The Australian Cyber Security Centre (ACSC) has released its Annual Cyber Threat Report detailing an overview of key cyber threats impacting Australia and how the ACSC is managing such threats to Australian businesses and consumers.
The report covers the period between July 2021 and June 2022 and examines the impact of cyber crime across all Australian sectors.
The report identified the following cyber security trends in the 2021-22 financial year:
- The use of cyberspace as a weapon for warfare between nations. This has impacted data security as well as national peace
- Australia’s prosperity is attractive to cyber criminals, particularly cybercrime directed at individuals via online banking and phishing
- Ransomware groups have continued to impact Australian businesses and organisations, stealing copious amounts of personal information as part of extortion tactics
- Critical infrastructure networks are increasingly being targeted to put essential services at risk
- Critical public vulnerabilities are becoming the norm with malicious actors continuously targeting unpatched systems to harm Australian organisations and individuals
The ACSC saw:
- An increase in financial losses due to business email compromise to over $98 million
- A rise in the average cost per cybercrime report to over $39,000 for small businesses, $88,000 for medium businesses, and over $62,000 for large businesses
- A 25 per cent increase in the number of publicly reported software vulnerabilities
- Over 76,000 cybercrime were reported, every 7 minutes on average
- Fraud, online shopping and online banking as the top reported cybercrime types
In turn, the ACSC:
- Responded to over 1,100 cyber security incidents
- Blocked over 24 million malicious domain requests
- Took down over 29,000 brute force attacks against Australian servers
- Took down over 15,000 domains hosting malicious software
- Shared over 28,000 indicators of compromise with ACSC Partners
- Collaborated with partners on 5 successful operations against criminal online marketplaces and foreign scam networks
- Responded to 135 ransomware incidents
- Conducted 49 high priority operational tasks in response to identified and potential significant cyber threats
- Published 13 new Step-by-Step Guides
- Operationalised amendments to the Security of Critical Infrastructure Act
The ACSC recommends that organisations update their devices, review their cyber security posture and maturity, patch vulnerabilities, report all cybercrime, and become an ACSC partner.
