The Australian Signals Directorate (ASD) has released its 2023-24 Annual Cyber Threat Report, revealing a concerning rise in cyber threats targeting Australian networks amid an increasingly complex strategic environment.
Key findings from the report include:
- Over 36,700 calls were made to the Australian Cyber Security Hotline, a 12% increase from the previous year.
- ASD responded to more than 1,100 cyber security incidents, with 11% related to critical infrastructure.
- State-sponsored cyber actors continue to target Australian governments, critical infrastructure, and businesses for espionage and potential disruptive attacks.
- Cybercrime remains a persistent threat, with business email compromise and fraud among the top reported cybercrimes.
The report highlights the evolving tactics of state-sponsored cyber actors, particularly from China and Russia. In February 2024, ASD joined international partners in warning that Chinese state-sponsored actors are pre-positioning themselves on critical infrastructure networks for potential disruptive cyber attacks during crises or conflicts.
Deputy Prime Minister and Minister for Defence, Richard Marles, emphasized the importance of enhancing Australia’s cyber defenses, stating, “This report reinforces the importance of enhancing our nation’s cyber defences and the need for all Australians to play their part in protecting our collective cyber security.”
ASD has been actively working to combat these threats through various initiatives:
- Collaborating with over 119,300 Australian organizations through the Cyber Security Partnership Program.
- Expanding the Cyber Threat Intelligence Sharing platform to over 400 partners.
- Conducting cyber security exercises involving more than 130 organizations.
- Implementing the Critical Infrastructure Uplift Program to enhance the resilience of key assets.
The report underscores the critical role of public-private partnerships in defending against cyber threats. It calls on organizations to adopt a “when, not if” approach to cyber incidents, emphasizing the need for robust incident response plans and regular testing.