FREE TRIAL
MailGuard Nov 22, 2024 4:27:07 PM 7 MIN READ

De-brief: ASD, Cyber Threat Report 2023-24

This week the Australian Signals Directorate (ASD) released its annual report for 2023-24, detailing the state of cybersecurity in Australia.

The report finds that Australia's strategic cyber environment in 2023–24 has reached unprecedented complexity, driven by global conflicts, state-sponsored actors, and evolving cybercrime methodologies.

Average losses for Australian businesses remain unacceptably high.

ASD-EXCERPT - 5

Source: ASD, Cyber Threat Report 2023-24

Notable themes within the report include:

  • State-sponsored cyber actors: Continuously targeting governments, critical infrastructure, and businesses for espionage and disruption.
  • Cybercriminal evolution: Exploiting technologies like artificial intelligence (AI) to execute sophisticated phishing, ransomware, and business email compromise (BEC) attacks.
  • Critical infrastructure: Regularly attacked due to its interconnected systems, sensitive data, and national significance.

The report underscores the increasing need for robust defenses, public-private collaboration, and the adoption of proactive, secure-by-design practices.

ASD-EXCERPT - 3Source: ASD, Cyber Threat Report 2023-24

ASD-EXCERPT - 2Source: ASD, Cyber Threat Report 2023-24

Importantly for MailGuard partners, it also underscores the criticality of email-borne threats and advanced protections for your customers.

ASD-EXCERPT - 1Source: ASD, Cyber Threat Report 2023-24


Key Insights for IT Professionals, MSPs, and Resellers

 

1. Email Security: A Core Attack Vector

Email remains a primary entry point for cybercriminals, particularly targeting businesses via phishing and BEC fraud. Noteworthy statistics include:

  • 20% of cybercrimes against businesses involve email compromise, often linked to phishing.
  • BEC attacks result in substantial financial losses, averaging $55,000 per incident.
  • Cybercriminals increasingly employ AI tools to scale social engineering efforts, amplifying their success rates.

Recommendations:

  • Train users to recognize phishing and fraudulent emails.
  • Implement multi-factor authentication (MFA) and enforce strong password policies for business email accounts.
  • Deploy advanced email filtering solutions, such as MailGuard, to pre-empt malicious emails.

 

2. Evolving Threats from State-Sponsored Actors

State actors are intensifying cyber operations, leveraging living-off-the-land (LOTL) techniques, supply chain compromises, and cloud exploitation.

Recent advisories highlight:

  • Pre-positioning tactics: Actors infiltrate critical networks for future disruptive attacks, as seen in incidents involving PRC and Russian entities.
  • Use of native tools to evade detection, complicating traditional defenses.

Actionable strategies:

  • Strengthen network visibility and monitoring through continuous event logging.
  • Prioritize supply chain security audits and implement zero-trust principles.
  • Incorporate LOTL threat detection in managed services offerings to add client value.

 

3. Ransomware and Data Theft Extortion

Ransomware remains a pervasive threat, now accompanied by data theft extortion, targeting Australian businesses with:

  • Increased operational and reputational damage.
  • Expanded tactics that exfiltrate sensitive data instead of encrypting systems.

Defensive measures:

  • Business should avoid ransom payments, which fuel the cybercrime ecosystem.
  • Establish regular system backups, like with SafeGuard, and test data restoration processes.
  • Promote ransomware-resistant configurations by adopting ASD's ‘Essential Eight Maturity Model’.

 

Implications for MailGuard’s Partner Community

 

1. Critical Infrastructure Vulnerabilities

Australia's critical infrastructure faces growing risks due to its interconnected nature. Key findings:

  • 11% of incidents responded to by ASD in FY2023–24 involved critical infrastructure, including electricity, water, and healthcare sectors.
  • Compromised credentials, malware infections, and exploited public-facing applications dominate incident types.

As partners, you can play a pivotal role by offering tailored solutions:

  • Secure operational technology (OT) networks with segmentation and segregation.
  • Ensure client networks adhere to secure-by-default product standards, and
  • Provide continuous security posture assessments and incident response planning.

ASD-EXCERPT - 4

Source: ASD, Cyber Threat Report 2023-24

 

2. Collaboration with ASD

ASD's Cyber Threat Intelligence Sharing platform has grown significantly, enabling partners to:

  • Access over 1.37 million indicators of compromise.
  • Share and receive actionable intelligence to bolster defenses.

We recommend that partners leverage these programs to enhance service delivery and provide clients with cutting-edge protection.

 

Case Studies of Relevance

The report shares several case studies that are pertinent to partners. Here’s one such example:

'Case Study 2': A Managed Services Provider Responds to a Hospital Incident

In ’Case Study 2’ in the report, an MSP detected unauthorized access to a hospital's network that was initiated by bypassed MFA protocols.

“A hospital employee’s personal device had been used to access a Microsoft Azure Virtual Desktop (AVD) environment. Additionally, multi-factor authentication (MFA) controls had been bypassed as the hospital used cached sessions where users were not prompted for MFA for 14 days after a sign-in.”

Proactive measures, including endpoint isolation and credential resets, contained the threat.

Key Lessons:

  • Reinforce MFA settings to prompt verification at each login.
  • Enhance application control to prevent unapproved software execution.

 

Strategic Recommendations for Partners

A) Promote Email Security Solutions:
  • Position MailGuard as a critical enhancement to existing Microsoft 365 setups.
  • Highlight its proactive blocking capabilities against emerging threats like AI-driven phishing.
B) Adopt Resilience Frameworks:
  • Offer tailored resilience packages incorporating incident response planning, disaster recovery, and threat intelligence sharing.
  • Build business continuity services emphasizing ASD’s Essential Eight principles.
C) Support Regulatory Compliance:
  • Align client systems with ASD’s guidance on Critical Infrastructure Uplift Programs and the SOCI Act.
  • Use ASD's tailored advisory services to address sector-specific vulnerabilities.

 

Empowering Australia’s Cybersecurity Ecosystem

The findings of ASD's 2023–24 report provide a roadmap for IT professionals, MSPs, and resellers to strengthen their offerings while addressing Australia's evolving cyber challenges. By integrating intelligence, adopting best practices, and leveraging secure email solutions like MailGuard, stakeholders can make significant strides in building resilient businesses and securing Australia’s digital future.

You can read the full report here:

https://www.cyber.gov.au/sites/default/files/2024-11/asd-cyber-threat-report-2024.pdf

 

Keeping Businesses Safe and Secure

Prevention is always better than a cure, and one of the best defences is to encourage businesses to proactively boost their company’s cyber resilience levels to avoid threats landing in inboxes in the first place. The fact that a staggering 94% of malware attacks are delivered by email, makes email an extremely important vector for businesses to fortify.

No one vendor can stop all email threats, so it’s crucial to remind customers that if they are using Microsoft 365 or Google Workspace, they should also have a third-party email security specialist in place to mitigate their risk. For example, using a specialist third-party cloud email solution like MailGuard.   

For a few dollars per staff member per month, businesses are protected by MailGuard's specialist, zero zero-day email security. Special Ops for when speed matters!  Our real-time zero zero-day, email threat detection amplifies your client’s intelligence, knowledge, security and defence.

MailGuard provides a range of solutions to keep businesses safe, from email filtering to email continuity and archiving solutions. Speak to your customers today to ensure they’re prepared and get in touch with our team to discuss fortifying your customer’s cyber resilience.

 

Talk to us

MailGuard's partner blog is a forum to share information; we want it to be a dialogue. Reach out to us and tell us what your customers need so we can serve you better. You can connect with us on social media or call us and speak to one of our consultants.

Australian partners, please call us on 1300 30 65 10

US partners call 1888 848 2822

UK partners call 0 800 404 8993

 

Keep Informed with Weekly Updates

 
Privacy Terms & Conditions
 

Free eBook Download

Download the free executive guide to Surviving the Rise of Cybercrime, by MailGuard CEO and founder Craig McDonald.

eBook eBook
eBook