Federal government agencies and critical national infrastructure experienced 14 incidents of exfiltration or damage to key sensitive data in the last year, Australia's cyber officials have revealed.
While there were no incidents of the most damaging category of infiltration by hostile entities - there was one such incident in the previous reporting year - the 14 incidents were regarded as serious, according to Abigail Bradshaw, head of the Australian Cyber Security Centre. She would not reveal which organisations had been compromised by the incidents.
Assistant Defence Minister Andrew Hastie said that cyber is the new battleground, and it is a team effort and a shared responsibility to lift the nation's cyber defences by implementing cyber security measures.
Cybercrime reports rose 13 per cent on last year, with more categorised as serious than last year. Mr Hastie said that number was not expected to ease any time soon.
"It very clear that malicious cyber actors and cyber criminals who wish to do Australia harm are becoming increasingly innovative and active in targeting our nation. The headline is things are getting worse in the cyber domain for Australia," he said.
Cyber espionage is also growing, he said, with foreign actors seeking to steal any secrets that could give them a strategic advantage. That was now easier to do with Australians having migrated much their lives online since the pandemic of the pandemic.
"There's a lot of information that can be gleaned in a fairly low cost way through cyber espionage, which is why we're seeing the increase in state-based activity," Mr Hastie said.
The latest cyber threat report from the ACSC warns that additional compromises to Australia's supply chains will come to light, including major vulnerabilities, and Australia will experience more major financially motivated cyber incidents, some of which could disrupt critical services.
Government organisations and critical infrastructure also faced 44 incidents of temporary disruptions, malware and beaconing due to cyber criminal activity, and 229 incidents of low-level compromise such as targeted reconnaissance, phishing, and non-sensitive data loss.
The pandemic had increased cybercrime opportunities and that was seen in the threats made on Australia's health sector in the last year, Ms Bradshaw wrote in her report.
The ACSC had inserted officers into some government organisations that were viewed as particularly vulnerable because of the risk environment, she confirmed, including the Department of Health.
"Cyber is dynamic. The deterioration in the cyber security environment over the last 12 months has meant we've actually this year fundamentally reviewed the essential eight [mitigation strategies]," she said.
Our journalists work hard to provide local, up-to-date news to the community. This is how you can continue to access our trusted content: