Almost 94,000 cybercrime reports made to ASD, up 23% on last year
The Australian Signals Directorate's Australian Cyber Security Centre has released its Annual Cyber Threat Report for the 2022 to 2023 financial year.
The report provides an analysis of data collected by the Centre on cybercrime reports across the country, detailing the nature and frequency of cyber threats and the Centre’s response strategies.
During the 2022–23 financial year, Australia continued to face threats from malicious cyber activities, with the Australian Signals Directorate responding to more than 1100 cybersecurity incidents.
/BOIS_ASD23reports.jpg?width=1920&height=1080&name=BOIS_ASD23reports.jpg)
Source: Australian Signals Directorate, Cyber Threat Report 2022-2023
The ASD emphasises that global critical infrastructure has become a major target for state cyber actors. In particular, Australia’s AUKUS was highlighted as a potential target for intellectual property theft by state actors.
Australian critical infrastructure was related to 143 of the cyber security incidents the ASD responded to in 2022-23. The ASD notified seven critical infrastructure entities directly about suspicious cyber activity.
About 57% of the cyber incidents reported by critical infrastructure entities involved compromised accounts or credentials, compromised assets, networks or infrastructure, as well as denial of service attacks, the ASD reported.
Overall, the financial toll of cybercrime has risen, with a 14% increase in the average self-reported cost per incident. The average reported per incident cost for small businesses was $46,000, while it was $97,000 for medium businesses, and $71,600 for large businesses.
The ASD reports that there were nearly 94,000 cybercrime reports made, a 23% increase from the previous year. The Australian Cyber Security Hotline also saw a 32% increase in activity, handling more than 33,000 calls.
The top three cybercrime types for individuals were reported as identity fraud, online banking fraud and online shopping fraud, while the top three cybercrime types for businesses were email compromise, business email compromise and online banking fraud.
Ransomware remains a persistent threat, with 10% of all responded incidents including ransomware. The ASD notified 158 entities of ransomware activity on their networks, up 7% on last year.
The ASD reports that the Australian Protective Domain Name System has been key in mitigating threats, blocking over 67 million malicious domain requests, a 176% increase from the previous year. Additionally, the Domain Takedown Service blocked more than 127,000 attacks against Australian servers.
The sectors reporting the most cyber security incidents includes the Federal government, reporting 30.7% of all incidents, State and local government (12.9%), professional, scientific and technical services (6.9%), education and training (6.7%), healthcare and social assistance (5.9%) and financial and insurance services (4.7%).
/BOIS_ASD23sectors.jpg?width=1920&height=1080&name=BOIS_ASD23sectors.jpg)
Source: Australian Signals Directorate, Cyber Threat Report 2022-2023
In the report’s foreword, Deputy Prime Minister and Defence Minister Richard Marles notes that the Indo-Pacific region was seeing growing competition on economic, military, strategica and diplomatic levels.
“In this context, Australian governments, critical infrastructure, businesses and households continue to be the target of malicious cyber actors,” he writes.
“This report illustrates that both state and non-state actors continue to show the intent and capability to compromise Australia’s networks. It also highlights the added complexity posed by emerging technologies such as artificial intelligence.
“The report demonstrates the persistent threat that state cyber capabilities pose to Australia. This threat extends beyond cyber espionage campaigns to disruptive activities against Australia’s essential services.
“The report also confirms that the borderless and multi-billion dollar cybercrime industry continues to cause significant harm to Australia, with Australians remaining an attractive target for cybercriminal syndicates around the world.”
For more details, charts and deep dives into major cybersecurity topics and trends seen by the report, check out the full report by following this link.
