Share this article on:
Fraud is the most common cyber crime targeting Australians, with more than 87,000 reports made to the ASD in 2023–24.
The Australian Signals Directorate (ASD) has released its Annual Cyber Threat Report for 2023–24, and while some numbers show an overall improvement in the threat landscape, others show new cyber crime trends impacting Australian individuals and organisations.
Probably the key figure is that the ASD received more than 87,400 reports on cyber crime, which is down 7 per cent from the previous year.
However, that still equates to one report every six minutes, which isn’t that far from the previous years’ numbers.
However, calls to the Australian Cyber Security Hotline increased by 12 per cent, with more than 36,700 calls answered – that’s 100 calls each day, compared to 90 calls per day last year.
The average cost of cyber crime to individuals – that is, self-reported incidents – has sadly risen to $30,700, a 12 per cent increase, while the average cost for businesses has dropped by 8 per cent overall, but it’s not evenly distributed across businesses of different sizes.
The most commonly reported cyber crimes impacting individuals were identity fraud at 26 per cent of all reports, online shopping fraud at 15 per cent, and online banking fraud 12 per cent.
Large businesses have seen an 11 per cent decrease to an average cost of $63,600, and medium-sized businesses have seen their costs drop significantly to $62,000 – a drop of 35 per cent.
Small businesses, however, appear to be bearing the brunt of the cyber crime threat, with the costs per report averaging $49,600, up 8 per cent from last year.
Email compromise was the most common attack vector against businesses, making up 26 per cent of all reports, followed by online banking fraud at 15 per cent and business email compromise fraud at 12 per cent.
Critical infrastructure was also a target for malicious actors, with the most common form of incident involving compromised accounts or credentials. Thirty-two per cent of all reported cyber security incidents involved this vector, followed by malware at 17 per cent of all reports, and compromised assets, networks, or infrastructure at 12 per cent.
More than 90 critical infrastructure entities were notified by the ASD regarding malicious cyber activity.
Twelve per cent of all attacks involved ransomware, a 3 per cent increase over the previous year.
“This year’s report outlines the cyber threat posed to Australian governments, critical infrastructure, businesses and households. It shows how malicious state actors and cyber criminals are continuing to adapt their tradecraft in an attempt to compromise Australian networks,” Richard Marles, Deputy Prime Minister and Minister for Defence, said in the report’s foreword.
“These circumstances underline the significant role that cyber capabilities play in safeguarding our national security and the critical role ASD continues to play in protecting Australians.”
The ASD’s response
The ASD responded directly to more than 1,100 incidents, much the same number as last year, and it notified 930 entities of possibly malicious activity.
The Australian Protective Domain Name System was busy, blocking 82 million attempts to access malicious domains – an increase of 21 per cent. Similarly, the ASD’s Domain Takedown Service requested 49 per cent more removals than last year, totalling more than 189,000 requests.
Sharing of threat intelligence with international partners also increased, up by 66 per cent, with 1,372,400 indicators of compromise shared with more than 400 partners.
The ASD also worked on programs involving cyber hygiene improvement, cyber uplift remediation, cyber maturity measurement, and critical infrastructure uplift.
Sarah Sloan, Palo Alto Networks’ head of government affairs and public policy ANZ and Indonesia, was keen to support the ASD’s work over the last 12 months.
“We congratulate the Australian government on the release of the Australian Signals Directorate’s Annual Cyber Threat Report 2023–24. The report’s findings align closely with Palo Alto Networks Unit 42 threat intelligence, which confirms the growing speed, scale, and sophistication of cyber adversaries,” Sloan said.
“This underscores the critical need for organisations to adopt cyber security best practices, including near-real-time incident detection and response capabilities.”
David Hollingworth has been writing about technology for over 20 years, and has worked for a range of print and online titles in his career. He is enjoying getting to grips with cyber security, especially when it lets him talk about Lego.