The Australian Cyber Security Centre (ACSC) released their third Annual Cyber Threat Report on Friday, November 4th. The report highlights the cyber threats facing Australia from July 2021 to June 2022, the ACSC’s response, and tips on how consumers and businesses can protect themselves online.
Five key cyber trends are described by the ACSC for the financial year 2021-22:
- Cyberspace has become a battleground
- Australia’s prosperity is attractive to cybercriminals
- Ransomware remains the most destructive cybercrime
- Worldwide, critical infrastructure networks are increasingly targeted
- The rapid exploitation of critical public vulnerabilities became the norm
Frequency of cybercrime reports
More than 76,000 reports of cybercrime were received by the ACSC. Reports were submitted on average every seven minutes, up 13% from the previous year.
Cybercrime by type
Cybercrime reports were dominated by the following crimes:
- Online fraud: approximately 27 per cent
- Online shopping: approximately 14 per cent
- Online banking: approximately 13 per cent.
Medium sized businesses hit the hardest
There was an average increase of 14% in the cost of cybercrime. A cybercrime incident costs a small business on average $39,000, a medium business $88,000, and a large business over $62,000.
ACSC hones in on BEC
The process of business email compromise (BEC) involves an attacker targeting a company and scamming them out of money or goods. A BEC can also lead to payment diversion fraud, when hackers impersonate others to create or amend invoices or direct payments to bank accounts owned by them.
In Australia, BEC is a growing problem that impacts businesses across all industries. BEC scams have led to billions of dollars in potential losses for organisations. Despite the efforts of law enforcement agencies, only a small portion of BEC financial losses is ever recovered.
Some key points on BECs in Australia are:
- Nationally, successful BECs resulted in an average loss of over $64,000
- Queensland had the most BEC reports (389 reports)
- Western Australia reported the highest self-reported financial losses, with an average of $112,000 per report
- Property settlements are being heavily targeted by BEC schemes
MFA’s role in protection against BECs
A multi-factor authentication (MFA) system is the most effective protection against theft of credentials by threat actors. MFA can help mitigate BEC attacks in addition to credentials-based attacks and slow lateral movement for threat actors if they gain access to a network. In light of the possibility of payment diversion fraud arising from BEC schemes, finance departments should be on high alert.
The evolution of cybercrime-as-a-service
With the growth of the Dark Web, cybercriminals are now able to sell pre-packaged exploit kits, customised malware, and even the software and computing power needed to launch ready-made ransomware attacks.
In the age of cybercrime-as-a-service, several barriers to entry have been removed, making it possible for people with little technical skills to conduct a greater volume of malicious activities than ever before.
Defending against the new age of cybercrime
The most important step organisations can take to protect themselves against cyber-attacks is to follow basic IT hygiene and cybersecurity best practices. This includes
- Keeping track of what you have is essential. Protecting hardware and software requires an accurate inventory.
- Provide employees with Security Awareness Training.
- Update your systems and applications right away. One of the biggest threats to a business’s security is an unpatched system.
- Assess the security posture of your organisation on a regular basis with Penetration Testing.
- Establish a Cyber Security Strategy that assesses your company’s current state and defenses, and identifies where you need to be in order to proactively detect and prevent threats.