Around the world, geopolitical tensions remain complex as nations navigate diplomatic, economic, and military challenges. Hacktivist and politically motivated cyber actors may leverage the current global situation to undertake cyber attacks against organisations around the world.
Despite this period of global uncertainty, there is currently no evidence to suggest a corresponding increase in cyber threats specifically targeting Australia. ASD’s ACSC remains vigilant to cyber threats and will provide advice should the cyber threat environment change in Australia.
ASD’s ACSC recommends that organisations continue to review their current cyber security posture and maintain sufficient monitoring for cyber threats. This should include reviewing and enhancing detection, mitigation, and response measures.
Hacktivist groups typically perform cyber attacks involving Distributed Denial of Service (DDoS), brute forcing, website defacement, and ransomware. ASD’s ACSC recommends reviewing the below articles to help prepare and respond to hacktivist activity:
- Preparing for and responding to denial-of-service attacks
- Detecting and mitigating Active Directory compromises
- Secure your website
- Protect yourself from ransomware
ASD’s ACSC strongly recommends organisations implement the Essential Eight mitigation strategies from ASD’s ACSC’s Strategies to Mitigate Cyber Security Incidents as a baseline. This baseline, known as the Essential Eight, makes it much harder for adversaries to compromise systems. The Essential Eight mitigation strategies are:
- Patching applications and operating systems;
- Multi-factor authentication;
- Restricting administrative privileges;
- Application control;
- Restricting Microsoft Office macro;
- System hardening and administration; and
- How to back up your files and devices;
In addition to the Essential Eight, ASD’s ACSC recommends consideration of Modern Defensible Architecture guidance and reviewing the below articles on securing edge devices:
- Securing edge devices
- Security considerations for edge devices
- Mitigation strategies for edge devices: Practitioner guidance
- Are your organisation’s edge devices secure?
- Mitigation strategies for edge devices: Executive guidance
ASD’s ACSC has published Cybersecurity incident response planning: Practitioner guidance to assist organisations to produce an incident response plan.
Organisations should continue to report incidents to ASD’s ACSC through our online reporting form.