Australia's critical networks increasingly being targeted by cyber criminals: report
Make us a preferred source
Make us a preferred source on Google
The news: At least one Commonwealth agency or piece of critical infrastructure suffered an “extensive compromise” in the last year, an annual report into cyber threats has revealed.
The numbers: The Australian Signals Directorate (ASD) has released its fifth annual cyber threat report, revealing its cyber security hotline received nearly 37,000 calls in the 2023-24 financial year — up 12%.
The average self-reported cost of cybercrime for impacted individuals also jumped 17% to $30,700. Overall cybercrime reports did drop slightly, with the main types impacting individuals being identity fraud (26%), online shopping fraud (15%) and online banking fraud (12%).
The context: ASD director general Abigail Bradshaw said the report highlighted an evolution in cyber threats, in which Australia’s most critical networks were increasingly being targeted. Bradshaw said the current threat required a “posture towards stronger [cyber] defences”.
The federal government was the target of more than a third of all cyber incidents reported last financial year, with state and local governments accounting for 12%.
One entity listed as ‘federal government’, ‘government shared services’ or ‘regulated critical infrastructure’ suffered an “extensive compromise”, though the report does not provide details.
More than a tenth of all reported incidents involved ransomware, a slight increase on the previous year.
The ASD has urged companies to report ransomware attacks rather than paying ransoms. But concerns remain that companies are still willing to flout the advice rather than suffer the reputational damage of admitting they have been hacked.
Queensland and Victoria both suffered disproportionately high rates of cybercrime, though that is likely due to more effective reporting regimes.
The report also warns about a rise in ‘living off the land’ attacks, in which a hacker gains access to a system using tools already embedded in the environment. That enables them to remain undetected by traditional security tools which search for known malicious cyberware.
What they said: “It is a digital landscape in which unfortunately none of us can switch off, lest we be forcibly disconnected by malicious actors,” Bradshaw said.
The source: ASD Cyber Threat Report 2023-24
