Cybercrime Against Australians Rapidly Worsening

Cybercrime Against Australians Rapidly Worsening
A hooded man holds a laptop computer as cyber code is projected on him in this illustration picture taken on May 13, 2017. Kacper Pempel/Illustration
Crispin Rovere
Updated:

Cybercrime incidents are up 13 percent in one year with a new attack reported every 8 minutes, according to a new report by the Australian Cyber Security Centre (ASCS).

Operated by digital spy agency Australian Signals Directorate, the ACSC noted that a higher proportion of cyber security incidents were being categorised as “substantial” in their impact.

“Government agencies at all levels, large organisations, critical infrastructure providers, small to medium enterprises, families and individuals were all targeted over the reporting period—predominantly by criminals or state actors,” the report reads.

Over $33 billion was lost due to self-reported cyber-crime in 2020-21 alone, as criminals and spies exploit increased dependency on the internet during the pandemic.

“Malicious cyber actors have pivoted to exploit the COVID–19 pandemic and are actively targeting vulnerable Australians and health services to conduct espionage, and steal money and sensitive data,” said Assistant Minister for Defence Andrew Hastie when releasing the report.

Hastie warned that the health sector was especially at risk, having seen the second highest number of ransomware incidents, as malicious actors exploit people’s desire for COVID-19 information and services to obtain personal data.

While many perpetrators are criminals seeking profit, the report noted that attacks by state actors were being conducted, “motivated by access to intellectual property or sensitive information about Australia’s response to COVID.”

Health services were among the one quarter of all 67,500 cybercrime incidents during 2021-21 relating to Australia’s critical infrastructure. Food distribution and energy are also being targeted, with the ACSC warning that this may cause “significant disruption in essential services, lost revenue and the potential of harm or loss of life.”

Government services remain the primary victim, accounting for 35 percent of all reported incidents, though this could also indicate under-reporting in areas of the private sector.

This follows a major incident last year where Australian Prime Minister Scott Morrison announced the nation was experiencing a sophisticated state-based cyber-attack, widely believed to be from China. “Regrettably this activity is not new, but the frequency has been increasing,” he said at the time.

Reacting to the ACSC report, cyber security expert Rylan Painter urged people to be active and vigilant, including through rapid patching, maintaining a response plan for ransomware attacks, and ensuring cybersecurity remains a strategic priority for themselves and their businesses.

Hastie is encouraging any Australian business, organisation or family to report cybercrime through ReportCyber or become a Partner of the ACSC.