(1300 292 371)
Alerts & Advisories
Find the latest in cyber security alerts and advice
Find the latest cyber security threats
CISA, FBI, NSA, and international partners issue advisory on demonstrated threats and capabilities of Russian state-sponsored and cyber criminal actors
Since Russia’s invasion of Ukraine in February, the risk of malicious cyber operations by Russian state-sponsored and criminal cyber actors has increased. The threats to critical infrastructure could impact organisations both within and beyond Ukraine.
ACSC Annual Cyber Threat Report, July 2021 to June 2022
Reports and statistics
The Annual Cyber Threat Report is ACSC’s flagship unclassified publication. The Report provides an overview of key cyber threats impacting Australia, how the ACSC is responding to the threat environment, and crucial advice for Australian individuals and organisations to protect themselves online.
ACSC Annual Cyber Threat Report, July 2020 to June 2021
The ACSC Annual Cyber Threat Report 2020–21 has been produced by the Australian Cyber Security Centre, with contributions from the Defence Intelligence Organisation (DIO), Australian Criminal Intelligence Commission (ACIC), Australian Security Intelligence Organisation (ASIO), The Department of Home Affairs and industry partners.
2022-02: Australian organisations should urgently adopt an enhanced cyber security posture
Entities should follow ACSC advice and act on improving their resilience within a heightened threat environment.
Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure
The cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom are releasing this joint Cybersecurity Advisory (CSA). The intent of this joint CSA is to warn organizations that Russia’s invasion of Ukraine has altered the geopolitical balance in ways that could expose organizations both within and beyond the region to increased malicious cyber activity. This activity may occur as a response to the unprecedented economic costs imposed on Russia as well as materiel support provided by the United States and U.S. allies and partners.
2021 Trends Show Increased Globalized Threat of Ransomware
This joint Cybersecurity Advisory—authored by cybersecurity authorities in the United States, Australia, and the United Kingdom—provides observed behaviors and trends as well as mitigation recommendations to help network defenders reduce their risk of compromise by ransomware.
Protecting Against Cyber Threats to Managed Service Providers and their Customers
This advisory describes cybersecurity best practices for information and communications technology (ICT), focusing on guidance that enables transparent discussions between MSPs and their customers on securing sensitive data.
Advanced Persistent Threat (APT) actors targeting Australian health sector organisations and COVID-19 essential services
The Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC) is aware that Advanced Persistent Threat (APT) actors are actively targeting health sector organisations and medical research facilities.
U.S., U.K., and Australia Issue Joint Cybersecurity Advisory
Cyber Agencies Share Top Routinely Exploited Vulnerabilities
Advisory 2020-008: Copy-paste compromises - tactics, techniques and procedures used to target multiple Australian networks
This advisory details the tactics, techniques and procedures (TTPs) identified during the Australian Cyber Security Centre’s (ACSC) investigation of a cyber campaign targeting Australian networks. These TTPs are captured in the frame of tactics and techniques outlined in the MITRE ATT&CK framework.
Advisory 2020-004: Remote code execution vulnerability being actively exploited in vulnerable versions of Telerik UI by sophisticated actors
This advisory is focused around the targeting of CVE-2019-18935 but has significant overlap to the previously released ACSC 2019-126 advisory.
Joint advisory released for Managed Service Providers and Customers to mitigate cybersecurity risks
The Australian Cyber Security Centre (ACSC) has today joined with international cyber security agency partners, to warn Managed Service Providers (MSP) of pressing cyber risks and provide guidance on suitable mitigations for them and their customers.
Fundamentals of Cross Domain Solutions
This guidance introduces technical and non-technical audiences to cross domain security principles for securely connecting security domains. It explains the purpose of a Cross Domain Solution (CDS) and promotes a data-centric approach to a CDS system implementation based on architectural principles and risk management. This guidance also covers a broad range of fundamental concepts relating to a CDS, which should be accessible to readers who have some familiarity with the field of cyber security. Organisations with complex information sharing requirements are encouraged to refer to this guidance in the planning, analysis, design and implementation of CDS systems.
Joint advisory on top cyber vulnerabilities
The top 30 cyber security vulnerabilities exploited by malicious cyber actors since 2020 have been detailed in a joint advisory issued by the Australian Cyber Security Centre (ACSC) and counterpart cyber security agencies from the United States and the United Kingdom.
Joint cybersecurity advisory released on 2021's top routinely exploited vulnerabilities
Malicious cyber actors are aggressively targeting newly-disclosed and dated critical software vulnerabilities against a broad range of targets, including public and private sector organisations worldwide.
ACSC Partnership Program
The ACSC Partnership Program enables Australian organisations and individuals to engage with the ACSC and fellow partners, drawing on collective understanding, experience, skills and capability to lift cyber resilience across the Australian economy.
Gateway Security Guidance Package: Gateway Operations and Management
This guidance is one part of a package of documents that forms the Australian Signals Directorate (ASD)’s gateway security guidance package written for audiences responsible for the operation and management of gateways.
Advisory 2020-017: Resumption of Emotet malware campaign
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has observed the resumption of an ongoing and widespread campaign of malicious emails designed to spread the Emotet malware across a variety of sectors in the Australian economy, including critical infrastructure providers and government agencies.
Increased Global Ransomware Threats
In 2021, cybersecurity authorities in the United States, Australia, and the United Kingdom observed an increase in sophisticated, high-impact ransomware incidents against critical infrastructure organizations globally.
Advisory 2020-009: Recommendations to mitigate APT actors targeting health sector and COVID-19 essential services
The ACSC recommends that organisations in the health sector implement the following cyber security mitigations:
Web Shells – Threat Awareness and Guidance
This advisory outlines the Web shells threat and provides prevention, detection and mitigation strategies for administrators of web servers that have active content languages installed.
ACSC Advisory 2019-125: Targeting of Microsoft SharePoint CVE-2019-0604
This ACSC advisory provides recommendations for securing Microsoft SharePoint and advice on identifying potential successful exploitation of this vulnerability.
The Commonwealth Cyber Security Posture in 2020
The Commonwealth Cyber Security Posture Report in 2020 informs the Parliament of the status of the Commonwealth’s cyber security posture. Overall, the report found that Commonwealth entities continued to improve their cyber security in 2020. Ongoing effort is required to maintain the currency and effectiveness of cyber security measures.
Advisory 2020-016: "Zerologon" - Netlogon Elevation of Privilege Vulnerability (CVE-2020-1472)
The ACSC recommends organisations immediately patch affected Microsoft Windows systems with the Microsoft August 2020 Security Updates, released 11/08/2020.
Iranian Islamic Revolutionary Guard Corps-Affiliated Cyber Actors Exploiting Vulnerabilities for Data Extortion and Disk Encryption for Ransom Operations
The Australian Cyber Security Centre (ACSC) has joined with international cyber security agency partners to co-author an advisory on continued Iranian state-sponsored cyber threats. Organisations are encouraged to apply the recommended mitigations to protect themselves online.
Find the latest cyber security reports and statistics
2021-006: ACSC Ransomware Profile - Lockbit 2.0
The LockBit ransomware restricts access to corporate files and systems by encrypting them into a locked and unusable format. Victims receive instructions on how to engage with the offenders after encryption. LockBit affiliates have successfully deployed ransomware on corporate systems in a variety of countries and sectors, including Australia, where the ACSC is aware of numerous incidents since 2020. LockBit affiliates are known to implement the ‘double extortion’ technique by uploading stolen and sensitive victim information to their dark web site ‘LockBit 2.0’, and threatening to sell and/or release this information if their ransom demands are not met.
Become an ACSC partner
The ACSC Partnership Program is open to industry, the research community and government agencies.
1300 CYBER1(1300 292 371)