Search

Identifying cyber supply chain risks   Publication

May 22, 2023 - This guidance has been developed to assist organisations in identifying risks associated with their use of suppliers, manufacturers, distributors and retailers (i.e. businesses that constitute their cyber supply chain).

Essential Eight assessment process guide   Publication

Oct 2, 2024 - This publication provides advice on how to assess the implementation of the Essential Eight.

BADBAZAAR and MOONSHINE: Spyware targeting Uyghur, Taiwanese and Tibetan groups and civil society actors   Advisory

Apr 9, 2025 - This advisory is jointly produced by government agencies from the UK, Australia, Canada, Germany, New Zealand, and the US and is supported by members of the NCSC’s Cyber League. Its purpose is to raise awareness about the growing threat that malicious cyber actors pose to individuals connected to topics including Taiwan, Tibet, Xinjiang Uyghur Autonomous Region, democracy movements and the Falun Gong.

Managing cyber supply chains  

Dec 3, 2020 - This page lists publications on cyber supply chain risk management.

Protect yourself from ransomware   Guidance

Feb 12, 2025 - A ransomware attack could block you from accessing your device or the information on it. Take some time to consider how a ransomware attack might affect you.

Vulnerability Disclosure Program   News

Nov 23, 2022 - New ACSC publication released to help organisations implement a Vulnerability Disclosure Program.

Threats  

Common online security risks and advice on what you can do to protect yourself.

Quantum technology primer: Overview   Publication

Dec 15, 2025 - Learn about quantum technologies, the principles that enable their unique capabilities, and how organisations can prepare.

Increase in denial-of-service (DoS) attacks against Australian organisations   Advisory

Mar 17, 2025 - ASD's ACSC is aware of an increase in denial-of-service (DoS) attacks, where malicious actors flood websites with internet traffic, making it difficult for legitimate users to access them.

Preparing for and responding to denial-of-service attacks   Publication

Mar 17, 2025 - Although organisations cannot avoid being targeted by denial-of-service attacks, there are a number of measures that organisations can implement to prepare for and potentially reduce the impact if targeted. Preparing for denial-of-service attacks before they occur is by far the best strategy, it is very difficult to respond once they begin and efforts at this stage are unlikely to be effective.

Essential Eight Maturity Model Update   News

Nov 27, 2023 - The Australian Signals Directorate has updated the Essential Eight Maturity Model (E8MM).

#StopRansomware: LockBit 3.0 Ransomware Affiliates Exploit CVE 2023-4966 Citrix Bleed Vulnerability   Advisory

Nov 29, 2023 - This joint Cybersecurity Advisory (CSA) is part of an ongoing #StopRansomware effort to publish advisories for network defenders that detail various ransomware variants and ransomware threat actors.

Ransomware   Threat

Read through the following case studies and learn from other Australians about how ransomware has affected them.

Essential Eight Assessment Course   News

Jul 4, 2023 - Today, the Australian Signals Directorate has launched the Essential Eight Assessment Course pilot in collaboration with TAFEcyber.

Detecting and mitigating Active Directory compromises   Publication

Jan 22, 2025 - This publication provides an overview of techniques used to compromise Active Directory, and recommended strategies to mitigate these techniques. By implementing the recommendations in this publication, organisations can significantly improve their Active Directory security, and therefore their overall network security posture.

ASD's ACSC Annual Cyber Threat Report, July 2021 to June 2022   Reports and statistics

Nov 4, 2022 - The Annual Cyber Threat Report is the Australian Signals Directorate’s Australian Cyber Security Centre's (ASD’s ACSC) flagship unclassified publication. The Report provides an overview of key cyberthreats impacting Australia, how the ACSC is responding to the threat environment, and crucial advice for Australian individuals and organisations to protect themselves online.

The silent heist: cybercriminals use information stealer malware to compromise corporate networks   Advisory

Sep 2, 2024 - Information stealer malware steals user login credentials and system information that cyber threat actors exploit, predominantly for monetary gain. Information stealers have been observed in attacks against multiple organisations and sectors worldwide, including Australia. This advisory provides readers with cyber security guidance on information stealers, including threat activity and mitigation advice for individuals and organisations.

Technical example: Multi-factor authentication   Publication

Dec 16, 2022 - Multi-factor authentication (MFA) makes it harder for adversaries to use compromised user credentials to access an organisation’s systems. It is one of the most important cybersecurity measures an organisation can implement.

2020-013 Ransomware targeting Australian aged care and healthcare sectors   Advisory

Aug 2, 2020 - Recently there has been a significant increase in healthcare or COVID-19 themed malicious cyber activity, including targeting of the aged care and healthcare sectors by financially motivated cyber criminals using the ‘Maze’ ransomware.

Technical example: Configure macro settings   Publication

Dec 16, 2022 - Configuring macro settings protects an organisation’s systems from malicious macros. Macros are powerful tools. They were introduced to improve productivity however their functionality can also be used by cyber criminals to compromise a user’s system.