Search

The Silent Heist: Cybercriminals use information stealer malware to compromise corporate networks   News

Sep 2, 2024 - New advisory released on information stealer malware used in cybercrime attacks.

Supporting Australian organisations through a cybersecurity incident   Guidance

Dec 18, 2024 - Malicious cyber activity continues to pose a significant risk to Australia’s security and prosperity. Australian organisations that have been, or may be impacted by a cybersecurity incident, are encouraged to reach out to the Australian Signal’s Directorate (ASD) to seek  technical incident response advice and assistance.

Report and recover from a data breach   Guidance

Jul 14, 2023 - A data breach occurs when sensitive or personal information is accessed, disclosed or exposed to unauthorised people.

Identifying and Mitigating Living Off the Land Techniques   Advisory

Feb 8, 2024 - This Guide, authored by the U.S. Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), Federal Bureau of Investigation (FBI), and the following agencies (hereafter referred to as the authoring agencies), provides information on common living off the land (LOTL) techniques and common gaps in cyber defense capabilities.

The Commonwealth Cyber Security Posture in 2024   Reports and statistics

Dec 5, 2024 - The Commonwealth Cyber Security Posture in 2024 informs the Australian Parliament on cybersecurity measures implemented across the Australian Government for the 2023–24 financial year.

2021-006: ASD's ACSC Ransomware Profile - Lockbit 2.0   Advisory

Aug 5, 2021 - The LockBit ransomware restricts access to corporate files and systems by encrypting them into a locked and unusable format. Victims receive instructions on how to engage with the offenders after encryption. LockBit affiliates have successfully deployed ransomware on corporate systems in a variety of countries and sectors, including Australia, where the Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of numerous incidents since 2020. LockBit affiliates are known to implement the ‘double extortion’ technique by uploading stolen and sensitive victim information to their dark web site ‘LockBit 2.0’, and threatening to sell and/or release this information if their ransom demands are not met.

Home  

Jul 19, 2022 - Welcome to the Australian Cyber Security Centre website - cyber.gov.au

Seniors  

Jun 23, 2023 - This guide provides some simple steps and resources to protect your personal information, accounts and life savings when going online.

After you've made a purchase   Guidance

Once you’ve made a purchase you still need to remain vigilant. Cybercriminals can target you even after you’ve made a purchase on a legitimate website. Learn what to look out for after you’ve bought something online.

Cloud computing security for tenants   Publication

Jan 18, 2024 - This publication is designed to assist an organisation’s cybersecurity team, cloud architects and business representatives to jointly perform a risk assessment and use cloud services securely.

Watch out for threats  

Nov 2, 2022 - Know what to look for to stay in control of your devices and applications.

Threats  

Common online security risks and advice on what you can do to protect yourself.

Turn on multi-factor authentication  

Nov 9, 2022 - Protect your important accounts with extra login steps.

Best practices for event logging and threat detection   News

Aug 22, 2024 - Today we have released new event logging guidance, alongside our international partners, that defines the baseline for logging best practices to mitigate malicious cyber threats.

2022-02: Australian organisations should urgently adopt an enhanced cyber security posture   Advisory

Apr 28, 2022 - Entities should follow ACSC advice and act on improving their resilience within a heightened threat environment.

AI Data Security   Publication

May 23, 2025 - This publication provides essential data security guidance for organisations that develop and/or use AI systems, including businesses, government and critical infrastructure. It highlights the importance of data security in ensuring the accuracy and integrity of AI outcomes, and presents an in-depth examination of 3 areas of data security risks in AI systems: data supply chain, maliciously modified (poisoned) data, and data drift.

Australian Information Security Evaluation Program (AISEP)   Program page

Mar 5, 2025 - The Australian Information Security Evaluation Program (AISEP) evaluates and certifies products to provide a level of assurance in its security functionality in order to protect systems and data against cyberthreats. These evaluation activities are certified by the Australian Certification Authority (ACA).

Secure your social media   Guidance

Jul 29, 2024 - Keep your social media secure by using these tips. Learn how to protect your accounts, privacy and information.

Protect yourself: Multi-factor authentication   Guidance

Oct 14, 2022 - Multi-factor authentication (MFA) is when you use two or more different types of actions to verify your identity.

Mitigation strategies for edge devices: Executive guidance   Publication

Feb 4, 2025 - This publication provides a high-level summary of ASD’s existing guidance to manage and secure edge devices effectively. It is intended for executives in large organisations and critical infrastructure providers that are responsible for the deployment, operation, security, and maintenance of enterprise networks. ASD is soon to release a comprehensive technical publication on mitigation strategies for edge devices for practitioners.

APT40 Advisory   Advisory

Jul 9, 2024 - This advisory, authored by the Australian Signals Directorate’s Australian Cyber Security Centre and international partners, outlines a People’s Republic of China (PRC) state-sponsored cyber group and their current threat to Australian networks.

Personal cybersecurity: First steps guide   Guidance

Apr 14, 2023 - The first of three cybersecurity guides in the personal cybersecurity series is designed to help everyday Australians understand a basic level of cybersecurity and how to take action to protect themselves from cyberthreats.

PRC State-Sponsored Cyber Activity   Advisory

Mar 20, 2024 - This fact sheet provides an overview for executive leaders on the urgent risk posed by People’s Republic of
China (PRC) state-sponsored cyber actors known as "Volt Typhoon."

Malicious cyber actors using spyware to target individuals’ personal data   News

Apr 9, 2025 - New joint advisory on BADBAZAAR and MOONSHINE spyware.

Set up and perform regular backups  

Nov 9, 2022 - Backing up and having backups mean you can restore your files if something goes wrong. It is a precautionary measure so that your data is accessible in case something happens to your computer.

Guidance on digital forensics and protective monitoring specifications for producers of network devices and appliances   Publication

Feb 5, 2025 - This guidance has been developed with contributions from partnering agencies and is included in a series of publications aiming to draw attention to the importance of edge device cyber security measures.

ASD's ACSC social media community  

Connect with us on Facebook, Twitter and YouTube, and find out how to subscribe to our RSS feeds.

Set secure passphrases  

Jul 30, 2024 - Where multi-factor authentication is not available, a strong passphrase is your best defence. 

Report  

Apr 11, 2023 - Report a cybercrime, incident or vulnerability.

Fast Flux: A national security threat   Advisory

Apr 4, 2025 - This advisory is for network defenders and explains how Bulletproof Hosting Providers are using ‘fast flux’ to cycle quickly through bots and DNS records to bypass detection. It highlights the importance of using a reputable Protective DNS (PDNS) provider that detects and blocks fast flux.