Cyber-security incidents reported by victims fell during the 2020-21 financial year, the Australian Cyber Security Centre says in its annual threat report, adding that there was also a drop in the most severe types of incidents. A total of 1630 incidents were reported, with the categorisation ranging from 1 (most severe) to 6 (least severe). In 2020-21, there were no incidents that were in either category 1 or 2. But a higher proportion were classified as category 4 that in the previous financial year.
The highest number of reports of cyber crime during the financial year 2020-21 came from Queensland (30%), with Victoria just behind (29%). The highest average financial losses were reported by victims in South Australia and Western Australia. Total losses totalled about $33 billion. The number of cyber crimes reported was up by about 13% year-on-year, with 67,500 reports received, and the ACSC said in its report that it had categorised a higher proportion of the reports as "substantial" in impact this year.
A graph showing the incidents during the two years, 2019-20 and 2020-21, indicated that there was a spike in April last year which was attributed to a bulk extortion campaign. More than 1500 incidents related to the pandemic were reported every month, with three-quarters of them relating to the loss of money or personal information. There were about 500 ransomware incidents reported, an increase of about 15% from the previous financial year. The report can be downloaded here.
Satnam Narang, staff research engineer at security shop Tenable, said the findings underscored much of what security professionals had been seeing and warning about. "Cyber criminals are operating with a fierce determination now more than ever before," he said. "The COVID-19 pandemic and the shift to remote work has provided new opportunities to both scammers and financially-driven thieves alike. "The 15% increase in ransomware attacks can be largely attributed to the rise in ransomware-as-a-service groups, which enables cyber criminals to make a significant profit, and the adoption of double extortion tactics.
"Not only do organisations have to worry about computers in their network being encrypted, but they also have to worry about ransomware groups stealing their sensitive data and threatening to publish them on the dark web if their ransom demands are not met. Ransomware has always been considered a prominent part of the game so to speak, but now ransomware has become the game."
The chief executive of Australian cyber security company VeroGuard, said:
"This assessment reflects a global vulnerability in critical infrastructure security. It is a result of organisations migrating to cloud-based operations that allows access to data and operations via open networks.
"It makes sense that business and government want to automate and leverage Internet-based open networks to support mobility, connectivity, and the flow of data. However, the current focus on software-based detection tools, two-factor authentication and biometrics as methods to secure access are clearly not closing the gaps in security when working over the Internet with the cloud.
"Greater than 90% of attacks and breaches are on users' identity and credentials as accessing a system remotely by assuming an authorised user's identity allows the cyber-criminal to remain undetected for an average of 207 days. This is the logical and only place to focus that action."
Sam Varghese - 15 September 2021