ASD says it received 12 per cent more calls to its Australian Cyber Security Hotline in 2023-24 over the previous year. Photo: File.
The release of the Australian Signals Directorate’s (ASD) Annual Cyber Threat Report has revealed some new terminology and target sets for domestic and international cyber criminals.
The report was released on 20 November, and provides increasing levels of detail on the techniques employed by state and non-state actors used to access digital networks in Australia.
One such threat known as Lay of the Land (LOTL) is believed to have been employed by the People’s Republic of China (PRC) to gain access to critical infrastructure and other networks in Australia, only to lay dormant until required.
It says that, in February ASD and international partners released an advisory that assessed the PRC is leveraging LOTL techniques that abuse native tools and processes on systems, and that its choice of targets and pattern of behaviour are consistent with pre-positioning for disruptive effects during a crisis.
The report says that critical infrastructure networks remain an attractive target due to the sensitive data they hold, and the widespread disruption that a cyber security incident can cause on those networks. It says in FY2023-24, more than 11 per cent of cyber security incidents ASD responded to related to critical infrastructure.
But it also says that non-profit organisations such as educational institutions are increasingly being targeted, with the report highlighting a case study where Association of Independent Schools of NSW (AISNSW) was subjected to a malware attack in November last year.
It says ASD identified that the ‘Gootloader’ malware – which is an ‘initial access as a service’ tool used to distribute other forms of malware – had been detected on an AISNSW device, and that a malicious link had been opened by an unsuspecting employee.
As a consequence, the malicious actor had access to the AISNSW network for three days, and it is suspected information may have been taken to on-sell the access to other cybercriminals for use as ransomware or data theft.
The report says that, it was through AISNSW’s membership of ASD’s Cyber Security Partnership Program that they were able to get timely advice directed to the right people within their organisation, expediting remediation.
Another emerging cyber technique is quick response phishing, or ‘quishing’, where cybercriminals use QR codes to access personal information or to download malware to smart devices.
It says the emergence and rapid expansion of QR codes in everyday life – such as those used in cafes or for paid parking – especially since the pandemic, have become a convenient way for users and hackers alike to access information. High levels of trust have been placed on QR codes, and ASD says the effectiveness of quishing attacks is enhanced when cybercriminals exploit this trust.
ASD says it responded to 30 instances of quishing-related incidents targeting Australian organisations in 2023-24, and that this demonstrates that social engineering has taken on a new form.
ASD is the government’s principal defensive and offensive cyber institution. Photo: ASD.
The report also highlighted artificial intelligence as a growing method used in cyber crime.
“Cybercriminals are adapting to capitalise on new opportunities, such as artificial intelligence, which reduces the level of sophistication needed for cybercriminals to operate,” it reads.
Other key metrics in the report show that ASD received more than 36,700 calls to its Australian Cyber Security Hotline in 2023-24 – an increase of 12 per cent from the previous year, and that it received 87,000 reports of cybercrime – an average of one every six minutes.
It says the average cost of cybercrime to small businesses was $49,600 per report and to individuals was $30,700 per report, increases of eight per cent and 17 per cent respectively from the previous year.
Acting Prime Minister and Defence Minister Richard Marles said the report came amid a continued deterioration in Australia’s strategic environment.
“In this context, ASD plays a key role in countering threats in the cyber domain,” he said.
“The continued cooperation of Australian businesses and individuals is also crucial to defending our country from cyber threats.
“The report reiterates the importance of having genuine partnerships between the public and private sectors to bolster our nation’s cyber defences,” he added.
“The Australian Government is committed to combatting cyber threats and increasing Australia’s cyber defences, including through our $15-$20 billion investment over the next decade to enhance cyber domain capabilities as part of the 2024 Integrated Investment Program (IIP).”
Minister for Home Affairs and Cyber Security Tony Burke said the report underlined the urgency of Australia’s systemic response to the cyber security threat.
“This is our fastest-growing threat and we need to use all the tools available to government and business to confront it,” he said.
“This report only reinforces the importance of the cyber security legislation currently before the parliament.
“We have made historic progress since coming to office, but the work is never done. We need to keep working together to keep our country safe.”
