During the 2022-2023 fiscal year (starting July 1, 2022, and ending June 30, 2023), the Australian Signals Directorate (ASD) responded to more than 1,100 cyber attack incidents. It also filed nearly 94,000 reports to law enforcement during this period – an average of one report every six minutes.
In its latest report, the ASD provides an in-depth analysis of the country’s recent cyber threats. The 80-page report paints a picture of an evolving and persistent digital battleground.
The most recent incident is DP World – a logistics company responsible for 40% of the country’s maritime freight – experiencing a 3-day outage over the weekend.
Australia’s cyber crime trends
Cyber threats in Australia range from opportunistic attackers to more deliberate incursions. Cyber attackers are increasingly focusing on the country’s critical infrastructure.
ALSO READ: Australia under escalating cyber warfare
Many experts believe cyber criminals’ main objective is to collect information or disrupt operations. The AUKUS partnership – a three-way security pact between Australia, the United Kingdom, and the United States focusing on nuclear submarines and other military capabilities – is seen as a potential high-profile target for this kind of attack.
Russia and China’s espionage attempts
The report also mentions Russia’s ‘Snake’ cyber espionage malware. During the 2022-2023 fiscal year, the ASD partnered with international stakeholders to expose Russia’s Federal Security Service’s use of this malware.
A joint cyber security advisory focused on ‘Snake’ was released in May 2023, citing how the cyber espionage tool had been used for long-term intelligence gathering on high-priority targets.
At the time, CISA, the United States’s cyber defense agency, called on businesses to strengthen operational resilience by implementing multi-factor authentication (MFA) and providing employees with cybersecurity awareness and training.
Shortly after, Australia co-badged another joint cyber security advisory. The second alert outlined malicious activity associated with a state-sponsored cyber actor from China – known as Volt Typhoon.
The cost of cybercrime
According to the ASD report, Australia’s average cost of cybercrime increased by 14% during the current fiscal year. This translates to a financial risk of approximately $46,000 for small businesses, $97,200 for medium businesses, and $71,600 for large businesses.
The ASD cites this example: “A ransomware attack that locks systems could halt production and delivery, rendering a business unable to fulfill its orders. The second order impacts of this could be costly – including lost revenue or confidence from business partners and customers alike.”
ALSO READ: Cyber security expert shares strategy to keep businesses safe
“Early detection of malicious activity is vital for mitigating cyber threats. It can take time to discover a compromised network or system, so robust and regular monitoring is essential,” the report states.
The most prevalent forms of cyber crimes pose a risk to both businesses and organizations. These threats include:
- Identity fraud (for individuals),
- Online shopping fraud (for individuals),
- Email compromise fraud (for businesses),
- Online banking fraud (for individuals and businesses).
Proactive measures
To guard against “living-off-the-land” and other forms of cyberattacks, the following proactive measures can be implemented to avoid falling victim to the sophisticated tactics:
- Regular system and network monitoring: Continuous monitoring to detect unusual behavior.
- Enhanced access controls such as MFA, especially for users with access to sensitive company data.
- Patch management will ensure all systems are patched and updated with the latest security measures to guard against vulnerabilities.
- Endpoint Detection and Response (EDR) for real-time monitoring and automated threat response.
- Data encryption to secure sensitive data in transit (and at rest) is protected from unauthorized access.
These five strategies present only a fraction of the action required to safeguard your network against cyber threats.
Since cybercrime prevention is a rapidly evolving field, it’s crucial to consult with cyber security experts and analysts (also called information security analysts) to understand the complexities of these threats and prepare accordingly.
The bigger picture
The ASD warns that malicious cyber activity against Australian infrastructure “is likely to increase as networks grow in size and complexity.” It’s imperative to follow best practices in cybersecurity, such as ASD’s “Essential Eight”.
Moreover, the need for a collaborative approach cannot be stressed enough, especially as cyber threats continue to evolve. A nation’s collective response must evolve as well.
READ: Australia to develop a national strategic fleet
Today’s digital landscape is interconnected, and isolated measures no longer cut it. Collaboration across public and private sectors is vital, emphasizing partnership, innovation, and vigilance.
About the author
Cheryl has contributed to various international publications, with a fervor for data and technology. She explores the intersection of emerging tech trends with logistics, focusing on how digital innovations are reshaping industries on a global scale. When she's not dissecting the latest developments in AI-driven innovation and digital solutions, Cheryl can be found gaming, kickboxing, or navigating the novel niches of consumer gadgetry.
