The ASD report said cybercriminals were continuing an aggressive campaign of credential theft, where they purchased stolen usernames and passwords from the dark web to access people’s personal email, social media or financial accounts.
Loading
This can lead to financial losses, privacy breaches and an increased risk of identity theft. The average person lost $33,000 when they were a victim of cybercrime last year.
But these stolen or compromised credentials are also being used to access corporate systems. The report said cybercriminals were seeking to buy and use stolen credentials associated with corporate accounts to gain initial access to the devices of the person’s employer, their clients and other systems.
Once a cybercriminal has logged on to a corporate account using stolen details, it is much more difficult to determine there has been a compromise. Afterwards, the impact on the company may be ransomware, extortion or theft of intellectual property.
The frequency of ransomware attacks, the number of reported data breaches and average reported financial losses all went up last year. Businesses affected by cybercrime lost $80,850 on average, and large businesses suffered $202,700 on average each incident, which was an increase of more than 200 per cent since last year.
Threats to cybersecurity continue to come from both independent and state-sponsored criminals. The ASD’s focus when it comes to cybercrime is top-tier financially motivated criminals, typically from eastern European and Russian-speaking cyber gangs.
State-sponsored hackers and spies, meanwhile, “continue to pose a serious and growing threat to our nation”.
“They target networks operated by Australian governments, critical infrastructure and businesses for state goals,” the report said.
“State-sponsored cyber actors may also seek to use cyber operations to degrade and disrupt Australia’s critical services and undermine our ability to communicate at a time of strategic advantage.”
One way that state-sponsored cyber organisations, such as a China-linked group known as APT40, have been operating is by targeting home internet devices – such as routers, firewalls or VPN products – to help build a network for them to launch other attacks.
These home devices are attractive to cybercriminals because internet-facing vulnerabilities in them are common and often difficult for people to monitor or configure securely.
Loading
Exploiting these devices helps them blend their malicious traffic activity with the legitimate traffic of the device owner, complicating detection and prevention efforts.
The ASD and other agencies found state cyber actors linked to China had compromised thousands of internet-connected devices, including home office routers and smart appliances, to create a network that concealed their identities as they conducted further malicious activities.
In one example, agencies detected a network made up of more than 260,000 devices, including in Australia.
Home Affairs Minister Tony Burke said there were simple steps Australians could take to stay safe online.
“Always install latest software updates, use unique passphrases, enable multifactor authentication wherever it’s available, and if you receive an unexpected cold call, hang up and call back through the official line,” he said.
Cut through the noise of federal politics with news, views and expert analysis. Subscribers can sign up to our weekly Inside Politics newsletter.
