Skip to main content

Latest threat advice

Threat update: COVID-19 malicious cyber activity

Mar 27, 2020 - This update is designed to raise awareness of increasing COVID-19 themed malicious cyber activity, and provide practical cyber security advice that organisations and individuals can follow to reduce the risk of being impacted.

Advisory 2020-004: Targeting of Telerik CVE-2019-18935

Mar 3, 2020 - Remote code execution vulnerability being actively exploited in vulnerable versions of Telerik UI by sophisticated actors.

ACSC aware of DDoS threats being made against Australian organisations

Feb 25, 2020 - The Australian Signals Directorate's Australian Cyber Security Centre (ACSC) is aware of a number of Denial of Service (DoS) for ransom threats being made against Australian organisations, primarily in the banking and finance sector. The threats in question are delivered via email, and threaten the recipient with a sustained DoS attack unless a sum of the Monero cryptocurrency is paid. The actors behind these threats claim to be the ‘Silence Hacking Crew', however the ACSC is unable to verify this claim.

Advisory 2020-003: Mailto ransomware incidents

Feb 6, 2020 - Overview The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is aware of recent ransomware incidents involving a ransomware tool known as ‘Mailto’ or ‘Kazakavkovkiz’. Mailto belongs to the KoKo ransomware family. At this time, the ACSC is unaware whether these incidents are indicative of a broader campaign. Details Currently, the ACSC has limited information about the initial intrusion vector for Mailto infections.

Advisory 2020-002: Critical Vulnerabilities for Microsoft Windows Announced, Patch Urgently

Jan 15, 2020 - On 15 January 2020 (AEDT), Microsoft released security patches for three critical and one important vulnerabilities in the Microsoft Remote Desktop Client, Remote Desktop Gateway and the Windows operating system. The ACSC recommends that users of these products apply patches urgently to prevent malicious actors from using these vulnerabilities to compromise your network.

Advisory 2020-001-4: Active exploitation of critical vulnerability in Citrix Application Delivery Controller and Citrix Gateway

Jan 13, 2020 - The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) is aware of ongoing attempts to exploit a critical vulnerability in Citrix Application Delivery Controller (ADC) (formerly known as NetScaler ADC), Citrix Gateway (formerly known as NetScaler Gateway) and Citrix SD-WAN WANOP. The vulnerability, known as CVE-2019-19781, was disclosed on 17 December 2019 and enables an unauthenticated adversary to execute arbitrary code.

Cybercrime in Australia – July to September 2019

Dec 16, 2019 - As part of the Australian Signals Directorate's Australian Cyber Security Centre (ACSC)'s role to lead government efforts to improve cyber security, the ACSC reveals the most common cybercrimes affecting Australians, in the Cybercrime in Australia July to September 2019 report.
Check Scam Message Artwork

Advisory 2019-131a: Emotet malware campaign

Nov 8, 2019 - Overview The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has observed an ongoing and widespread campaign of malicious emails designed to spread Emotet across a variety of sectors in the Australian economy, including critical infrastructure providers and government agencies. Emotet provides an attacker with a foothold in a network from which additional attacks can be performed, often leading to further compromise through the deployment of ransomware.
Pulse Secure Logo

Advisory – 2019-129: File Disclosure Vulnerability in Pulse Connect Secure VPN Software

Oct 1, 2019 - Overview The Australian Signals Directorate’s Australian Cyber Security Centre is aware of a vulnerability that exists in the Pulse Connect Secure Virtual Private Network (VPN) solution. We advise users to ensure their systems are patched and up to date. The Pulse VPN Vulnerability, also known as CVE-2019-11510, was initially disclosed in April 2019 but has resurfaced after multiple reports of exploitation and the disclosure of working exploits available for use on Pastebin and GitHub.

External Advisories

Jul 30, 2019 - ICS-CERT Alerts - An ICS-CERT Alert is intended to provide timely notification to critical infrastructure owners and operators concerning threats or activity with the potential to impact critical infrastructure computing networks. ICS-CERT Advisories - Advisories provide timely information about current security issues, vulnerabilities, and exploits.
person at laptop

ACSC ADVISORY: Sextortion Campaign

Jul 24, 2019 - The ACSC is aware of a sextortion scam email campaign targeting the Australian community. The ACSC, Office of the eSafety Commissioner and Scamwatch have received over 300 reports this week. This scam may appear to originate from an individual’s own email address and threatens to release personal and sensitive information unless the scammer is paid money.
Code on mobile and laptop

Advisory – 2019-009: Securing Unprotected Network and Data Services

Jul 3, 2019 - The ACSC has observed a large number of unprotected network and database/storage services hosted on Australian IP address ranges. This exposure may lead to data contained in these services being compromised. The ACSC urges organisations to check their externally facing internet services and ensure appropriate access controls and protections are in place.

Microsoft Windows Security Vulnerability – ‘BlueKeep’ (CVE-2019-0708)

Jun 6, 2019 - Vulnerability The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) advises Windows users to ensure their systems are patched and up to date after Microsoft’s recent disclosure of new remote desktop vulnerability.
man and woman looking worried at laptop

Advisory – 2019-126: Vulnerable version of Telerik UI being actively exploited by APT actor

May 16, 2019 - The Australian Cyber Security Centre (ACSC) has become aware that Advanced Persistent Threat (APT) actors have been scanning for and attempting exploitation against unpatched versions of Telerik UI for ASP.NET AJAX using publically available exploits. Successful exploitation could allow an attacker to upload files to the vulnerable server to facilitate further compromise.

Manic Menagerie Investigation Report

Jan 29, 2019 - This report details technical findings and mitigation advice related to the extensive compromise of at least eight Australian web hosting providers investigated by the Australian Cyber Security Centre (ACSC) in May 2018. The information is designed for use by technical cyber security officers within Australian infrastructure organisations, large businesses and government agencies. This report includes indicators for web hosting providers and their customers to determine if they are victims of the campaign, which uses simple techniques and poses a risk for such organisations.

MSP Investigation Report

Dec 21, 2018 - The ACSC investigation report details the theft of commercial secrets, data and information from the Australian arm of a multinational construction services company via their Managed Service Provider. The compromise reflects those detailed in a 2017 public report ‘Operation Cloud Hopper’, which outlines APT10’s targeting of MSPs to leverage existing relationships with their customers and gain access to their customer networks.

Joint report on publicly available hacking tools

Oct 12, 2018 - This report is a collaborative research effort by the cyber security authorities of five nations: Australia, Canada, New Zealand, the UK and USA. It highlights the use of five publicly available tools, observed in recent cyber incidents around the world. To aid the work of network defenders and system administrators, we also provide advice on limiting the effectiveness of these tools and detecting their use on a network.
Scammer calling

Phone scams

Aug 14, 2018 - There are many ways scammers try to get your information or money over the phone. They will usually pretend to be from a well-known organisation, such as a government agency, a utilities provider, Australia Post, a bank or the police. They can be incredibly convincing.
Leaked exploits

Malware

Aug 14, 2018 - Malware (short for 'malicious software') is software that cyber criminals use to harm your computer system or network. Cyber criminals can use malware to gain access to your computer without you knowing, in targeted or broad-based attacks. Cyber criminals use malware for different reasons, most commonly to steal your confidential information, hold you to ransom or install damaging programs onto your device without your knowledge. Malware can get onto your device or system when you visit an untrustworthy website or download an infected file via an email or a portable device,…
Identity theft

Identity theft

Aug 14, 2018 - The Australian Cyber Security Centre provides you with up-to-date advice on current threats and vulnerabilities, as well as guidance on mitigation and cyber security best practice.
Email scam

Email scams

Aug 14, 2018 - The Australian Cyber Security Centre provides you with up-to-date advice on current threats and vulnerabilities, as well as guidance on mitigation and cyber security best practice.
Router targetted privacy

Secondary targeting

Aug 13, 2018 - Cyber adversaries will target the weakest link. If they are trying to target a network but it has strong cyber security, they will move to what's called secondary targeting. In secondary targeting, the adversary will try to compromise other networks that might be easier to target and hold the same information, are connected to their target network, or can provide information they can use to compromise the target network.
Ransomware

Ransomware

Aug 13, 2018 - Ransomware is a type of malware that denies access to files or computer systems until a ransom is paid. Ransomware can get onto your device in the same way as other malware or a virus, for example by visiting unsafe or suspicious websites, opening emails or files from someone you don't know, clicking on 'malicious' links in social media and peer-to-peer networks.
Phishing

Phishing

Aug 13, 2018 - Phishing is a method of stealing confidential information by sending fraudulent messages to a victim. It is one of the most prevalent scams reported in Australia. These messages can be sent via email, SMS, social media, instant messenger or phone call. They can look extremely sophisticated and convincing, replicating legitimate messages from reputable senders. As well as featuring official-looking logos and disclaimers, phishing emails typically include a 'call to action' to trick us into giving out our most sensitive personal information, from passwords to bank details.
Digital trade

Malicious insiders

Aug 13, 2018 - The Australian Cyber Security Centre provides you with up-to-date advice on current threats and vulnerabilities, as well as guidance on mitigation and cyber security best practice.
Drupal 8 logo

Vulnerability in the Drupal content management system

Jul 1, 2018 - The ACSC has become aware of a critical vulnerability in the Drupal content management system. This potentially allows attackers to exploit multiple attack vectors on a Drupal site, which could result in the site being completely compromised. Drupal assesses this vulnerability as critical. If you are using a version of Drupal prior to 7.58 or 8.51, the ACSC recommends that you upgrade immediately as per Drupal's advice.
Digital processing

Phishing - Large organisations

Jul 1, 2018 - Phishing is a method of stealing confidential information by sending fraudulent messages to a victim. It is one of the most prevalent scams reported in Australia. These messages can be sent via email, SMS, social media, instant messenger or phone call. They can look extremely sophisticated and convincing, replicating legitimate messages from reputable senders.
Distributed Denial of Service

Distributed Denial of Service

Jul 1, 2018 - The Australian Cyber Security Centre provides you with up-to-date advice on current threats and vulnerabilities, as well as guidance on mitigation and cyber security best practice.
Romance scams

Dating and romance scams

Jul 1, 2018 - The Australian Cyber Security Centre provides you with up-to-date advice on current threats and vulnerabilities, as well as guidance on mitigation and cyber security best practice. The below is based primarily on the advice of the NSW Police.
Data breach cyber attack

Data breaches

Jul 1, 2018 - Organisations collect and store a lot of personal details. You trust them with your address, credit card number, health records and more. Sometimes personal information is released to unauthorised people by accident, or as the result of a security breach. For example, an email with personal information can be sent to the wrong person, or a computer system can be hacked and personal information stolen. These are known as a data breaches, or data spills.
Unauthorised cryptomining

Unauthorised cryptomining

Jul 1, 2018 - The Australian Cyber Security Centre provides you with up-to-date advice on current threats and vulnerabilities, as well as guidance on mitigation and cyber security best practice.
Cyber threats

Common threat types

Jul 1, 2018 - The cyber threat to Australian individuals and organisations is undeniable, unrelenting and continues to grow. You could be a target even if you don't think the information held on your networks is valuable, or that your business would be of interest to cyber adversaries. Many organisations are at risk purely because they are vulnerable through unpatched software or unaware staff members. Common threats impacting Australians include:
Automated alerts

Business email compromise

Jul 1, 2018 - Business email compromise (BEC) is an online scam where a cybercriminal impersonates a business representative to trick you, an employee, customer or vendor into transferring money or sensitive information to the scammer. To begin, a cybercriminal impersonates a trusted person using an email address that appears to be legitimate (this is known as "masquerading"). To do this, they may use a username that is almost identical to the trusted person's name, or a domain that is almost identical to the name of the trusted person's company. Alternatively, they could replace the "from…

New US Malware Report on state-sponsored actors

Jul 1, 2018 - The US Department of Homeland Security (DHS) and the Federal Bureau of Investigation (FBI) have released a new report, covering technical details on the tools and infrastructure used by North Korean state-sponsored cyber actors. This is the latest in a series of Malware Analysis Reports (MAR) relating to activity by North Korea. The Australian Cyber Security Centre is sharing this information to enable network defenders to identify and reduce exposure to the persistent threat of criminal and state-sponsored cyber actors.
VPN Filter Attack

Protect your devices against VPNFilter malware

May 25, 2018 - Australian users need to be aware of VPNFilter malware, which is known to affect networking equipment including Linksys, MikroTik, Netgear and TP-Link, as well as QNAP network-attached storage (NAS) devices. Once a malicious actor compromises a device using VPNFilter malware, they are able to collect network traffic (including website credentials) traversing the device. Importantly, the malware can also be used to disable the device.

Routers targeted: Cisco Smart Install feature continues to be targeted by Russian state-sponsored actors

Apr 17, 2018 - Russian state-sponsored actors are responsible for activity targeting Cisco devices using the Smart Install feature worldwide, including Australia. Cisco has published the actions needed to secure the Smart Install feature in, Action Required to Secure the Cisco IOS and IOS XE Smart Install Feature.

Processor vulnerabilities (Meltdown/Spectre)

Jan 29, 2018 - Security researchers have uncovered widespread critical vulnerabilities affecting modern processors

ACSC Threat Report 2017

Oct 15, 2017 - This is the third Australian Cyber Security Centre (ACSC) Threat Report. It continues to reflect the experience, focus, and mandates of the ACSC’s member organisations. This report provides an insight into what the Centre has been seeing, learning, and responding to, focusing on specific areas of change or new knowledge obtained. For the first time, this year’s Threat Report also includes insights into how the ACSC works and highlights some of the ways in which we have both proactively and reactively responded to cyber threats.

ACSC Threat Report 2016

Oct 15, 2016 - This is the second Australian Cyber Security Centre (ACSC) Threat Report. It continues to reflect the experience, focus, and mandates of the ACSC’s member organisations. This report provides an insight into what the Centre has been seeing, learning, and responding to, focusing on specific areas of change or new knowledge obtained. But we at the ACSC are not just focused on the problem. Importantly, this document also contains mitigation and remediation advice to assist organisations to prevent, and respond to, cyber threats.

Web Shells - Threat Awareness and Guidance

Nov 1, 2015 - Web shells can be used to leverage unauthorised access and can lead to wider network compromise. This advisory outlines the threat and provides prevention, detection and mitigation strategies for administrators of web servers that have active content languages installed.
Evaluation

ACSC Threat Report 2015

Jul 15, 2015 - This report describes the range of cyber adversaries targeting Australian networks, explains their motivations, the malicious activities they are conducting and their impact, and provides specific examples of activity targeting Australian networks during 2014. It also offers mitigation advice on how organisations can defend against these activities.