The Australian government has singled out the Chinese Communist Party (CCP) as a sponsor of cyberattacks and malicious activities targeting critical infrastructures and businesses in the country.
In a newly released report, the Australian Signals Directorate (ASD), responsible for foreign signals intelligence, cyber security, and offensive cyber operations, raised the alarm about a sharp rise in cybercrimes against Australian government entities, companies, and individuals.
In May, the ASD highlighted that Volt Typhoon, a hacking group backed by the Chinese regime, was able to use a technique called “living off the land” to blend in with normal system and network activities to steal information and conduct cyber espionage.
The ASD said the Volt Typhoon had infiltrated networks across U.S. critical infrastructure sectors and was concerned that the hacking group could apply this technique to Australian systems.
Along with the CCP, Russia was listed as a threat after its Federal Security Service used the “Snake” malware for long-term intelligence collection on high-priority targets worldwide.
The ASD expressed concern that the AUKUS partnership, involving Australia, the United Kingdom, and the United States, and its focus on nuclear submarines and other advanced military capabilities, was likely to be targeted by malicious state actors.
“Some states are willing to use cyber capabilities to destabilise or disrupt economic, political, and social systems.
“Some also target critical infrastructure or networks of strategic value with the aim of coercion or prepositioning on a network for future disruptive activity.”
Australia’s Dilemma in Maintaining a Relationship with the CCP
Despite ongoing malicious campaigns from the CCP, China continues to be Australia’s largest trading partner.In a television interview with the Australian Broadcasting Corporation, Deputy Prime Minister and Defence Minister Richard Marles admitted that Australia’s relationship with China was “complex.”
“They’re our largest trading partner, so it’s right to be investing in that relationship. But China has been a source of security anxiety for our country, and we prepare for that as well.”
While the government attributed the CCP as a backer behind cyberattacks against Australia, the deputy prime minister said there was a need to maintain “excellent” diplomacy with the Chinese regime and stabilise the relationship between the two countries.
At the same time, Mr. Marles also assured the public that the government was trying to make critical infrastructure defence as robust as possible.
“That’s why we’re seeing a $10 billion (US$6.5 billion) investment over ten years in the Australian Signals Directorate, which effectively doubles the size of ASD,” he said.
“It is a huge uplift in our cyber capability and our cyber defence.”
A Surge in Cybercrimes Targeting Australian Entities
The ASD reported over 94,000 reports of cybercrimes in the 2022-2023 financial year, up 23 percent from the previous year.This is equal to a cybercrime being reported every six minutes.
In addition, the Australian Cyber Security Hotline received 90 calls about cybercrimes per day, up from 69 calls previously.
While these figures represented a sharp rise in the number of cyber incidents, it was the tip of the iceberg, as only a small proportion of affected individuals and institutions reported incidents to authorities.
Meanwhile, enterprises saw a 14 percent increase in the cost of cybercrime, with small businesses experiencing an average financial loss of $46,000, $97,200 for medium businesses, and $71,600 for large businesses.
The top three cybercrime types for individuals were identity fraud, online banking fraud, and online shopping fraud, while the top three cybercrime types for businesses were email compromise, business email compromise fraud, and online banking fraud.
During the past year, the ASD responded to over 1,100 cybersecurity incidents, with 10 percent of them related to ransomware.
