Skip to main content

Summary of Tradecraft Trends for 2019-20: Tactics, Techniques and Procedures Used to Target Australian Networks

May 20, 2020 - The Australian Cyber Security Centre (ACSC) investigated and responded to numerous cyber security incidents during 2019 and 2020 so far. This advisory provides a summary of notable tactics, techniques and procedures (TTPs) exploited by Advanced Persistent Threats (APT) and cybercriminals identified during the ACSC’s investigations. These TTPs are summarised practically in the framework of tactics and techniques provided by MITRE ATT&CK. This technical guidance is provided for IT security professionals at public and private sector organisations.

APT activity targeting Australian health sector

May 8, 2020 - Advanced Persistent Threat (APT) actors are actively targeting health sector organisations and medical research facilities in Australia. The ACSC issued an advisory on 8 May 2020 with recommendations for the health sector to implement as part of their mitigation strategies.

Evaluated Products List

Oct 3, 2019 - The Evaluated Products List (EPL) is a list of products that have been evaluated via the ASD Cryptographic Evaluation program or the High Assurance Evaluation program. For a list of products certified via the Australasian Information Security Evaluation Program (AISEP), see the Certified Products List (CPL) on the Common Criteria website.
Hacking data

773M accounts affected by 'Collection #1' breach

Jan 18, 2019 - The Australian Cyber Security Centre (ACSC) is aware of a significant data breach affecting 773 million email addresses and usernames. Titled 'Collection #1', the data breach was made public by Australian cyber security expert Troy Hunt, who identified that a large number of credential lists had been distributed on a known hacking forum.

Austal cyber security incident

Nov 1, 2018 - JOINT STATEMENT Department of Defence Department of Home Affairs Australian Cyber Security Centre The Australian Government is aware of the cyber security incident affecting Austal. This matter has been referred to the Australian Cyber Security Centre (ACSC) and the Australian Federal Police (AFP) for investigation.

Investigations continue into Facebook security issue

Oct 15, 2018 - We recently reported a security issue affecting an estimated 50M Facebook user accounts, between July 2017 and September 2018. Over the weekend, Facebook issued an update reporting that fewer people were impacted by the theft of access tokens than originally thought. 'Of the 50 million people whose access tokens we believed were affected, about 30 million actually had their tokens stolen' Facebook reported.
Router targetted privacy

Secondary targeting

Aug 13, 2018 - Cyber adversaries will target the weakest link. If they are trying to target a network but it has strong cyber security, they will move to what's called secondary targeting. In secondary targeting, the adversary will try to compromise other networks that might be easier to target and hold the same information, are connected to their target network, or can provide information they can use to compromise the target network.
Digital trade

Malicious insiders

Aug 13, 2018 - The Australian Cyber Security Centre provides you with up-to-date advice on current threats and vulnerabilities, as well as guidance on mitigation and cyber security best practice.
Feature - OnSecure

Our online portals

Jul 1, 2018 - We provide information through two online portals to enable access and sharing of information about information security matters. One is available to members of our ACSC partnership program. The second, OnSecure, is for Australian Government ICT and cyber security professionals, IRAP assessors, selected vendors.
Automated alerts

Business email compromise

Jul 1, 2018 - Business email compromise (BEC) is an online scam where a cybercriminal impersonates a business representative to trick you, an employee, customer or vendor into transferring money or sensitive information to the scammer. To begin, a cybercriminal impersonates a trusted person using an email address that appears to be legitimate (this is known as "masquerading"). To do this, they may use a username that is almost identical to the trusted person's name, or a domain that is almost identical to the name of the trusted person's company. Alternatively, they could replace the "from…

2018 - Launching into action

Jul 1, 2018 - Working from new purpose-built headquarters after its official launch in August, the ACSC and its network of Joint Cyber Security Centres (JCSCs) across the country are building on decades of quiet success by Australian agencies. The ACSC, part of the Australian Signals Directorate (ASD), demonstrates the Australian Government's commitment to cyber security in a world where new threats are always emerging.
Data protection

PageUp data incident

Jun 18, 2018 - On Friday 1 June 2018 PageUp Limited, an online recruitment services organisation, notified their customers about a data incident in relation to the integrity of their systems proactively informing of a possible breach. PageUp self-identified suspicious activity on its network and undertook immediate actions to investigate and contain the incident. PageUp notified their corporate customers and the Australian Cyber Security Centre (ACSC) of the issue, enabling the ACSC to quickly assess the incident and support PageUp in their response. In line with the new Notifiable Data…
Petya ransom message

Update on the initial infection vector of the Petya ransomware campaign

Jun 29, 2017 - From reports and analysis performed to date, this version of the ransomware appears to have been delivered via a malicious software update for My Electronic Document (M.E.Doc), which is accounting software used by Ukrainian-based companies. It appears that almost all affected organisations can be linked back to Ukraine either through direct or indirect connections. While only a relatively small number of organisations have been impacted globally, for those affected the impact has been severe.

The Australian Internet Security Initiative Report

Oct 1, 2015 - Prior to July 2017, the Australian Internet Security Initiative (AISI) was administered by the Australian Communications and Media Authority (ACMA), which undertook research in relation to the value and role of the program. The research consisted of 24 interviews with ISPs and universities and found many of the internet providers interviewed relied solely on the AISI malware reports for information about malware infections. Internet providers usually notified their customers of their malware infection by email. More than half of the providers interviewed also provided step-by…