The Australian Cyber Security Centre (ACSC) recorded 59,806 cybercriminal complaints in the past 12 months (From July 2019 to June 2020) and responded to 2,266 legitimate ones at an average of 164 reports per day, or one report every 10 minutes. The First Annual Cyber Threat Report was jointly produced by the ACSC, the Australian Criminal Intelligence Commission (ACIC) and the Australian Federal Police (AFP). The report underlines Australia’s growing concerns about the frequency, scale, and sophistication of cyberthreats targeted at its digital and now critical infrastructure.
Key Highlights
- ACSC recorded 59,806 cybercriminal complaints in the past 12 months beginning from July 2019 to June 2020.
- It responded to 2,266 legitimate complaints.
- Two notable spikes were observed in October 2019 and April 2020.
- The month of April saw the highest spike (318 instances) in cybersecurity incidents, whereas the government sector saw the highest number of incidents (803) in the reporting period.
- The most common type of cybersecurity incidents ware “Phishing” and “Spearphishing” attacks (27%).
The ACSCs First Annual Cyber Threat Report
A recent survey from the Australian Competition and Consumer Commission (ACCC) revealed that Australians lost over $634 million to scams in 2019 alone which was a 30% increase compared to $489 million in 2018. While ACSC believes that the true cost of cybercrime to the Australian economy is difficult to gauge, it certainly considers cybercrime as one of the most pervasive threats to the country, and the most significant in terms of the overall volume and impact to individuals and businesses.
Overall, the Australian government aims to address these brewing threats and thus asked ACSC to come up with an indicative study that would suffice individuals and businesses to draw mitigation measures. Thus, was born the first unclassified ACSC Annual Cyber Threat Report 2020.
During the reporting period, there were two notable spikes in October 2019 and April 2020. As per the ACSC, the first spike corresponds to a wave of Emotet malware campaign and the second in April 2020, was a COVID-19-themed cybercrime. The ACSC makes a special mention of the COVID-19-based cybercrime activity because it is here that it saw a rapid increase in the phishing and spearphishing attacks that account to nearly a quarter (27%) of the total incidents in the past 12 months.
Of all the sectors that were studied during the analysis, the government sector saw the highest number of incidents (803) in the reporting period. The ACSC states, “The comparatively higher volume of reports from Commonwealth, State and Territory Governments is due to their close working relationship with the ACSC and their willingness to report incidents.” However, Australia’s critical infrastructure sectors including electricity, water, health, communications, and education, were closely followed by the government sector, accounted for 35% of the incidents responded to by the ACSC.
Australia to Boost Cybersecurity
With the evident surge in cybercrime the Australian Prime Minister, Scott Morrison, recently announced that the country is spending AU$1.66 billion (US$1.19 billion) over the next decade to bolster the cybersecurity defenses for enterprises. Morrison stated, “The increased security investment is aimed to fortify critical infrastructure, boost police efforts to disrupt malicious activities on the dark web and strengthen community awareness on security.”
Reverberating Morrison’s words, Australia’s Defence Minister Linda Reynolds, stated, “The alarming ‘new normal’ of persistent cyberattacks on Australia is blurring the difference between ‘peace and war’. We are now facing an environment where cyber-enabled activities have the potential to drive disinformation and directly support interference in our economy, interference in our political system, and also in what we see as critical infrastructure.”
Apart from the numbers related to the cyberattacks, the ACSC also shared a few useful mitigation steps to help businesses and individuals up their cybersecurity game. Learn more here.
