The Australian Cyber Security Centre (ACSC) received 59,806 cyber crime reports, averaging 164 reports each day, or one report every 10 minutes, during the 12 months between July 2019 and June this year.
The ACSC, a division within the Australian Signals Directorate and the federal government’s lead agency for cyber security, responded to 2,266 cyber security incidents during the 12-month period.
The latest figures come from the ACSC Annual Cyber Threat Report, July 2019 to June 2020, developed by the ACSC, along with the Australian Criminal Intelligence Commission (ACIC) and the Australian Federal Police (AFP). It is the first unclassified annual report since the ACSC became part of the Australian Signals Directorate in 2018.
During the period, the ACSC saw two notable spikes in cyber security incidents – one in October 2019 and another April 2020.
The spike in October 2019 was associated with a widespread Emotet malware campaign, with the malicious Trojan doing the rounds among Australian email inboxes at the time.
During April 2020, meanwhile, the ACSC was operating at an elevated Cyber Incident Management Arrangements (CIMA) level in response to COVID-19 themed cybercrime. The CIMA outlines the inter-jurisdictional coordination arrangements and principles for Australian governments’ cooperation in response to national cyber incidents.
Throughout the pandemic, there has been an increase in reported spear phishing campaigns and an increase of COVID-19 themed malicious cyber activity, according to the ACSC.
Between 10 and 26 March 2020, the ACSC received over 45 pandemic-themed cybercrime and cyber security incident reports, with the Australian Competition and Consumer Commission’s (ACCC) Scamwatch receiving over 100 reports of COVID-19 themed scams.
“During March 2020, cyber criminals quickly adapted their phishing methods to take advantage of the COVID-19 pandemic,” the report stated.
According to the ACSC’s categorisation system of cyber incident severity, which ranges from Category 1 as the most severe to Category 6 as the least severe, the largest proportion of incidents to which the Centre responded during the year resided in Category 5: Moderate.
Of the 2,266 incidents, 36.5 per cent, or 828, were in Category 5 — ‘Moderate Incident’, followed by ‘Category 4 — Substantial Incident’, which claimed 33.3 per cent, or 754.
These categories, according to the ACSC, broadly represented malicious cyber activity such as targeted reconnaissance, phishing emails and malicious software impacting larger organisations, key supply chain and Commonwealth and state government entities.
Meanwhile, the most common type of cyber security incident during the year was of the ‘malicious email’ variety, with 27 per cent, or 612, falling into this category. Phishing and spear phishing emails have consistently remained the most common cyber security incidents reported to the ACSC.
The second most common incident was a ‘compromised system’ event, with this type of incident claiming roughly 24.4 per cent, or 552, of the total. This category relates to incidents where an adversary has accessed or modified a network, account, database or website without authorisation.
In terms of which segments of the Australian market reported the greatest number of incidents, the government sector stood head and shoulders above the rest. About 35.4 per cent of the total, or 803 incidents, were reported by Commonwealth, state or territory governments.
The comparatively higher volume of reports from Commonwealth, State and Territory Governments is due to their close working relationship with the ACSC and their willingness to report incidents, the Centre said.
Australia’s critical infrastructure sectors, meanwhile, including electricity, water, health, communications and education, represented around 35 per cent of the incidents responded to by the ACSC.
“Malicious cyber activity against Australia’s national and economic interests is increasing in frequency, scale, and sophistication,” the report stated. “Phishing and spear phishing remain the most common methods used by cyber adversaries to harvest personal information or user credentials to gain access to networks, or to distribute malicious content.
“Over the past 12 months the ACSC has observed real-world impacts of ransomware incidents, which have typically originated from a user executing a file received as part of a spear phishing campaign.
“Ransomware has become one of the most significant threats given the potential impact on the operations of businesses and governments,” it added.