Cyber crime in Australia increased 13% in the last year

Cyber crime in Australia increased by nearly 13% in the past year as more Australians significantly increased their dependence on the internet to work remotely, access services and information, and communicate.

During the 2020-21 financial year, the Australia Cyber Security Centre (ACSC) received over 67,500 cyber crime reports, equating to one report of a cyber attack every eight minutes. This is compared to one report every 10 minutes the previous year, the organisation stated in its latest ACSC Annual Cyber Threat report.

The ACSC categorised a higher proportion of cyber security incidents as “substantial” in impact, due to an increased reporting of attacks on larger organisations and the observed impact of the attacks on the victims. The organisation said this was compounded by the increased complexity and sophistication of attackers’ operations.

It revealed that malicious actors exploited the pandemic through spear phishing emails that were associated with COVID-related topics, encouraging victims to enter personal credentials for access to COVID-related information or services.

The ACSC said that the health care sector was a significant target of ransomware attacks, with criminals hoping to “leverage critical services to increase the motivation of victims to pay ransoms”.

The assistant minister for Defence, Andrew Hastie, said that cyber is the new battleground, adding that it's a team effort and a shared responsibility to lift the nation’s cyber defences by implementing cyber security measures.

“Malicious cyber criminals are escalating their attacks on Australians. We need all Australians to be vigilant by taking simple cyber security steps including using strong passphrases, enabling two-factor authentication, updating software and devices and maintaining regular data backups, as well as being on guard against malicious emails and texts,” he said.

Around a quarter of cyber incidents reported were associated with the country’s critical infrastructure or essential services, and the ACSC also recorded a 15% increase in ransomware reports, calling it “one of the most significant threats” to organisations. Ransom demands ranged from thousands to millions of dollars.

Malicious actors, state and criminal ones, rapidly exploited security vulnerabilities, at times within hours of public disclosure, patch release, or technical write up “particularly if proof of concept code that identified the vulnerabilities in systems was also released”.

The ACSC said that business email compromise (BEC) continues to be a major threat to businesses and government enterprises, especially as more Australians work remotely. The average loss per successful event increased to over AUD$50,600 (£26,827), over one and a half times higher than the previous year.