The state of cybercrime in Australia

Findings from the third annual threat report from the Australian Cyber Security Centre (ACSC)

In its third annual threat report, the Australian Cyber Security Centre (ACSC) has revealed in November 2022 that cybercrime is continuing to rise in Australia, with households, governments and businesses all under increasing threat of attack.

Here are some of the key findings from the report:

  • 76,000 cybercrime reports were made to the Australian Cyber Security Centre in the last financial year
  • This is a 13% increase on reports made in the previous year
  • This means the Centre received a new report every seven minutes, as compared with one every eight minutes in the previous financial year
  • The average cost of an attack for small businesses is $40,000.

It is also worth noting that the statistics in the report were gathered before the high profile data breaches impacting Optus and Medicare customers and they do not give a full picture because a large proportion of attacks still remain unreported.

Infrastructure attacks

As we have seen in other reports this year, attacks on ‘critical infrastructure, a federal government agency or government shared service’ are exploiting vulnerabilities in these crucial areas. The report refers to two serious attacks leading to ‘extensive’ compromise in these sectors in Australia, although the exact details are not included in the report.

Ransomware attacks on the rise

The report describes how a growing number of businesses are being hit by ransomware attacks, saying that the personal information of ‘hundreds of thousands of Australians’ was released over the last year as part of the extortions employed by the cybercriminals. The ACSC responded to 135 ransomware reports in Australia in the last financial year, which represents a 75% increase as compared with the previous year. The Head of the ACSC, Abigail Bradshaw, highlighted the agency’s concern about the growing ‘commercialisation, weaponisation and monestisation’ of stolen personal data by cybercriminal organisations.

Counting the cost of cyber attacks

The cost of cyber attacks is also increasing, according to the report, which pinpoints the average cost of an attack for small businesses at just less than $40,000, as compared with $88,000 for medium businesses and more than $62,000 for large businesses. Online scams are costing Australian businesses a combined total of almost $100 million across the year.

Cyber attacks and conventional warfare

Cyber warfare has also come to the forefront in the past year, with cyber attacks integrated with conventional warfare by government forces in the Ukrainian conflict. Some independent cybercriminal gangs have also got behind Russian or Ukrainian interests and the ACSC warns that Australian organisations need increased vigilance towards cyber attacks from groups aligned with Russian interests following the Australian government’s support of Ukraine in the conflict.

The Australian Cyber Security Centre (ACSC) third annual threat report can be found here.


Leave a comment

Translate »