Search

Artificial intelligence for small business   Publication

Jan 14, 2026 - This guide explains the key cyber security risks of adopting AI technologies and how to reduce while adopting. While traditional threats such as phishing, ransomware and insider threats are still relevant, this guide focuses on other risks that AI introduces.

Implementing application control   Publication

Nov 27, 2023 - Application control is one of the most effective mitigation strategies in ensuring the security of systems. As such, application control forms part of the Essential Eight from the Strategies to mitigate cyber security incidents. This publication provides guidance on what application control is, what application control is not, and how to implement application control.

PRC State-Sponsored Cyber Activity   Advisory

Mar 20, 2024 - This fact sheet provides an overview for executive leaders on the urgent risk posed by People’s Republic of
China (PRC) state-sponsored cyber actors known as "Volt Typhoon."

Remote access to operational technology environments   Publication

Mar 28, 2023 - Many critical infrastructure providers are moving to support remote working arrangements. In doing so, modifying cyber security defences for operational technology environments (OTE) is not a decision that should be taken lightly.

COVID-19 themed malicious cyber activity   Advisory

Mar 27, 2020 - This update is designed to raise awareness of increasing COVID-19 themed malicious cyber activity, and provide practical cyber security advice that organisations and individuals can follow to reduce the risk of being impacted.

Managed service providers: How to manage risk to customer networks   Publication

Oct 6, 2021 - There are several mitigation strategies that managed service providers can implement to protect their own networks and manage the security risks posed to their customers’ networks.

Managing cryptographic keys and secrets   Publication

Aug 26, 2025 - This guide has been developed to help organisational personnel in understanding the threat environment and the value of implementing secure keys and secrets management to make better informed decisions.

Malicious insiders   Threat

Jun 23, 2020 - Malicious insiders can be employees, former employees, contractors or business associates who have legitimate access to your systems and data, but use that access to destroy data, steal data or sabotage your systems. It does not include well-meaning staff who accidentally put your cyber security at risk or spill data.

Cyber security priorities for boards of directors 2025-26   Publication

Oct 30, 2025 - This advice outlines questions boards can ask of management and their organisation to understand its cyber security posture in the current cyber threat environment.

Types of scams   Guidance

Learn about the common types of scams, how to identify them and how to recover from them.

PRC state-sponsored actors compromise and maintain persistent access to U.S. critical infrastructure   Advisory

Feb 8, 2024 - The Cybersecurity and Infrastructure Security Agency (CISA), National Security Agency (NSA), and Federal Bureau of Investigation (FBI) assess that People’s Republic of China (PRC) state sponsored cyber actors are seeking to preposition themselves on IT networks for disruptive or destructive cyberattacks against U.S. critical infrastructure in the event of a major crisis or conflict with the United States.

Russian FSB cyber actor Star Blizzard continues worldwide spear-phishing campaigns   Advisory

Dec 8, 2023 - The Russia-based actor is targeting organisations and individuals in the UK and other geographical areas of interest.

Marketing and filtering email service providers   Publication

Oct 6, 2021 - This publication provides high level guidance on how to use email service providers (ESPs) in particular deployment scenarios. The considerations and controls described in that publication also apply to ESPs sending email on other organisations’ behalf.

Identity theft   Threat

Nov 14, 2024 - Learn about how identity theft can affect you and how to keep your personal information secure.

Information stealer malware   Guidance

Jul 15, 2025 - Information stealer malware is a type of malware designed to steal sensitive data from devices. This can include user credentials, browser data and more.

Threat update: COVID-19 malicious cyber activity 27 March 2020   Advisory

Mar 27, 2020 - This update is designed to raise awareness of increasing COVID-19 themed malicious cyber activity, and provide practical cyber security advice that organisations and individuals can follow to reduce the risk of being impacted.

Understanding Ransomware Threat Actors: LockBit   Advisory

May 8, 2024 - The Australian Signals Directorate’s Australian Cyber Security Centre (ASD's ACSC) alongside international partners have released a joint advisory on the ransomware variant LockBit. It functions as an affiliate-based Ransomware-as-a-Service (RaaS) model where affiliates are recruited to conduct ransomware attacks using LockBit ransomware tools and infrastructure.

Iranian Government-Sponsored APT Cyber Actors Exploiting Microsoft Exchange and Fortinet Vulnerabilities in Furtherance of Malicious Activities   Advisory

Nov 22, 2021 - Iranian government-sponsored APT actors are actively targeting a broad range of victims across multiple U.S. critical infrastructure sectors, including the Transportation Sector and the Healthcare and Public Health Sector, as well as Australian organisations.

Creating and maintaining a definitive view of your operational technology architecture   Publication

Oct 28, 2025 - How organisations who deploy or operate operational technology systems should build, maintain and store their systems understanding.

Hunting Russian Intelligence “Snake” Malware   Advisory

May 10, 2023 - This Cybersecurity Advisory (CSA) provides background on Snake’s attribution to the FSB and detailed technical descriptions of the implant’s host architecture and network communications.