Australia sees rise in cyber threats & financial losses

The Australian Cyber Security Centre's annual report indicates a rise in cyber security threats in Australia, bringing attention to state-sponsored actors and increased financial losses for businesses.

The report reveals over 1,100 cyber security incidents were reported to the Australian Cyber Security Centre (ACSC) in the fiscal year 2023-24. Additionally, there was a 12% increase in calls to the Australian Cyber Security Hotline, which received more than 36,700 calls.

Peter Maloney, CEO of AUCyber, noted, "The cyber threat environment in Australia has never been more complex. We're not just dealing with traditional cybercriminals; state-sponsored actors, with far more sophisticated capabilities, are actively targeting our critical infrastructure and government networks. The strategic threats we face today are on a scale that hasn't been seen since World War II."

The report highlights that cybercriminals are becoming increasingly sophisticated, often leveraging technologies such as artificial intelligence to bypass traditional defences. Business email compromise, online banking fraud, and ransomware remain the most frequent cybercrimes in Australia, with a 17% increase in average loss per incident reported by individuals, now reaching AUD $30,700.

Mr. Maloney commented, "While the financial toll of cybercrime is staggering, the broader impact on trust and security and flow on effect is even more concerning. The financial cost of cybercrime is staggering, but the true price is the erosion of trust in our systems. The fact that individuals are losing tens of thousands of dollars, and businesses are continuously targeted by cybercriminals, is a call to action for every organisation to take cyber security seriously."

The report further addresses the ongoing risks from state-sponsored cyber actors, especially from nations like China and Russia, which are accused of targeting Australian networks for espionage and disruption. Notably, China is reportedly using "living off the land" techniques, while Russia adapts its methods to exploit cloud platforms.

There is a growing concern about the vulnerability of Australia's critical infrastructure, with over 11% of reported cyber incidents involving this crucial sector.

Mr. Maloney said, "Critical infrastructure remains a prime target for cyber attackers due to the catastrophic impact a successful attack could have on essential services. We need to be proactive in reinforcing these systems, as the cost of inaction could be devastating."

In response to these threats, the Australian Government has implemented its autonomous cyber sanctions framework for the first time, targeting two Russian nationals involved in cybercriminal activities.

Mr. Maloney also pointed out, "Collaboration remains our strongest weapon against cyber threats. No single organisation can tackle these issues alone. That's why strong partnerships between industry, government, and the international community are essential in building a resilient defence against these ever-evolving threats."

He emphasised the need for continuous investment in cyber security, "Cyber security is not a one-off fix. It requires continuous investment in the latest technologies, practices, and training. We must be ready for the 'when'—not the 'if'—of a cybersecurity incident. Our resilience depends on it."

The Australian Signals Directorate encourages individuals to report suspicious cyber activity using the Australian Cyber Security Hotline or the ReportCyber service available through their website.