Australians made 67,500 cybercrime reports last financial year, and not surprisingly, most of them were related to the pandemic.
The figure is a 13% year-on-year increase – and equates to one report of a cyberattack every eight minutes. Self-reported losses from cybercrime last year totalled more than $33 billion.
In its latest report, the Australian Cyber Security Centre is classing these attacks as “substantial” in impact. Partially to blame is the ol’ chestnut that these crimes are now actually being reported to the ACSC, mostly by larger organisations. It also doesn’t help that the crims are getting more sophisticated and taking advantage of the COVID-19 climate.
While medium business were the most affected, government entities accounted for approximately one-quarter of incidents, at 23%.
2020-21 figures at a glance
- Over 67,500 cybercrime reports were made via ReportCyber
- Reporting was pretty consistent over the year
- The highest proportion of reports came from Queensland, making up 30%
- Victoria was a close second at 29%, with NSW third at 18%
- Fraud cybercrime was involved in approximately 23% of total reports
- Shopping was next at 17%
- Total losses – keeping in mind these are self-reported – pushed past $33 billion
- Medium-sized businesses were mostly affected
- 60 calls a day were made to 1300 CYBER1
- The ACSC responded to approximately 1,630 cybersecurity incidents
- It also removed over 7,700 websites that were hosting cybercrime activity
Cybercrime trends last year
The pandemic, of course, was exploited by malicious actors — a big chunk of this was the bad guys taking advantage of people seeking legitimate information. More than 75% of pandemic-related cybercrime reports involved Australians losing money or personal information.
The ASCS said state actor activity was probably motivated by access to intellectual property or sensitive information about Australia’s response to COVID. Criminals, meanwhile, sought to leverage critical services to increase the motivation of victims to pay ransoms.
Approximately 25% of cyber incidents reported during the period were associated with Australia’s critical infrastructure or essential services, such as healthcare, food distribution and energy sectors.
Supply chains – particularly software and services – also continue to be a prime target for malicious actors to gain access to a vendor’s customers. Although the consequences of major supply chain attacks – such as SolarWinds – were not as severe for Australia, a number of organisations were forced to take mitigation actions to prevent more serious network impacts.
There was also a 15% increase in ransomware cybercrime reports – the ACSC received nearly 500 of them. A few high-profile victims, such as the Colonial Pipeline and JBS Foods attacks, make this number no real surprise at all. In addition, the bad guys had no issue with exploiting security vulnerabilities. The ACSC said it responded to nearly 160 incidents.
Alongside ransomware as a growing area of concern is business email compromise – or BEC. The ACSC says BEC continues to present a major threat to Australian businesses and government, especially as more people work remotely. Total losses attributable to BEC incidents was approximately $81.45 million – more than one-and-a-half times higher than the previous financial year.
Update your passwords, don’t click on dodgy links, never give your personal information out and phone at 1300 CYBER1 for advice.