Powered by MOMENTUM MEDIA
defence connect logo

Powered by MOMENTUMMEDIA

Powered by MOMENTUMMEDIA

Cyber threat report finds cyber crime on the rise and AUKUS at risk

Defence Minister Richard Marles has officially launched the Australian Signals Directorate’s Annual Cyber Threat Report 2022-23 which details the concerning cyber threat landscape Australia faces.

Defence Minister Richard Marles has officially launched the Australian Signals Directorate’s Annual Cyber Threat Report 2022-23 which details the concerning cyber threat landscape Australia faces.

According to the Australian Signals Directorate’s (ASD) Annual Cyber Threat Report 2022–23, cyber crime reporting has risen by 23 per cent year-on-year.

That equates to 94,000 reports made to the Australian Cyber Security Centre for the financial year, or an average of nearly 300 reports every day.

==============
==============

The Australian Cyber Security Hotline alone accounted for 33,000 calls, a 23 per cent increase on the previous period.

The report also reveals the cost of cyber crime, and it’s hitting medium-sized businesses particularly hard. The average per-report cost of a cyber incident is $97,200 for mid-sized businesses, while for large organisations, it is $71,600. Small businesses aren’t getting off cheaply, either, with cyber attacks costing smaller operators $46,000 per incident.

Deputy Prime Minister and Minister for Defence Richard Marles says the report paints a stark picture.

“The Annual Cyber Threat Report demonstrates how governments, businesses, and critical infrastructure networks have been targeted by state and non-state actors, with the aim to destabilise and disrupt,” Minister Marles said in a statement.

“The report underscores the importance of ASD’s work in defending Australia’s security and prosperity and reinforces the significance of the Albanese government’s investment in ASD’s cyber and intelligence capabilities under Project REDSPICE.”

Ransomware remains a key part of the threat landscape, with over 10 per cent of the incidents that the ASD actively responded to related to data theft and extortion. The ASD responded to more than 1,100 incidents over the reporting period. The ASD also reported more ransomware incidents to victims this year – the Directorate informed 158 organisations of ransomware activity, compared to 148 in the previous reporting period.

However, ransomware is not the key cause for concern for Australian businesses. The top three crimes reported by Australian businesses were email compromise, fraud related to business email compromise, and online banking fraud.

For individuals, however, identity fraud was the most commonly reported cyber crime, followed by online banking fraud and online shopping fraud.

But while cyber crime is on the rise, state-based actors are increasingly targeting Australia’s critical infrastructure. The ASD responded to 143 incidents regarding attacks on critical infrastructure, largely looking to gather data or disrupt critical business systems. Russia and China have been particularly active in this area, and the ASD warns that the AUKUS treaty – which will see Australia begin operations of nuclear submarines – will almost certainly be a prime target in the future.

“The AUKUS partnership, with its focus on nuclear submarines and other advanced military capabilities, is likely a target for state actors looking to steal intellectual property for their own military programs,” the ASD said in its report.

“Cyber operations are increasingly the preferred vector for state actors to conduct espionage and foreign interference.”

The report notes that while criminals and threat actors are certainly being active, there has also been a 20 per cent rise in common vulnerabilities and exposures, or CVEs. These flaws are being exploited, with one in five CVEs being exploited within 24 hours of discovery. The response to this challenge, according to the ASD, is not just a technical one, but cultural as well.

“To boost cyber security, Australia must consider not only technical controls such as ASD’s Essential Eight, but also growing a positive cyber-secure culture across business and the community,” the report says.

“This includes prioritising secure-by-design and secure-by-default products during both development (vendors) and procurement (customers).”

You can read the full 80-page report here.

You need to be a member to post comments. Become a member for free today!