But ACSC reveals no major national attack yet.
Malicious cyber incidents reported by Australian governments and business have more than tripled in the last three years and will cost more than $1 billion in damage in the future, but the country is yet to suffer a major attack, according to the Australian Cyber Security Centre.
The ACSC today released its first-ever unclassified cyber security threat report [pdf], which the centre’s co-ordinator Clive Lines said proved the threat to Australian organisations was “undeniable, unrelenting and continues to grow”.
“If every Australian organisation read this report and acted to improve their security posture, we would see a far more informed and secure Australian internet presence,” he said.
The centre has urged Australian business and government to do more to defend against cyber espionage, attack and crime.
The ACSC’s warning stems from a 20 percent rise in the number of IT security threats reported to the ASD last year, which reached 1131 from 940 the year prior, and up from 313 in 2011.
CERT Australia responded seperately to 11,073 cyber incidents last year, the report said, 153 of which involved government, critical infrastructure or national interest systems.
Cyber incidents are growing in both number and “destructive capability”, the centre said, which meant detecting and responding to the threat was becoming more difficult.
The report singled out energy providers, banking and finance, defence, transport and communications companies as the biggest private sector targets for malicious actors.
The ACSC also warned of increasing daily activity by “foreign state adversaries” but stopped short of naming any culprits.
It forcecast the cost of cyber incidents on Australian organisations would exceed the $1 billion estimate previously given by infosec firm Symantec, which only counted the cost for individuals rather than business and government.
Popular attack methods
The centre reported spear phishing, remote access tools and watering hole attacks as growing techniques used by malicious actors.
Malware and ransomware remain the predominant cybercrime threat in Australia, according to the report. It specifically highlighted the use of GameOver Zeus, ZeroAccess, the Conficker worm, TorrentLocker and CyptoWall 2.0 as prevalent methods of attack.
Between October 2014 and January 2015, the ACMA’s Australian Internet Security Initiative (AISI) reported over 15,000 malware compromises daily to internet service providers, the report stated.
Distributed denail of services (DDoS) attacks remained steady last year, the ACSC reported.
No major attack yet
However, the centre’s report noted that Australia has “not yet been subjected to any activities that could be considered a cyber attack”.
A cyber attack – which it classified as a deliberate act to manipulate, destruct, deny, degrade or destroy computers or networks or their information – was unlikely during peace time, the ACSC said.
It said while the threat of a more diverse set of cyber attacks in the future would rise as the barriers to enact a cyber attack diminished, adversaries were more likely to continue using disruption and vandalism to gain publicity.
Current threat warnings
The centre urged businesses to act on more recent and publicised threats such as the Heartbleed OpenSSL flaw, the Shellshock vulnerability in the Bash command line interpreter, and end of support for Windows XP and Office 2003.
It encouraged organisations to report cyber security incidents to the centre in order to help it advise on how best to respond to and remediate such threats.
It noted that Australian government agencies that had implemented the ASD’s top 4 strategies to mitigate targeted cyber intrusions had improved their protection against such threats.
The centre said while more cyber incidents were reported last year, the number of confirmed significant compromises of Australian government networks had fallen since 2012.
“Improving network security forces cyber adversaries to either develop their capability or find alternative targets,” it wrote.
The centre is a Canberra-based hub which houses cyber specialists from the AFP, ASIO, Defence, Crime Commission, ASD and CERT Australia. It was born under the former Gillard government and entered full operation at the start of the year.
Today’s report is the first unclassified report to be released by the ACSC.