Ransomware still Australia’s ‘most destructive cybercrime threat’

Ransomware remains the “most destructive cybercrime threat” facing Australia, according to the national cybersecurity agency, despite data showing a marginal drop in official reports from victims over the past year.

The Australian Cyber Security Centre’s (ACSC) latest annual threat report, released on Friday, reveals more than 76,000 cybercrime reports to the agency last financial year, or one every seven minutes  – a 13 per cent increased on 2020-21.

The most frequently reported cybercrime during 12 months related to online fraud (27 per cent), followed by online shopping (14 per cent), online banking (13 per cent) and investments (12 per cent), with most reports originating from Queensland and Victoria.

Ransomware remains Australia’s “most destructive cybercrime threat”. Credit: Solarseven/Shutterstock.com

Ransomware accounted for a very small percentage of total cybercrime reports comparatively, at 447 reports (0.6 per cent) – around 10 per cent fewer than in the 2020-21 financial year – but the ACSC stressed that it “remains the most destructive cybercrime threat”.

“This is because ransomware has a dual impact on victim organisations – their businesses is disrupted by the encryption of data, but they also face reputational damage if stolen data is released or sold on,” the third annual report said.

The persistent threat of ransomware comes as proposed reforms under the former Coalition government’s ransomware action plan, including tougher penalties for criminals and a mandatory the former incident reporting scheme, take a backseat to more pressing issues.

The new Albanese government has, however, committed to revising the 2020 Cyber Security Strategy, which will likely see a great focus on ransomware given Labor’s criticism of the former government last year.

Of the more than 1,100 cyber security incidents responded to by the ACSC, ransomware accounted for 135, representing a 75 per cent increase compared with 2019-20. The agency also notified 148 organisations of ransomware activity on their networks.

The report also reveals the overall number of incidents – 95 of which impacted critical infrastructure providers – responded to by the ACSC fell 36 per cent this year, in part due to the “expansion of Australia’s commercial incident response sector”.

Most reports of ransomware incidents were from the education and training sectors (11 per cent), followed by information media and telecommunications (10 per cent) and professional, scientific, and technical services (10 per cent).

“Top-tier ransomware groups are continuing to target Australian ‘big game’ entities – organisations that are high profile, high value, or provide critical services,” the report said, adding that the global shift towards targeting small and medium-sized businesses is yet to be seen in Australia.

When considering all cyber security incidents, government was responsible for the most reports, with the federal government accounting for (24 per cent) and the state, territory and local governments (10 per cent).

ACSC said the “majority of compromises… observed used relatively simple tools and techniques”, including “spear phishing targeting third-party service providers and exploiting unpatched or misconfigured systems using public vulnerabilities”.

“The exploitation of public vulnerabilities is low cost and scalable, and exploits can be deployed within hours of a patch release or technical write up,” the report said.

More than 24,000 Common Vulnerabilities and Exposures (CVEs) were identified last financial year – a 25 per cent increase in the number of publicly reported software vulnerabilities compared with 2020-21.

Announcing the release of the threat report, Deputy Prime Minister and Minister for Defence Richard Marles said the growth of malicious cyber activity reflected the deterioration in geostrategic competition globally.

“Over the last financial year Australia has witnessed a heightened level of malicious cyber activity, reflecting the evolving strategic competition across the globe,” he said in a statement on Friday.

“This has been clearly demonstrated in the brutal invasion of Ukraine – where Russia has sought to cause damage not just in traditional warfare, but through the use of destructive malware as well.”

Mr Marles said that with threat actors continuing to find “innovative ways to deploy online attacks”, the government was “reinforcing Australia cyber security a national priority”, including through REDSPICE.

In the March 2022 federal Budget, the former Coalition government committed $9.9 billion to the Australian Signals Directorate (ASD) over the decade, allowing the agency to double in size and triple its cyber offensive capability.

As a result of the funding, ASD will establish new hubs in Melbourne, Brisbane and Perth in the next three years, in part to attract new talent. The creation of the hubs will mean 40 per cent of staff will be located outside of Canberra.

Do you know more? Contact James Riley via Email.

Leave a Comment

Related stories