State-sponsored cyber groups and hackers have increased assaults on Australia’s critical infrastructure, businesses and homes, a government report said, adding that its new defence agreement with Britain and the U.S. had likely made it more of a target.
Reports of cybercrime surged 23% to more than 94,000 in the financial year to June, the Australian Cyber Security Centre said in its annual threat report on Wednesday.
It estimated there was a hack on Australian assets every six minutes.
“The cyber threat continues to grow,” Defense Minister Richard Marles told ABC Radio. “We’re also seeing a greater interest from state actors in Australia’s critical infrastructure.”
The report said that was party due to the new AUKUS defense partnership “with its focus on nuclear submarines and other advanced military capabilities”.
In May, the Five Eyes intelligence alliance and Microsoft said a state-sponsored Chinese hacking group was spying on U.S. critical infrastructure organizations. The U.S., Canada, New Zealand, Australia and the UK make up the Five Eyes intelligence sharing network.
Techniques used by the China hacking group could be used against Australia’s critical infrastructure including telecommunications, energy and transportation, the report said.
Marles said Australia’s relationship with China, its largest trading partner, was “complex” and the government had never pretended the relationship would be easy. Diplomatic and trade ties between the two countries have stabilizsed recently after several disputes since 2020.
“We value, clearly, a productive relationship with China … but China has been a source of security anxiety for our country and we prepare for that as well,” Marles said.
The spike in cyber intrusions prompted the government in February to set up an agency to help coordinate responses to hacks. It is also overhauling federal cyber laws – details of which are due to be released next week – and the government has said it will make it compulsory for companies to report ransomware incidents.
The average cost of a cybercrime to its victim rose 14%, the report said.
“This sort of evidence gives the government the requirement to have a much closer relationship between industry and government,” said Matthew Warren, director of the RMIT University Centre for Cyber Security Research and Innovation. “Some of the statistics are quite frightening.”
The Australian Securities and Investments Commission also said this week that a survey of 700 companies had found 44% did not manage risks associated with third parties like supply chain partners accessing confidential data. It also found that 58% had limited or no measure to protect confidential data and 33% had no cyber incident response plan.
Cyber attacks against Australia will continue to rise until organizations started putting more effort into security and the risk management of their information assets, said Nigel Phair, cybersecurity professor at Monash University.
This month, a cyber incident at DP World Australia, one of the country’s largest ports operators, forced it to suspend operations for three days.
The shakeup of the country’s cyber security rules was triggered by the 2022 data theft at telecoms provider Optus, which exposed personal information of 10 million Australians.
© Thomson Reuters 2023.