The Australian Signals Directorate (ASD) has released its Annual Cyber Threat Report 2023-2024. This can give you a good grasp of the current cyber security environment if you want to learn the latest on cyber security threats.
To save you time reading the entire report, we’ve summarised in this review the key threats identified and the practical cyber security recommendations to protect small and medium-sized businesses (SMBs).
Top Threats from the ASD Cyber Threat Report
Cyber security threats remain relentless, and attackers are determined to succeed. Threats are also increasing in frequency and sophistication. Ransomware, phishing, and supply chain attacks were identified as the predominant threats today, as discussed below.
Rising Ransomware Attacks Aimed at SMBs
There is an increase in ransomware, as cyber criminals employ more sophisticated techniques to encrypt data and demand ransoms. These attacks have become more targeted and customised, making them difficult to detect and mitigate. Attackers now use double extortion tactics, where they threaten to release stolen data if ransoms are not paid, adding an extra layer of complexity.
The report particularly pinpoints SMBs as “high-risk targets for ransomware attacks.”
Here are some key statistics:
- Around 71% of extortion-related incidents involved ransomware.
- Ransomware was involved in 11% of all incidents responded to by the ASD, a 3% increase from the previous year.
- Of the data breach notifications received by the Office of the Australian Information Commissioner (OAIC), 26% involved ransomware.
In response, the Australian Government participated in various global law enforcement operations. Additionally, the government imposed its second cyber sanction on a Russian national who held a senior leadership position within the notorious LockBit ransomware group.
Pervasive Phishing Schemes & Scams
Phishing attacks have also surged, continuing to exploit human vulnerabilities to gain unauthorised access to sensitive information. The integration of Artificial Intelligence (AI) in crafting these emails has made them harder to distinguish from legitimate communications.
- Phishing was the top activity that led to critical infrastructure-related incidents.
- Phishing comprised 74% of all Scamwatch reports and 55% of all losses in FY2023-24.
A new form of phishing called QR phishing or quishing has emerged. Scammers are using QR codes to trick people into giving their personal information or downloading malware to their device.
Also, a Russian Federal Security Service actor called Star Blizzard launched an international spear phishing campaign. They targeted defence, government, academia, and think tanks.
Moreover, business email compromise (BEC) fraud has become common, targeting businesses to steal sensitive data or financial assets.
On the positive side, the Banking Sector Threat Blocking Working Group was established under the National Cyber Intel Partnership (NCIP). They are tasked to focus on phishing as a banking threat and establish the use case through a pilot program.
Sneaky Strikes on Supply Chains
As more businesses rely on interconnected systems and third-party services, cyber criminals are increasingly targeting third-party vendors to infiltrate larger networks. This method allows attackers to bypass more robust security defences by exploiting weaker links in the supply chain.
Here are some supply chain highlights:
- The ASD responded to 107 cyber supply chain incidents.
- Supply chain-related incidents make up 9% of all cyber incidents responded to by the ASD. These involve:
- Compromised assets, networks, and/or infrastructure
- Compromised accounts and/or credentials
- Data breaches
The report likewise indicates a growing trend in the use of advanced persistent threats (APTs). Attackers embed themselves within networks, then steal data over extended periods.
To minimise the impact of these threats, the ASD released updated advice on how to handle supply chain risks. It advised organisations to review ICT supply chains for vulnerabilities and risks and to review a new vendor’s cyber security practices and policies ahead of implementing their goods and services.
Typical SMB Vulnerabilities and Attack Vectors
The ASD Cyber Threat Report identifies common vulnerabilities and attack vectors that cyber criminals exploit. Organisations with weak password policies and inadequate multi-factor authentication (MFA) are often targeted. Because many SMBs still rely on simple passwords, attackers can easily gain access through brute force attacks or credential stuffing.
Unpatched software and outdated systems are another significant vulnerability. Cyber criminals often exploit these to gain access to networks and sensitive data. The risks associated with remote work environments were also highlighted, because unsecured home networks and personal devices can serve as entry points for attackers.
Practical Cyber Security Solutions for SMBs
To combat these threats, the ASD Cyber Threat Report recommends these measures:
- Strengthen Multi-Factor Authentication (MFA): Apply MFA uniformly across all systems and applications, and regularly review the MFA methods to counter new threats. For instance, prefer biometric verification or hardware tokens over SMS-based authentication, which can be more easily compromised.
- Use Strong, Unique Passphrases: Create long, unique passphrases that combine letters, numbers, and symbols for each account.
- Regular Software Updates: Ensure all software and systems are regularly updated to patch known vulnerabilities.
- Secure Operational Technology (OT) Networks: Use segmentation and segregation to protect OT networks, especially for critical infrastructure.
- Adopt Secure-by-Default Products: Ensure networks adhere to secure-by-default product standards.
- Continuous Security Assessments: Conduct regular security posture assessments and incident response planning.
- Use Reputable Service Providers: Only use reputable cloud service providers and managed service providers that implement appropriate cyber security measures.
- Review Remote Work Security: Assess the cyber security posture of remote workers, including their use of communication, collaboration, and business productivity software.
- Employee Cyber Awareness Training: Educate your employees about the dangers of phishing and other threats. Teach them about the importance of cyber hygiene to mitigate human error, which is often the weakest link in cyber security. Do regular drills and simulated attacks to equip employees for the real thing.
- Report Suspicious Activity: Encourage reporting of suspicious cyber activity, incidents, and vulnerabilities to ReportCyber and the Australian Cyber Security Hotline 1300 CYBER1 (1300 292 371).
Cyber Security Services for Cairns and Brisbane SMBs
Understanding the ASD Cyber Threat Report 2023-2024 is vital for all businesses. For SMBs, the challenge is to use the report’s insights to prepare and protect themselves better.
Strengthening your cyber defence is essential, including employee training and investing in professional cyber security services. Future IT Services offers tailored cyber security solutions for SMBs to ensure stronger cyber protection: