Les Bell

The Australian Signals Directorate has released its Cyber Threat Report for 2022-2023. While I haven't had a chance to read the 80-page report, there are a few standout points:

• The top3 cybercrimes reported by businesses are:
  • Email compromise
  • Business email compromise fraud
  • Online banking fraud
• Self-reported losses due to BEC fraud totalled almost $A80 million, with an average loss of over $A39,000 per incident
• Ransomware comprised over 10 percent of all incidents, with the highest-reporting sectors, accounting for roughly one-third of reports being:
  • Professional, scientific and technical services
  • Retail
  • Manufacturing
• The average self-reported cost of cybercrume to businesses increased by 14%:
  • $46,000 for small business
  • $97,200 for medium business
  • $71,600 for large business

State-sponsored actors focused on critical infrastructure, with their objectives being data theft and disruption of business. It is noticeable that cyber perations are increasingly the preferred vector for state actors to conduct espionage and foreign interference. ASD and international partners called out the Russian FSB for its use of the Snake malware for cyber-espionage, and  also highlighted activity associated with a People’s Republic of
China state-sponsored cyber actor that used ‘living-off-the-land’ techniques to compromise critical
infrastructure organisations.

The connection of operational technology and industrial control systems to the Internet via enterprise networks has provided increased opportunities for threat actors to attack them; ASD responded to 143 incidents related to critical infrastructure.

Proactive patching is increasingly important (today is Windows PatchDay - is your computer fully patched?) One in 5 critical vulnerabilities was exploited within 48 hours, despite patching or mitigation advice being available. Malicious cyber actors used these critical flaws to cause significant incidents and compromise networks, aided by inadequate patching.

Online scams and cybercrime continue to increase: individuals made almost 94,000 reports of cybercrime - an increase of 23% over the previous year. The top four cybercrimes reported by individuals are:

• Identity fraud
• Online banking fraud
• Online shopping fraud
• Investment fraud

The Australian Competition and Consumer Commission’s Targeting Scams report revealed Australians lost over $3 billion to scams in 2022. This is an 80 per cent increase on total losses recorded in 2021.

In short, we cybersecurity professionals are far from being out of a job.

Uncredited, ASD Cyber Threat Report 2022-2023, report, 14 November 2023. Available online at https://www.cyber.gov.au/about-us/reports-and-statistics/asd-cyber-threat-report-july-2022-june-2023.

Upcoming Courses

• SE221 CISSP Fast Track Review, Virtual/Online, 13 - 17 November 2023
• SE221 CISSP Fast Track Review, Sydney, 4 - 8 December 2023
• SE221 CISSP Fast Track Review, Sydney, 11 - 15 March 2024
• SE221 CISSP Fast Track Review, Virtual/Online, 13 - 17 May 2024
• SE221 CISSP Fast Track Review, Virtual/Online, 17 - 21 June 2024
• SE221 CISSP Fast Track Review, Sydney, 22 - 26 July 2024

About this Blog

I produce this blog while updating the course notes for various courses. Links within a story mostly lead to further details in those course notes, and will only be accessible if you are enrolled in the corresponding course. This is a shallow ploy to encourage ongoing study by our students. However, each item ends with a link to the original source.

These blog posts are collected at https://www.lesbell.com.au/blog/index.php?user=3. If you would prefer an RSS feed for your reader, the feed can be found at https://www.lesbell.com.au/rss/file.php/1/dd977d83ae51998b0b79799c822ac0a1/blog/user/3/rss.xml.

Copyright to linked articles is held by their individual authors or publishers. Our commentary is licensed under a Creative Commons Attribution-ShareAlike 4.0 International License and is labeled TLP:CLEAR.