Key Points
- The Australian Signals Directorate received more than 87,000 reports of cybercrime incidents in the last financial year.
- That’s a 7 percent drop from last year, but businesses and individuals are losing more money.
- ASD chief executive Abigail Bradshaw warned that state-sponsored cyber operations posed a significant risk.
Those responsible for detecting and neutralizing malicious cyber threats against Australia receive a new report every six minutes.
More than 87,000 incidents of cybercrime have been reported to the Australian Signals Directorate (ASD) in the past year.
The total number fell by 7% in 2023/24, but the amount of money lost by crime victims continued to rise.
People affected by online crime lost an average of $30,700, an increase of 7%, while small businesses targeted by cyberattacks lost approximately $50,000.
Acting Prime Minister Richard Marles said the growing cyber threat was “very concerning” and it was up to the government and people to act.
“This is a real and present threat,” he told reporters Wednesday.
The directorate is responsible for foreign signals intelligence and cybersecurity. It collects and analyzes data from communications systems, radio frequencies and electronic transmissions.
The agency responded to more than 36,000 calls to the Australian cybersecurity hotline during the year, an annual increase of 12 per cent.
Chief executive Abigail Bradshaw said the threat report coincided with a changing online environment and conflicts overseas.
“This year’s threat requires a shift in the nation’s cybersecurity posture toward stronger defenses,” she said.
“This is a digital landscape in which, unfortunately, none of us can turn off for fear of being forcibly disconnected by malicious actors.”
State-sponsored cyber operations posed a significant risk to Australia, the intelligence agency warned.
Increased competition across the Indo-Pacific region would only exacerbate this risk. China, Russia, North Korea and Iran are believed to be behind the majority of state-sponsored operations against Australia.
“State-sponsored cyber operations are increasing as geostrategic tensions evolve, while cybercriminals and hacktivists also continue to pose an ongoing and persistent threat,” Bradshaw said.
“Over the past year, ASD and our international partners have seen malicious cyber actors revise their tactics to avoid detection and blend in with regular network traffic, techniques known to make a living off the land.”
China and Russia widely used this technique.
“(China’s) choice of targets and pattern of behavior is consistent with prepositioning for disruptive effects, rather than traditional cyberespionage operations,” the report said.
The most common types of cybercrime
Of the 1,100 cybersecurity incidents the agency responded to during the year, more than one in ten were related to critical infrastructure.
This includes communications networks, financial services and markets, and data storage and processing facilities.
More than one in four reported cybercrimes involved identity fraud, while 15 percent were linked to online shopping and 12 percent to banking.
Businesses affected by cyber incidents were most likely to be affected by compromised emails, followed by online banking fraud.