Skip to main content
Reflecting on cyber security threats and trends in 2024
19 December, 2024

Reflecting on cyber security in 2024: major threats and trends

2024 saw the research and education sector tackle evolving cyber threats with AI, Zero Trust models, and strengthened regulations, highlighting the need for innovation and resilience.

AARNet Cyber Security News

As we approach the end of 2024, it's clear that the cyber security landscape for the research and education sector has been more dynamic and challenging than ever. This year has seen significant developments in both the threats faced by education institutions and the strategies employed to combat them. AARNet’s Security Operations Centre (SOC) team has been working tirelessly with our SOC customers to protect their institutions' data and ensure robust security measures are in place. Let's take a look back at some of the major cyber threats and trends that have shaped 2024.

AI-driven threats and defences

Artificial Intelligence (AI) has emerged as both a powerful ally and a formidable adversary. Cyber criminals are leveraging AI to craft more convincing phishing attacks and rapidly adapt malware. At the same time, AI and Machine Learning (ML) have been integral to cyber security for processing the vast volumes of data required to detect and mitigate threats. Our SOC utillises AI and ML to analyse immense datasets, identifying threats before they escalate into incidents. This dynamic “race” with attackers underscores the need for continuous innovation and improvement in our defences.

The rise of Zero Trust security models

The concept of Zero Trust architecture has gained even more traction in 2024. With the increasing adoption of cloud services and remote learning, traditional perimeter-based security models have become less effective. Zero Trust, which operates on the principle of "never trust, always verify," has become the gold standard for securing modern, distributed networks. This approach ensures that every access request is thoroughly vetted, regardless of where it originates. AARNet and many of our connected universities are using Zero Trust principles to review their network architecture and we have seen a lot of engagement across our teams on this.

Generative AI and its implications

Generative AI, including models like ChatGPT and Gemini, has been both a boon and a challenge for cyber security. While these technologies offer incredible potential for improving productivity and automating tasks, they also pose new risks, such as the misuse of generative AI for creating convincing fake content and enhancing social engineering attacks. Balancing the benefits and risks of these tools has been a key focus this year. We will continue to monitor developments and collaborate with the sector to help institutions harness generative Ai tools responsibly while remaining vigilant against emerging threats.

Third-party and supply chain risks

The importance of safeguarding supply chains became abundantly clear in 2024, when cyber incidents exploited vulnerabilities in third-party software and services to compromise entire networks. This priority has been reflected in government guidance and reinforced by the National Cyber Security Strategy, which requires industries to take accountability for cyber security. High-profile breaches have demonstrated how weaknesses in third-party software and services can be exploited to gain access to more critical networks and sensitive information. Education institutions have had to strengthen their due diligence and monitoring of third-party vendors to mitigate these risks. AARNet has also taken steps to strengthen supply chain security, ensuring greater resilience against emerging threats.

The human element: employee behaviour and insider threats

Despite advances in technology, human behaviour remains a critical factor in cyber security, with staff being both our greatest strength and, at times, our greatest vulnerability. Weak passwords, storing credentials in plain text, failing to apply least-privilege principles in access provisioning, and falling for phishing scams continue to be major vulnerabilities. Malicious insider threats are also an increasing concern, with ASIO commentary on the topic receiving growing media attention. These threats can stem from disgruntled employees, careless insiders, or individuals manipulated by external actors. While institutions have invested in training and awareness programs to mitigate these risks, the human element remains a persistent challenge.

Regulatory changes and compliance

This year has also seen significant changes in the regulatory landscape in Australia. The Cyber Security Legislative Package 2024 was introduced to address legislative gaps and align with international best practices. Key measures include:

  • Mandatory Cyber Security Standards: Manufacturers and suppliers must comply with minimum security standards for smart devices sold in Australia.
  • Ransomware Reporting: Businesses are required to report ransomware payments to the Commonwealth within 72 hours.
  • Cyber Incident Review Board: Establishment of a board to review significant cyber security incidents.
  • Enhanced Government Assistance: Reforms to the Security of Critical Infrastructure Act to better manage the impacts of incidents on critical infrastructure.

These changes aim to strengthen Australia's cyber security posture and ensure compliance with new standards.

Major breaches in 2024

The number of breach notifications in 2024 underscores the persistent nature of cyber threats. Between January and July, the Office of the Australian Information Commissioner received 527 data breach notifications, with cyber security incidents accounting for 38% of the total. In response, the Australian Cyber Security Centre, alongside its Five Eyes and other global partners, has issued more frequent Joint Cyber Security Advisories, providing practical insights and actionable information, which are widely circulated on LinkedIn.

One of the most significant breaches impacting the research and education sector this year involved Snowflake, a cloud data platform. Cyber criminals targeted Snowflake customers, including educational institutions, by buying or finding legitimate credentials to steal vast amounts of data and using it for extortion. Notably, this breach did not rely on advanced cyber tradecraft, serving as a reminder that even fundamental security lapses can be exploited.

Another high-profile case involved the China-linked espionage group known as Salt Typhoon, which was responsible for a series of breaches, including attacks on major telecommunications companies like Verizon, AT&T, and T-Mobile. These breaches exposed sensitive communications. The Australian government, along with its international partners, issued warnings about Salt Typhoon targeting telecommunications networks worldwide, including in Australia.

These cases highlight how easily vulnerabilities can be exploited and the wide range of adversaries we face. By closely examining these breaches, we can refine our defences and remain vigilant against both sophisticated attackers and those who use more straightforward methods.

Looking ahead

As we look ahead to 2025, it’s evident that staying ahead of the ever-evolving nature of cyber threats will require continuous innovation and vigilance. Our SOC will remain fully operational 24/7 throughout the holiday break, providing constant monitoring and protection against cyber threats for our customers. We are dedicated to investing in cutting-edge technologies, refining our offerings, and fostering collaboration across the sector. Our goal is to empower our partners and peers in the research and education community to stay focused on their core missions, confident in the strength of their cyber defences.

We use cookies to improve your experience on our site. While you browse, you agree to our use of cookies. If you'd like to learn more about how we use them, you can read our privacy policy.
Yes, I accept