ACSC Threat Report 2017 - The Findings

Dane Meah
October 11, 2017


Yesterday the Australian Cyber Security Centre (ACSC) released its third annual threat report since its inception in 2014, bringing together their findings and identified key trends for 2016/17. Overall, it was reported that cybercrime is still an attractive and viable option for individuals and crime organisations; generating large profits with low risk of being identified and punished. The more success cybercriminals have in their endeavours, the more this encourages and fuels their activities making cybercrime more rife.

The major trends from throughout the year included; ransomware, credential-harvesting malware, social engineering and Business Email Compromise (BEC). But the ACSC also provided some interesting analysis breaking down the private and government sectors. Whilst 56% of the private sector’s self-reported incidents related to compromised systems, the government sector saw their largest number of incidents being attributed to spearphishing attacks. The ACSC also stated that they saw an 11% increase in non-traditional industry sectors being targeted, showing that cybercriminals had started to expand their vision beyond the usual industry targets. Although, financial and academic institutions are still at increased risk due to them housing large amounts of personal identifiable information and in the case of academic organisations, research that may be of value to others globally.


Ransomware seems to be one of those topics that won’t be going away for some time. It is often deployed through the favoured attack vector, email, as it is cheap and easy for cybercriminals to execute large untargeted phishing campaigns and reap huge financial rewards. In the ACSC’s report they stated that they had seen a rise in the pseudo-franchise model, ransomware-as-a-service (RaaS), allowing individuals with very little technical knowledge to launch effective campaigns through darknet markets at a small cost.

There was also a marked growth in the use of ransomware with advanced social engineering and the utilisation of Australian brands and government departments that would be well recognised by the Australian public. The most common variants of Ransomware reported for 2016/17 included; Cryptolocker, Torrentlocker and Cryptowall.


During 2016/17 credential-harvesting malware also appeared to be an increased threat, particularly for the finance sector, where cybercriminals worked to obtain login details from targeted network’s systems. Additionally, the ACSC reported an increase in focus on Android smartphones, a trend that is likely to increase as individuals rely more heavily on their smartphones to store personal information, make financial payments and utilise cloud applications to access work related information on the go.


Another trend that has been recognised in many previous threat reports too, is the increase in social engineering techniques being implemented. If executed well, individuals are able to bypass security protocols that may have previously been stopped by traditional technical means. Social engineering can range from broad phishing campaigns to refined, tailored communications aimed at one particular individual, even at times involving multiple mediums such as phone calls and social media interactions. It has become particularly ubiquitous with Business Email Compromise (BEC). The ACSC reported that in 2016/17 in Australia alone organisations suffered over $20 million worth of losses due to BEC, an increase of over 230% compared to the estimated $8.6 million in 2015/16.

In conclusion of the report, the ACSC advised that Australian organisations needed to take preventative action as an investment to reduce any potential long-term costs and risks. Cyber insurance has shown increased popularity in the past year but is still not a substitute for investing in appropriate security measures. Even if an incident were to be covered by cyber insurance, the payout may not be sufficient to cover stolen intellectual property, compromised personal identifiable information and potential brand damage.

To read the full report click here.

To find out how Infotrust can help provide your organisation with a complete Holistic Cyber Security Framework contact us.