As noted in part I of this blog, various reports have highlighted the significant increase in phishing scams in light of the global COVID-19 pandemic. In particular, there has been an increase in coronavirus-related emails and SMS messages that are embedded with malicious links or documents, created for the purposes of stealing personal information (among other things), usually for financial gain. In order to stop the spread (pardon the pun) of such virus-inspired phishing scams, the Australian Signals Directorate (ASD) has confirmed that it has launched an offensive against malicious attackers located offshore.Read More
By Cameron Abbott and Rebecca Murray
The Australian Cyber Security Centre’s (ACSC) 2016 Threat Report has revealed that Australian businesses and government have been subject to more than 15,000 significant incidents that they know of. Read the report here. They were the first to admit that given reporting is optional they cannot really determine the full impact.
Due to the current reporting regime, the ACSC has had to rely on data from callouts to CERT Australia (the national first responder to cyber incidents) to assess the extent of the problem in the private sector. CERT Australia responded to 14,804 incidents from the private sector from June 2015 to June 2016. Of those callouts, 418 involved systems of national interest and critical infrastructure. The banking, finance, energy and communications sectors were the most heavily targeted.
While the Government has introduced a bill to mandate serious data breach notification that is set to be passed in the near future (find out more about the bill here), until then, we will continue to go mostly unaware of damaging malicious cyber activity launched against Australian organisations because the private sector largely refuses report these incidents.
By Cameron Abbott and Melanie Long
On 29 July 2015, ACSC released its first unclassified ‘Threat Report’ (Report). The Report highlights the increasing number, type and sophistication of cyber security threats in Australia, and is a timely reminder to organisations to re-assess the level of their cyber security.
The key takeaway messages from the Report include:
- even organisations that may not think that they hold valuable information, or that they would be of interest to cyber adversaries, could be a target for malicious cyber activities
- ensuring a resilient, cyber-secure Australia requires coordination between government and the private sector, with organisations and their users taking greater responsibility for the security of their networks and information.