Cybercrime is continuing to surge in Australia as gangs use increasingly sophisticated techniques to defraud and blackmail households, governments and businesses across the nation.
Key points:
- The Australian Cyber Security Centre says it received over 76,000 cybercrime reports last financial year
- The agency now receives a report every seven minutes, compared to one every eight minutes the year before
- Criminal gangs are weaponising sensitive stolen data at a greater scale, ACSC says
The Australian Cyber Security Centre (ACSC) has launched its third annual threat report, revealing that it received over 76,000 cybercrime reports last financial year – a 13 per cent increase from the year before.
That means the agency is receiving a report every seven minutes, compared to one every eight minutes the year before.
The release comes in the wake of a string of high-profile data breaches — including cyber attacks on both Optus and Medibank — which have compromised the private data of millions of Australians.
And the figures in the threat report still only provide a partial picture because a large proportion of attacks go unreported.
ACSC head Abigail Bradshaw said the agency was grappling with the "continued commercialisation of malicious malware and cybercrime tools" and "the weaponisation and monetisation of sensitive stolen data" which was being exploited at a greater scale by criminal gang networks.
Ms Bradshaw said she was particularly concerned that many Australian organisations still had critical software vulnerabilities which criminal groups and hostile states could exploit rapidly.
"Many of those [vulnerabilities] are now being exploited in days or hours as opposed to weeks as they have been in the past," she said.
The report identifies two serious cyber attacks which resulted in an "extensive compromise" of either critical infrastructure, a federal government agency or government shared services — although it does not provide any details.
It also says a growing number of businesses reported having been hit with ransomware attacks, with criminal groups "releasing the personal information of hundreds of thousands of Australians as part of their extortion tactics".
The agency responded to 135 ransomware incidents last financial year, a 75 per cent increase on the year before.
Cost of cybercrime rises for Australian businesses
The average cost of every cybercrime reported has also risen, hitting almost $40,000 for small businesses, around $88,000 for medium businesses and more than $62,000 for large businesses.
The ACSC report also highlights how online criminals are scamming businesses with fake emails, including tricking business owners or employees into revealing confidential commercial information.
Businesses reported combined losses of almost $100 million from these crimes over the last financial year, and the report says some companies in Western Australia suffered "losses over $1 million".
Ms Bradshaw also said Russia's use of cyber warfare during its invasion of Ukraine, as well as its mobilisation of criminal online gangs to target Ukrainian government entities, was "profound and new".
"In the last 12 months we've witnessed the sustained integration of cyber with conventional warfare in Ukraine and the coalescence of powerful and disruptive cybercrime gangs and nation-states combining efforts in that conflict," she said.
The report also highlights the way some criminal and independent groups "have conducted activities in support of Russian or Ukrainian interests, independent of Russian and Ukrainian government chains of command".
The ACSC warned earlier this year that Australian organisations should be on guard for possible cyber attacks from Russian-aligned cyber groups after the federal government sent weapons to Ukraine to help it repel the invasion.
But the report does not outline any examples of Russian groups targeting Australian businesses or governments.