Australian Signals Directorate's 2023 cyber security report reveals severe incidents have risen

The intelligence agency's annual threat assessment reported the five attacks, classed as Category 2 incidents, included "significant data breaches involving cybercriminals exfiltrating data from critical infrastructure for the purposes of financial gain".

Category 2 incidents represent threats of the second-highest severity, on a scale from one (the most severe) to six (the least). There were no Category 1 incidents recorded.

Though all the data was de-identified, the intelligence agency did reveal the five threats targeted federal government systems, regulated critical infrastructure, national security systems and systems of national significance.

The agency responded to 1134 cyber security incidents in total in the 2022-23 financial year, a similar number to 2021-22, which it reported as "over 1100". The severity of threats remained similar, with 15 per cent of incidents considered as Category 3 or above.

The federal and state governments reported the highest proportion of incidents, at 30.7 per cent and 12.9 per cent, though the report notes these sectors have reporting obligations which can explain the high rate of incidents.

The agency also worked proactively to notify 158 entities before ransomware destroyed their businesses and block 67 million malicious domain requests.

Reported cybercrimes against Australian businesses and individuals grew for the fourth year in a row, jumping another 23 per cent in the last financial year.

The intelligence agency received 94,000 reports of cyber crimes in the 2022-23 financial year, climbing from 76,000 in 2021-22.

A cybercrime was reported once every 10 minutes on average in June 2020, when the agency launched its inaugural cyber threat assessment, but frequency has since increased to once every six minutes on average, in the latest report.

"Cybercriminals constantly evolve their operations against Australian organisations and are fuelled by a global industry of access, brokers and extortionists," ASD director-general Rachel Noble said in a statement.

"Ransomware remained a highly destructive cybercrime, along with business and email compromise and denial of service attacks."

Ransomware, a type of extortion where cybercriminals encrypt data or a system and demand payment in return for encryption keys, made up about 10 per cent of cyber security incidents last financial year.

The ASD advises against paying ransoms, with no guarantee that the data has not already been mined to sell or for further extortion.

Professional, scientific and technical services reported the highest proportion of ransomware attacks in 2022-23, at 17.4 per cent, followed by retail trade (16.3 per cent) and manufacturing (9.8 per cent).

The ASD director-general urged Australians to follow steps to "improve our country's cyber security", including keeping software up-to-date, using strong passphrases, turning on multifactor authentication and backing up important data.

"The Australian Signals Directorate remains committed to assisting Australians to make our country a hard cyber target," Ms Noble said.

"This includes using all of our capabilities and legal powers to: collect the best possible foreign intelligence to inform our cyber defences; provide free cyber defence services to all Australians; and use our offensive cyber capabilities to deny, degrade, disrupt and destroy cyber criminals."

We've made it a whole lot easier for you to have your say. Our new comment platform requires only one log-in to access articles and to join the discussion on The Canberra Times website. Find out how to register so you can enjoy civil, friendly and engaging discussions. See our moderation policy here.