Australian government networks are being targeted daily by cyber crooks but improved security has seen the number of ‘confirmed significant compromises’ decrease since 2012, a study has found.
This is despite the overall number of security incidents increasing in 2014, according to the Australian Cyber Security Centre’s (ACSC) first ever national public cyber threat report, released Wednesday.
The ACSC said that government agencies’ implementation of the Australian Signals Directorate’s top 4 strategies to mitigate targeted cyber intrusions and tactics based on internal risk assessments have improved their protection against cyber espionage activities.
Australia’s ‘systems of national interest’ and critical infrastructure remain vulnerable to malicious cyber security incidents. In 2014, the Computer Emergency Response Team (CERT) Australia responded to 11,073 cyber security incidents affecting Australian business, with 153 involving systems of national interest, critical infrastructure and government.
During the year, 29 per cent of cyber security incidents CERT responded to in the private sector targeted energy companies, followed by banking and finance (20 per cent), communications (12 per cent), defence industry (10 per cent), and transport (10 per cent).
Australians networks or critical infrastructure is unlikely to be subject to a cyber attack that would seriously compromise national security, stability or prosperity outside a period of significant heightened tension or escalation to conflict with another country, the report said.
“As the technological and financial barriers to developing an effective attack capability diminish, Australia faces the threat of a more diverse set of state and non-state-based cyber attacks in the future.
“Although some non-state adversaries – such as terrorist and issue motivated groups – have expressed intent to conduct cyber attacks, they will probably continue to use disruption and vandalism to gain publicity and further their causes,” the report said.
Meanwhile, CERT Australia handled more than 8,100 incidents involving compromised websites, which are often breached due to poor maintenance or security configuration. Cyber adversaries often targets websites to distribute malware, host phishing websites or build denial of service botnets.
Attackers are using ‘watering-holes’ a compromised legitimate website used frequently by their intended targets. Malware on the website breaches the computers of visitors to the site and this type of espionage continues to grow.
ACSC noted incidents involving the watering-hole exploitation of websites regularly visited by Australian government employees and these incidents were mitigated successfully.
But in many cases, the owner of the website was not aware of the breach until they were notified or the website had been blacklisted by a security organisation.
The Australian Internet Security Initiative (AISI) program – operated by the Australian Communications and Media Authority – reported more than 15,000 malware compromises daily for ISPs to action between 17 October 2014 and 14 January 2015.
The AISI provides participants with daily notifications of IP addresses on their networks observed as potentially vulnerable to malicious exploits or infected by malware.
The report also stated that around 16,000 people had fallen victim to the ‘TorrentLocker’ ransomware variant since February 2014, paying around $8 million.
Australian victims received a ransom message specifying the ransom fee – between $500 and $600 – and demanding they purchase bitcoins from specified local websites and send payment to a provided address.
One Australian corporate victim, whose brand had been exploited, estimated that its response to TorrentLocker, including monitoring, take down actions against malicious domains and brand protection, had so far cost $185,000.