Reflections on Australia’s cyber threat landscape

Cybercrime landscape

Australia’s cyber threat landscape shows growth and sophistication in tactics.

Australia’s complex cyber threat landscape continually evolved in 2020 and 2021 due to several key factors. These include the coronavirus pandemic, the growing opportunities available to malicious actors, the widespread activities of cybercriminals and Australia’s geostrategic environment.

The Australian Cyber Security Centre’s (ACSC) Annual Cyber Threat Report 2020–21 reveals important insights to inform and guide business decisions in building defence and resilience against cyber threats.

Key Statistics:

  • ACSC received over 67,500 cybercrime reports – up 13% from previous financial year.
  • Self-reported losses from cybercrime reached over $33 billion.
  • Approximately one quarter of reported cyber security incidents affected entities associated with Australia’s critical infrastructure.
  • Over 1,500 cybercrime reports of malicious cyber activity related to the coronavirus pandemic (approximately four per day).
  • More than 75% of pandemic-related cybercrime reports involved Australians losing money or personal information.
  • Nearly 500 ransomware cybercrime reports, up 15% from previous financial year.
  • Fraud, online shopping scams and online banking scams were the top reported cybercrime types.
  • An increase in the average severity and impact of reported cyber security incidents, with 50% categorised as ‘substantial’.

Source: Australian Cyber Security Centre (ACSC)

Digital crime impacting individuals and businesses

The pandemic saw a large percentage of the workforce rapidly shift to remote working. To facilitate this, many organisations hastily deployed new remote networking solutions, sometimes at the cost of deprioritising cyber security measures. Malicious cyber actors used this opportunity to take advantage of Australia’s vulnerabilities to conduct espionage, steal money and sensitive data, and disrupt services.

“Australians were also frequent victims of financially motivated cybercrime, particularly ransomware and business email compromise. Cybercriminals were prolific and overt in their targeting of Australian organisations, and the impacts of their operations were felt across the community.”

Australian Cyber Security Centre

Ransomware

The number of ransomware-related cybercrime reports makes up a small proportion of the total number of cybercrime reports, in relative terms. However, ransomware continues to be the most serious cybercrime threat because of its financial repercussions and disruptions to victims and the wider community.

Fraud-Related Cybercrime

Fraud-related cybercrime is where actors use computers or online services to commit fraud. This type of cybercrime continued to be a prevalent cyber threat to Australians, accounting for almost 23% of cybercrime reports.

The top three cybercrime types reported via ReportCyber:

  • Fraud cybercrime 23%
  • Shopping cybercrime 17%
  • Online banking cybercrime 12%.

Key cyber security threats and trends identified by the ACSC

Exploitation of the pandemic environment

Malicious actors took advantage of the covid pandemic by targeting Australians seeking digital information or services.

Disruption of essential services and critical infrastructure

Approximately one out of four cyber incidents reported to the ACSC during FY2020-21 were associated with Australia’s critical infrastructure or essential services.

Ransomware has grown in profile and impact

With an increase of 15% ransomware cybercrime reports in FY2020–21, it poses one of the most significant threats to Australian organisations.

Rapid exploitation of security vulnerabilities

State and criminal cyber actors continued to compromise large numbers of organisations by prosecuting publicly disclosed vulnerabilities at speed and scale. Malicious actors exploited security vulnerabilities, at times within hours of public disclosure, patch release or technical write up – particularly if proof of concept (PoC) code that identified the vulnerabilities in systems was also released.

Supply chains

Supply chains, particularly software and services, continue to be targeted by malicious actors to gain access to a vendor’s customers. Australian organisations were forced to take precautionary and mitigation actions to prevent serious impacts to their networks because of major supply chain attacks, such as SolarWinds.

Business email compromise (BEC)

Business email compromise presents a major threat to Australian businesses and government enterprises, especially with many Australians working remotely.

Where are the cybercrime reports coming from?

The majority of incidents were reported by entities or individuals in Queensland and Victoria. Despite a lower number of reports were made overall, the highest average financial losses were self-reported by victims located in South Australia and Western Australia.

Breakdown of cybercrime incidents by state for FY20-21. Source: Australian Cyber Security Centre.

What is the real cost of cybercrime?

Cybercrime and cyber security incidents can potentially cause substantial financial, as well as detrimental and irreversible reputational damage. They may disrupt business operations, essential services, and result in further or ongoing malicious activity to an organisation.

With reports showing an overall uplift in cybersecurity incidents FY2020-21, it’s important for businesses to be aware of the trends and take active steps toward strengthening their cybersecurity armour.

The full extent of cybercrime and cyber security impacts can be difficult to quantify. However the time and costs of remediation for such incidents will often be much greater than early and ongoing investment in prevention.