ACSC countered 2266 cyber security incidents last year

The Australian Cyber Security Centre responded to almost 2300 cyber security incidents last year, including more than 400 at the federal government level - the largest proportion of any sector.

The finding is contained in the ‘ACSC annual cyber threat report’ [pdf], which provides a detailed breakdown of incidents last financial year and offers "best-practice" mitigation advice.

The report, released on Friday, reveals that the “ACSC responded to 2266 cyber security incidents” between July 2019 and June 2020, or around six incidents each day.

Together, the federal, state and territory governments reported 803 incidents - the largest proportion of incidents in any sector (35.4 percent).

Australia's critical infrastructure sectors, including electricity, water, health, communications and education, represented around 35 percent of reported incidents, according to the report.

Source: ACSC

ACSC put the “comparatively high volumes of reports” from the two levels of government down to their “close working relationship” with the agency and their willingness to report.

The federal government is planning to introduce legislation to force a critical infrastructure cyber resilience uplift by mid-2021, but is so far yet to detail plans for its own house.

The report also reveals most incidents were deemed ‘category five - moderate’ (828 incidents) or ‘category four - substantial’ (754 incidents) under the cyber incident categorisation matrix.

The matrix helps the ACSC to categorise or triage the severity of incidents in order to “prioritise responses and mitigations”.

“These categories broadly broadly represented malicious cyber activity such as targeted reconnaissance, phishing emails and malicious software impacting largest organisations, key supply chain and Commonwealth and state government entities,” the report said.

But there were also 159 ‘category three’ incidents, six ‘category two’ and one ‘category one’ incident throughout the 2019-20 financial year.

This single category one incident is what prompted Prime Minister Scott Morrison’s cyber security warning to the nation in June.

“The ACSC identified this threat as a category one cyber incident, as it involved the sustained targeting of Australian governments and companies by a sophisticated state-base actor,” the report said.

Source: ACSC

The report also reiterates the PM’s June message that “malicious cyber activity against Australia’s national and economic interests is increasing in frequency, scale and sophistication”.

ACSC said there were “two notable spikes” in incidents during October 2019 and April 2020, which it put down to last year’s Emotet malware campaign and COVID-19 themed scams.

Over just two weeks in mid-March, the agency received “over 45 pandemic themed cyber crime and cyber security incident reports”.

“Throughout the pandemic, there was an increase in reported spearphishing campaigns and an increase of COVID-19 themed malicious cyber activity,” the report said.

ACSC said ‘malicious emails’ in the form of phishing or spearphishing remain the most common cyber incident, accounting for 27 percent of incidents, followed by a ‘compromised system’.

The agency also received an average of 164 cyber crime reports each day, or 59,806 over the year, slightly down on the 64,567 received during 2018-19.