partnership with government and the private sector – can force cyber adversaries to create multiple unique attacks each time, forcing their costs to go up. And if we can share the information, the defender costs go down. The benefits grow exponentially if we automate this process whereby organisations do this in real time, whilst preventing the attacks.

It is unlikely we will ever stop all cyber intrusions, but through a concerted effort to share information, we can significantly raise their costs, thus making it harder for them to threaten Australian and global organisations.

[1] https://www.acsc.gov.au/publications/ACSC_Threat_Report_2015.pdf
[2] http://www.asd.gov.au/infosec/mitigationstrategies.htm

[Palo Alto Networks Blog]

About @PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Discussion

No comments yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Web Stats

  • 124,624 hits
@PhilipHungCao

@PhilipHungCao

@PhilipHungCao, CISM, CCSP, CCSK, CASP, CIW-WSP, GICSP, PCNSE, ACSP, CCDA, DCSE, JNCIA, MCTS, MCSA, VCP5-DCV, VCP6-NV, ZCNT is a #TekF@rmer. He has 16 years' experience in ICT/Cybersecurity industry in various sectors & positions.

Personal Links

View Full Profile →

Enter your email address to follow this blog and receive notifications of new posts by email.

Join 2,533 other followers

Twitter Updates

Archives

October 2015
M T W T F S S
« Sep   Nov »
 1234
567891011
12131415161718
19202122232425
262728293031  
%d bloggers like this: