- Australians report over 67,500 cybercrimes over the 2021 financial year as a strong dependence on the internet opens up opportunities for cybercriminals.
- This equates to one reported cybercrime every eight minutes and accounts for some $33 billion in self-reported financial losses
- The ACSC says phishing emails often try to explore the pandemic environment by framing cons around COVID-related topics
- Around 25 per cent of all cybercrimes over the year were targeted at the critical infrastructure sector, with the healthcare industry also a frequent target
- The ACSC says cybercrimes are likely to ramp up in frequency in the coming years, but they will grow in complexity and become more difficult to defend
Over 67,500 cybercrimes were reported by Australians over the 2021 financial year, according to the latest annual threat report from the Australian Cyber Security Centre (ACSC).
This equates to one reported cybercrime every eight minutes.
It’s a 13 per cent increase on the previous financial year, according to the ACSC, as a pandemic-driven reliance on the internet swept the nation.
Isolation orders and a fast-paced shift to working from home saw more Australian individuals and businesses spending time online, and the ACSC said this gave malicious cyber actors more opportunities to exploit vulnerable people.
According to the ACSC report, phishing emails exploited the pandemic environment by regularly framing cons around COVID-related topics and encouraging people to enter personal credentials to access COVID-related information or services.
The ACSC said it received over 1500 cybercrime reports per month relating to the COVID-19 pandemic from the start of July 2020 to the end of June 2021. The department removed over 110 malicious COVID-19 themed websites over this time.
Criminals often tried to leverage critical services to motivate victims to pay ransoms — resulting in the health care sector being a major target for ransomware attacks over the year.
Critical infrastructure accounted for roughly 25 per cent of all reported cyber security incidents over the year, according to the ACSC, with sectors such as education, communication, electricity, and water copping frequent cybercrime incidents.
Assistant Minister for Defence Andrew Hastie said in a media statement cyber is the “new battleground”.
“Malicious cybercriminals are escalating their attacks on Australians,” Minister Hastie said.
“We need all Australians to be vigilant by taking simple cyber security steps including using strong passphrases, enabling two-factor authentication, updating software and devices and maintaining regular data backups, as well as being on guard against malicious emails and texts.”
The ACSC reported that over 75 per cent of pandemic-related cybercrime reports involved Australians losing money or personal information.
Self-reported losses from cybercrime over the year reached over $33 billion, though ACSC said this figure couldn’t be fully verified.
How are cybercriminals targeting Australians?
Fraud-related cybercrimes were the most common type of cybercrime over the year, accounting for 23 per cent of all reports.
Shopping scams were next, at 17 per cent, with online banking scams the third most common at 12 per cent of reports.
Meanwhile, business email compromise (BEC) remained one of the top cybercrime categories, accounting for 7 per cent of reports and reportedly costing Australian businesses tens of millions of dollars over the year.
These types of scams often target businesses with fake invoices that appear to be for real services.
Australia saw a major ramp-up in ransomware attacks, which increased to nearly 500, over the year — almost 15 per cent more than the year before.
In these types of scams, unsuspecting victims are often conned into giving a hacker remote access to their computer.
The cybercriminal then locks the computer and threatens to destroy all files in the system unless the victims pay a certain amount of money to gain an access code and take control of their computer back.
The nature of the crime means entire servers can be seized and locked, and unless there is a recent backup of the data, the company or individual has no way to take back control unless they pay up.
The tech services and health care sectors were the most common victims of ransomware incidents over the year, with state, territory, and local governments also frequent victims.
Looking ahead, the ACSC said cybercrimes were likely to continue to ramp up in frequency in the coming years, but they will grow in complexity and become more difficult to defend.
While targeted attacks by groups of hackers against large corporations are most likely to make headlines, the ACSC said many of the compromises experienced by Australians will be fuelled by a lack of adequate “cyber hygiene”.
The ACSC urged Australians to learn about scams and how cybercriminals operate and to remain vigilant in vetting unsolicited emails and text messages.