Australian Signals Directorate annual cyber threat report for 2024-25 shows 11 per cent rise in cyber security incidents
The Australian Signals Directorate faced 1,200 cybersecurity incidents last year as the pace of cyber attacks on Australian businesses and governments continues to increase.
The 1200 figure announced within the scope of ASD’s 2024-25 Annual Cyber Threat Report indicates an 11 percent increase compared to the previous year.
Defense Minister Richard Marles warned that the country faced “an increasingly challenging threat landscape”.
“The country faces an increasingly challenging threat landscape where cyber-enabled espionage and crime is not a hypothetical risk but a real and growing danger to the essential services we all rely on,” he said.
“The report makes clear that malicious actors are working unseen to steal data from Australian victims and demand ransom payments or target our most critical networks for devastating attacks.”
The report, released on Monday, details a number of disturbing trends where every major business and industry is now at risk from potentially crippling attacks.
First of all, the number of ransomware cases in the healthcare sector has doubled in 2024-25 compared to the previous year.
The report states that malicious cyber actors were successful in 95 percent of all healthcare and social care sector cases that ASD responded to.
Moreover, the cost of cyber attacks to businesses is increasing rapidly.
The average cybercrime cost per report for small businesses is now $56,600, up 14 percent.
For medium-sized businesses, costs rose 55 percent to $97,200, while reported costs for large businesses rose 219 percent to $202,700.
“Businesses should operate with an ‘undertake’ mentality and prioritize assets or ‘crown jewels’ that need the most protection,” the ASD report says.
The report notes that the attacks emanated from a range of state-based actors as well as criminal organizations.
A Chinese group called Advanced Persistent Threat (APT) 40 stands out as one of the key state-backed attackers.
“APT40 regularly conducts malicious activities against Australian and regional networks that hold information valuable to the People’s Republic of China,” the report states.
“These activities represent a security threat to many government and critical infrastructure networks.
“Australia and several international partners have acted decisively to detail APT40’s commercial prowess to help network defenders detect and prevent malicious activity.”
The ASD adds that state-based actors “routinely target” Australia’s critical infrastructure to conduct espionage or “prepare for disruptive and disruptive cyber effects” in the event of a future conflict.
The report finds that during the year, cyber actors twice achieved “comprehensive compromise” in the federal government, government shared services, and regulated categories of critical infrastructure.
The report comes two days after criminal hackers posted stolen Qantas customer data on the dark web following a July cyberattack on the airline giant’s operations in Manila.
Stolen data includes names, phone numbers, addresses, emails, birthdays, gender, frequent flyer numbers, status tiers and point balances.
No credit card information, personal financial information or passport information was accessed in the breach.
The airline said it was investigating the incident alongside cybersecurity experts, the Australian government, ASD’s Australian Cyber Security Center and the AFP.
