G20 Cyber Security Advice
Download CSOC Protect Notice, G20 Cyber Security Advice (490K PDF), November 2013
- Targeting of high profile events such as the G20 by state-sponsored or other foreign adversaries, cyber criminals and issue-motivated groups is a real and persistent threat. The information contained on government systems, whether classified or unclassified, is of strategic interest to cyber adversaries. Information gathered through cyber espionage can be used to gain an economic, diplomatic or political advantage.
- There are many examples of entities being targeted due to their involvement in high profile events. In November 2012, Association of Southeast Asian Nations (ASEAN)-themed malicious emails were sent targeting Australian government agencies in an attempt to compromise their networks and obtain sensitive information. These emails appeared to come from entities associated with ASEAN events.
- In July-August 2013, Asia-Pacific Economic Cooperation (APEC) and G20-themed malicious emails were sent to multiple Australian government agencies from webmail accounts misrepresenting persons and organisations having an association to these events.
- As of 1 December 2013, Australia assumes chairmanship of the G20 for 2014. Australian networks will consequently become a more attractive target for cyber espionage or attack.
- It is important to be aware of malicious activities, such as the ones listed above. There are some simple steps that all users can take to reduce the risk of cyber espionage.
Socially-engineered emails – think before you click
- The most common technique used to gain access to government information and networks is the socially-engineered email. It is common for G20-related emails to be sent to a broad range of Australian government departments before, during and after the event. The aim of malicious cyber actors is to gain access to information any way possible. These adversaries look for a weak link to try and break into a network. It is important to remember that you may be targeted even if you are not directly involved with the event.