Cybercrime: In Australia, there is one attack every seven minutes

• The ACSC found that sophisticated state and criminal actors are striking more frequently, with one cybercrime being reported every seven minutes.
• More than 76,000 reports in the past financial year, a 13% increase from the year before, ASCS said.

The world has witnessed a heightened level of malicious cybercrime over the last two years and regrettably, too many Australians have felt its impacts. The country has been a hotbed for cybercriminals lately, with more attacks being launched against critical infrastructure and essential services in the last few weeks alone. Data from the Annual Cyber Threat Report by the Australian Cyber Security Centre (ASCS) shows that over the last one year alone, the country saw an increase of nearly 13% in cyber threats.

To be precise, between July 2021 to June this year, ASCS noticed an uptick in the number and sophistication of cyber threats, making crimes like extortion, espionage, and fraud easier to replicate at a greater scale. “The ACSC received over 76,000 cybercrime reports between July 2021 to June this year. This equates to one report every seven minutes, compared to every eight minutes last financial year,” the report noted.

While just over half of attacks targeted individuals for fraud and theft, the report warned that state-sponsored attackers made cyberspace a “battleground” and cited attacks from China’s Ministry of State Security, Iran and Russian state-linked groups. To top it off, multiple attacks against Australian essential services were thwarted over the period, including a November 2021 attack on government-owned utility CS Energy, responsible for a tenth of the nation’s electricity output.

Prime Minister Anthony Albanese at a news conference commented, “It’s a huge wake up call and companies need to get their act together…we need to do much better. The government has stepped up, the private sector needs to step up in the interest of their customers but also their own interest.”

To recall, the Australian government recently decided to table a legislation to increase the maximum penalty for repeated offenses of ‘privacy breach’. They are planning to increase the penalty amount to US$32 million from the current US$1.4 million or 30% of the turnover in the relevant period or three times the value of any benefit obtained through misuse of information. 

What cybercrime did the ACSC see?

In the Annual Cyber Threat Report, ACSC saw an increase in financial losses of over AU$98 million due to Business Email Compromise (BEC) — an average loss of AU$64,000 per report. There had also been a rise in the average cost per cybercrime report to over AU$39,000 for small business, AU$88,000 for medium business, and over AU$62,000 for large business, an average increase of 14%.

ACSC also noticed a staggering 150,000 to 200,000 small office/home office routers in Australian homes and small businesses vulnerable to compromise including by state actors. Through the Australian Protective Domain Name System, ACSC said over 24 million malicious domain requests have been blocked, and separately 15,000 domains hosting malicious software targeting Australia’s Covid-19 vaccine rollout was also taken down.

The most common crimes reported to the ACSC were fraud (27% of the total), followed by online shopping (14%) and online banking-related incidents (13%). While ransomware was only a small part of the total (less than 1%), the report says it “remains the most destructive cybercrime threat” because businesses face disruptions and damage to their reputation if stolen data is released or sold as threatened. The public can also be heavily affected.

---

---

---

---