Australia’s Cyber Security Strategy and stolen credentials

​To address the growing number of cyber threats, Australia released a new version of the Australia’s Cyber Security Strategy 2020 on August 6, 2020. The 2020 version of the strategy replaces the earlier strategy from 2016, and will be delivered through the combined efforts of governments, businesses and the community to secure products and services, and ultimately, all Australians.  

The latest strategy calls out the changing cyber landscape including: 

• Nation states and state-sponsored actors and criminals accessing information for financial gain 
• The dark web being used to buy and sell stolen identities, illicit commodities and access other illegal materials
• Encryption and anonymization technologies making it possible for criminals to hide their identities from law enforcement agencies.

Quantifying the problem 

The Australian Cyber Security Centre (ACSC) responded to 2,266 cyber security incidents from July 1, 2019 to June 30, 2020. This number does not include cyber incidents that are reported to the police and other support organizations, making the total number significantly higher. It is estimated that cyber incidents can cost the economy up to 29 billion AUD, or 1.9% of the country’s gross domestic product.  

Of the industries represented in the 2,266 cyber security incidents, national and state/territory government organizations top the list of most incidents, followed by individual people and the healthcare industry. 35% of the incidents reported affected critical infrastructure providers delivering services such as healthcare, education, banking, water, communications, transport and energy.  

Stolen credentials 

The strategy identifies the dark web as a challenge for law enforcement, as it offers a haven for criminals to trade in stolen identities while remaining anonymous and difficult to trace. These platforms help to educate would-be cyber criminals and disseminate stolen data at very low cost.  

As reported in the strategy: “Many cyber threats are enabled by malicious actors concealing their identities using fake or stolen identity information. Personal information stolen from innocent Australians is widely available in thriving dark web markets, where it is bought and sold on an industrial scale by criminals looking to commit fraud or facilitate other illegal activities.” 

Breached usernames and passwords are common credentials that are traded on the dark web. When an organization experiences a data breach, their data is uploaded to the dark web, allowing any cyber criminal to use the data to attack other organizations. The results can be devastating as was the case with the Colonial Pipeline in the United States in April 2021. While the ransomware attacks the pipeline faced garnered the headlines around the world, the root cause of the attack was a compromised password found in a list of leaked passwords on the dark web.  

It is possible to block the use of known compromised or breached passwords, thus providing strong protection from password-related attacks by cyber criminals. This is one of many measures’ organizations can take to follow the guidelines outlined in Australia’s Cyber Security Strategy. Read the cyber security PDF where the Australian government commits to invest time and money in improving the overall cyber security landscape.