Search

Security configuration guide: Apple iOS 14 devices   Publication

Oct 6, 2021 - ASD has developed this guide to assist Australians to understand risks when deploying iOS 14 devices and the security requirements that need to be met to allow them to handle classified data.

Essential Eight assessment process guide   Publication

Oct 2, 2024 - This publication provides advice on how to assess the implementation of the Essential Eight.

2022-004: ASD's ACSC Ransomware Profile – ALPHV (aka BlackCat)   Advisory

Apr 14, 2022 - ALPHV (aka BlackCat, Noberus) is a ransomware variant first observed in late 2021, used by cybercriminals to conduct ransomware attacks against multiple sectors and organisations worldwide, including Australia.

Guidelines for personnel security   Advice

Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on personnel security.

Guidelines for media   Advice

Mar 18, 2025 - This chapter of the Information security manual (ISM) provides guidance on media.

2023-01: ASD's ACSC Ransomware Profile - Royal   Advisory

Jan 24, 2023 - The Australian Signals Directorate's Australian Cyber Security Centre (ASD's ACSC) is aware of a ransomware variant called Royal, which is being used by cybercriminals to conduct ransomware attacks against multiple sectors and organisations worldwide, including Australia. Once gaining access to a victim’s environment, cybercriminals use this ransomware for similar purposes to other variants such as encrypting their data and extorting a ransom to return access to the sensitive files.

Small business  

Jun 15, 2023 - Basic steps to protect your business and staff from cyberthreats. Our guide has information and resources to help you and your staff prepare for cyberattacks.

Secure your social media   Guidance

Jul 29, 2024 - Keep your social media secure by using these tips. Learn how to protect your accounts, privacy and information.

2023-03: ASD's ACSC Ransomware Profile – Lockbit 3.0   Advisory

Jun 15, 2023 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is aware of Lockbit 3.0 which is the newest version of Lockbit ransomware. It is used by cybercriminals to conduct ransomware attacks against multiple sectors and organisations worldwide, including Australia. Once gaining access to a victim’s environment, cybercriminals use this ransomware for similar purposes as other variants such as encrypting their data, and extorting a ransom to return access to the sensitive files.

Protect yourself from scams  

Feb 3, 2025 - Protect your accounts by recognising and reporting scams.

Strategies to mitigate cybersecurity incidents: Mitigation details   Publication

Feb 1, 2017 - The Australian Signals Directorate (ASD) has developed prioritised mitigation strategies to help cybersecurity professionals in all organisations mitigate cybersecurity incidents caused by various cyberthreats. This guidance addresses targeted cyber intrusions (i.e. those executed by advanced persistent threats such as foreign intelligence services), ransomware and external adversaries with destructive intent, malicious insiders, ‘business email compromise’, and industrial control systems.

Small business cybersecurity guide   Publication

Jun 16, 2023 - This guide includes basic security measures to help protect your business against common cyberthreats.

Secure your email   Guidance

Jul 29, 2024 - How to protect yourself when using email and reduce spam and malicious emails.

Preventing business email compromise   Guidance

Apr 11, 2023 - There are many easy steps and actions you can take now to protect your business. Learn about the simple, cost-effective and immediately beneficial protective measures you can implement.

Secure your Wi-Fi and router   Guidance

Oct 29, 2024 - How to make your software, devices and networks harder to access and more resilient to attack.

Essential Eight maturity model   Publication

Nov 27, 2023 - This publication provides advice on how to implement the Essential Eight.

Windows event logging and forwarding   Publication

Oct 6, 2021 - This publication has been developed as a guide to the setup and configuration of Microsoft Windows event logging and forwarding.

Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure   Advisory

May 17, 2022 - The cybersecurity authorities of the United States, Australia, Canada, New Zealand, and the United Kingdom are releasing this joint Cybersecurity Advisory (CSA). The intent of this joint CSA is to warn organizations that Russia’s invasion of Ukraine has altered the geopolitical balance in ways that could expose organizations both within and beyond the region to increased malicious cyber activity. This activity may occur as a response to the unprecedented economic costs imposed on Russia as well as materiel support provided by the United States and U.S. allies and partners.

Glossary  

List of glossary terms used on cyber.gov.au website

Securing edge devices  

Feb 4, 2025 - Malicious actors often target internet-facing edge devices to gain unauthorised access to enterprise networks. Learn how to secure edge devices such as routers, firewalls and VPN concentrators.

High Assurance Evaluation Program   Program page

Aug 18, 2022 - The Australian Signals Directorate’s High Assurance Evaluation Program involves rigorous analysis and testing to search for any security vulnerabilities in products.

Cybercriminals targeting construction companies to conduct email scams   Alert

Jul 6, 2021 - Cybercriminals are targeting construction companies to conduct business email compromise scams. All parties to construction projects should be vigilant when emailing about invoices and bank details.

Property-related business email compromise scams rising in Australia   Alert

Aug 30, 2021 - Cybercriminals are targeting the property and real estate sector to conduct business email compromise scams. All parties involved in the buying, selling and leasing of property should be vigilant when communicating via email, particularly during settlement periods.

Detecting socially engineered messages   Publication

Oct 6, 2021 - Socially engineered messages pose a significant threat to organisations. They can have a big impact, helping malicious actors access accounts, systems or sensitive information. Learn how to spot a socially engineered message, including through email, SMS, social media or messaging apps.

Security configuration guide: Samsung Galaxy S10, S20 and Note 20 devices   Publication

Oct 6, 2021 - ASD has developed this guide to assist Australian’s to understand risks when deploying Samsung Galaxy and Samsung Note devices and the security requirements that need to be met to allow them to handle classified data.

Turn on multi-factor authentication  

Nov 9, 2022 - Protect your important accounts with extra login steps.

Protecting against business email compromise   Publication

Oct 6, 2021 - Business email compromise is when malicious actors use email to abuse trust in business processes to scam organisations out of money or goods. Malicious actors can impersonate business representatives using similar names, domains or fraudulent logos as a legitimate organisation or by using compromised email accounts and pretending to be a trusted co-worker.

Infosec Registered Assessors Program (IRAP)   Program page

Aug 15, 2024 - The Infosec Registered Assessors Program (IRAP) ensures entities can access high-quality security assessment services.

While you are shopping   Guidance

The best way to avoid being a victim of cybercrime is to be informed. It is really important to know how to secure your device and recognise a fake website or scammer.

Watch out for threats  

Nov 2, 2022 - Know what to look for to stay in control of your devices and applications.