A Dive into the 2023–2024 ASD Annual Cyber Threat Report
Introduction
The 2023–24 Annual Cyber Threat Report paints a stark picture of the growing cyber risks facing Australia in a rapidly changing global environment. Amid strategic competition in the Indo-Pacific, ongoing conflicts, and the rapid pace of technological advancements, malicious state and non-state actors are increasingly targeting Australia’s critical infrastructure, networks, and systems. Their tactics include espionage, disinformation, and sophisticated cyberattacks, underscoring the urgent need for enhanced cybersecurity.
Recognising these challenges, the Albanese Government has committed $15–$20 billion by 2033–34 to strengthen Australia’s cyber capabilities. Investments will focus on threat visibility, infrastructure resilience, intelligence functions, and offensive cyber operations. The report emphasises the importance of public-private partnerships, proactive cybercrime reporting, and collective efforts to build robust defences against evolving threats.
Cybercrime is no longer an abstract concept—it is an unavoidable reality for individuals, businesses, and governments. The Australian Signals Directorate (ASD) highlights the alarming scale, complexity, and impact of cyber threats, offering actionable insights to help Australians safeguard themselves in this hostile environment. From the sheer volume of reported incidents to the financial and operational toll on businesses, the report provides clear guidance on mitigating risks and strengthening cybersecurity at every level.
As Australia navigates these challenges, this report serves as both a wake-up call and a roadmap for achieving a safer digital future.
Cybercrime Remains a Threat: The Numbers Behind the Concern
Cybercrime in Australia remains a significant concern despite a reported decrease in incidents. The ASD recorded over 87,400 cybercrime reports during the past year, representing an 8% decrease compared to the previous reporting period. On average, this equates to one cybercrime report every six minutes, underscoring the persistent and evolving threat posed by cybercriminals.
The continued prevalence of cybercrime can be attributed to several factors:
Increased reliance on digital technologies, especially post-pandemic.
A larger attack surface due to remote work and cloud adoption.
The evolving sophistication of cybercriminal tactics.
While the number of reported incidents has decreased, the growing complexity and impact of attacks highlight the urgent need for individuals and organizations to adapt and enhance their defences against a constantly evolving threat landscape.
Key Cybercrime Trends from the Past Year
The Australian Signals Directorate (ASD) has revealed key cybercrime trends from the past year:
Increased Demand for Support
The Australian Cyber Security Hotline handled over 36,700 calls, averaging 100 calls per day—a 12% increase compared to last year. This rise reflects the growing reliance on the hotline as a resource for managing cyber incidents.
The Cost of Cybercrime
Cybercrime continues to impose significant financial burdens:
Individuals reported an average loss of $30,700 per incident, up 17%.
For businesses, results were mixed:
Small businesses: Costs increased by 8% to $49,600.
Medium businesses: Costs dropped 35% to $62,800.
Large businesses: Costs decreased 11% to $63,600.
Reported Cybercrime Incidents
Cybercrime reports totalled 87,400 incidents, marking a 7% decrease compared to the previous year. However, the frequency of incidents remains high, with one report every six minutes.
Top Cyber Threats
The most reported threats included:
For individuals:
Identity fraud (26%)
Online shopping fraud (15%)
Online banking fraud (12%)
For businesses:
Email compromise (20%)
Online banking fraud (13%)
Business email compromise (13%)
Ransomware and Vulnerabilities
Ransomware incidents accounted for 11% of all reports, a 3% increase from the previous year. Additionally, reported vulnerabilities surged by 31%, highlighting the growing exploitation of security gaps.
The Implications
These trends underscore the evolving and persistent nature of cyber threats. They highlight the critical need for robust cyber defences, including strong incident response capabilities, effective training, and proactive threat mitigation strategies across all sectors.
Common Cyber Threats and Key Mitigations: Insights from Reported Incidents
The ASD's analysis highlights the most common cyber threats targeting critical infrastructure, government, businesses, and individuals, alongside practical steps for mitigation. Here are the key takeaways:
Top Threats for Critical Infrastructure
1. Compromised Accounts or Credentials (32%):
Use phishing-resistant multi-factor authentication (MFA).
Regularly analyse event logs and remove inactive accounts.
Enforce least privilege access.
2. Malware Infections (17%):
Use antivirus and endpoint detection tools.
Maintain up-to-date devices and application control.
Backup critical data and test restore processes.
3. Compromised Assets, Networks, or Infrastructure (12%):
Implement network segmentation and secure logging.
Use ASD’s industrial control systems protocols.
Securely manage software and patch updates.
Top Threats for Government
1. Compromised Accounts or Credentials (30%):
Use phishing-resistant MFA and password managers.
Timely analysis of event logs from authentication services.
2. Malware Infections (20%):
Mitigate known vulnerabilities with timely patching.
Implement antivirus and application controls.
3. Compromised Assets, Networks, or Infrastructure (20%):
Adopt system hardening and Secure-by-Design approaches.
Use network access controls and monitor logs.
Top Threats for Businesses
1. Email Compromise (20%):
Train staff on phishing recognition.
Require MFA and strong passwords for email accounts.
Use email content filtering.
2. Online Banking Fraud (13%):
Watch for suspicious banking detail changes or payment requests.
Verify email domains and avoid clicking links in unsolicited SMS messages.
3. Business Email Compromise (BEC) Fraud (13%):
Increase staff cybersecurity awareness training.
Use MFA and protect domain names by renewing and registering variations.
Top Threats for Individuals
1. Identity Fraud (26%):
Use MFA, secure passphrases, and limit personal information shared online.
Keep devices up to date and use antivirus software.
2. Online Shopping Fraud (15%):
Secure accounts with MFA and strong passphrases.
Avoid sharing excessive personal information.
3. Online Banking Fraud (12%):
Enable MFA through financial providers.
Watch for suspicious banking detail changes or unsolicited messages.
Key Takeaway
Cyber threats remain pervasive across all sectors, with compromised accounts, malware, and financial fraud leading the list of reported incidents. Implementing strong security measures such as MFA, timely patching, robust training, and secure-by-design practices is critical for reducing risks and enhancing resilience.
State-Sponsored Cyber Threats: A Growing Concern for Australia
State-sponsored cyber operations pose a persistent and evolving threat to Australian governments, businesses, and critical infrastructure. These actors use sophisticated techniques and tools—ranging from supply chain compromises to "living off the land" (LOTL) methods—to evade detection, gather intelligence, and pre-position themselves for potential disruptive cyberattacks.
Global Examples and Lessons for Australia
Recent conflicts, such as Russia’s invasion of Ukraine and the Israel-Hamas conflict, highlight how cyber operations are leveraged to achieve strategic and military objectives. Disruptions to civilian and military infrastructure, including telecommunications and energy systems, demonstrate the severe impact of cyberattacks in conflict scenarios. Similarly, Australian critical infrastructure faces potential vulnerabilities, as seen with China’s state-sponsored actors targeting US systems for espionage and pre-positioning.
Supply Chain and Cloud Risks
Supply chains remain a significant vulnerability, as demonstrated by incidents like the SolarWinds attack attributed to state-sponsored cyber actors. Additionally, as organisations migrate to cloud infrastructure, cyber actors have adapted tactics, including brute-force attacks and credential theft, to exploit these systems.
Defending Against State-Sponsored Threats
Collaboration is key to Australia’s defence. The ASD’s Cyber Threat Intelligence Sharing (CTIS) platform and Cyber Security Partnership Program empower organisations with real-time threat intelligence and resilience-building initiatives. Reports like "Identifying and Mitigating Living Off the Land Techniques" and advisories against nation state-sponsored groups offer practical guidance for organisations to strengthen their defences.
State-sponsored cyber operations are not only about espionage but also about maintaining access for future disruptions. Australian organisations must adopt proactive strategies, secure supply chains, and participate in national cybersecurity programs to stay ahead of these threats. Reporting suspicious activity through ReportCyber helps build a comprehensive national defence against these persistent adversaries.
Protecting Australia's Critical Infrastructure: Lessons from 2023–24
Australia’s critical infrastructure remains a prime target for malicious cyber actors due to its essential services, sensitive data, and interconnected networks. The Australian Signals Directorate (ASD) reports that critical infrastructure accounted for 11% of all cyber security incidents in FY2023–24, with phishing (23%), exploitation of public-facing applications (21%), and brute-force attacks (15%) leading the list of attack methods.
Key Threats to Critical Infrastructure
Common Incident Types:
Compromised accounts or credentials (32%)
Malware infections (17%)
Compromised networks or infrastructure (12%)
High-Risk Sectors: Electricity, gas, water and waste services (30%), education and training (17%), and transport and logistics (15%).
Denial of Service Attacks: Overrepresented in critical infrastructure incidents, appearing in 11% of cases compared to 5% for other sectors.
Operational Technology (OT) Vulnerabilities
As organisations increasingly connect OT systems—such as SCADA and industrial control systems—with ICT networks, vulnerabilities multiply. Legacy systems, often difficult to patch or segregate, remain particularly at risk. Cyber actors exploit these vulnerabilities to disrupt operations, with incidents potentially affecting energy supplies, telecommunications, and transport.
Principles for Securing OT Systems
The ASD outlines six principles for safeguarding OT:
1. Prioritise Safety: Protect human life, equipment, and uptime.
2. Know Your Systems: Map and defend critical systems.
3. Protect OT Data: Restrict access and secure protocols.
4. Segment Networks: Isolate OT from ICT and external networks.
5. Secure Supply Chains: Evaluate all vendors and service providers.
6. Empower People: Foster a cyber-aware workforce and collaboration between ICT and OT teams.
Actionable Recommendations
To protect against cyber threats, critical infrastructure organisations should:
Map networks and maintain an asset registry.
Implement event logging systems to enhance visibility.
Follow the Essential Eight Maturity Model for ICT environments.
Prioritise Secure-by-Design products and architectures.
Limit Remote Desktop Protocols (RDP) and monitor connections between OT and ICT.
Regularly review supply chain security and vendor practices.
The Path Forward
ASD urges organisations to adopt a stance of “when, not if” a cyber incident will occur. Proactive measures, robust logging systems, and a strong cyber security culture are vital to reducing risks. Timely reporting of anomalous activity, even below mandatory thresholds, helps ASD build a comprehensive national defence.
With the increasing sophistication of cyber threats, securing Australia’s critical infrastructure is essential to safeguarding the nation’s services and resilience in the face of potential disruptions.
Cybercrime in 2023–24: Persistent Threats and Evolving Tactics
Australia continues to face significant cybercrime threats, with ransomware, data theft, and social engineering attacks among the most prevalent. Cybercriminals are leveraging advanced tools, including artificial intelligence (AI), to target individuals and businesses more effectively.
Key Cybercrime Insights
Top Threats for Individuals:
Identity fraud (26%)
Online shopping fraud (15%)
Online banking fraud (12%)
Top Threats for Businesses:
Email compromise (20%)
Business email compromise (13%)
Online banking fraud (13%)
High-Risk Sectors: Retail trade (15%), professional services (13%), and construction (12%) reported the most cybercrime incidents.
Common techniques used by cybercriminals
Ransomware and Data Extortion
Ransomware remains a dominant threat, with cybercriminals now exfiltrating sensitive data for extortion, even without encrypting systems. This tactic, known as data theft extortion, has become widespread due to its profitability and lower technical requirements.
Brute-Force Attacks: Credential Stuffing and Password Spraying
Credential Stuffing: Using stolen login credentials, attackers automate access attempts across accounts. Victims often lose funds or face identity theft.
Password Spraying: Attackers try common passwords across multiple accounts to evade lockouts. These methods exploit weak password practices, making MFA critical for defence.
AI-Driven Cybercrime
AI is reshaping the cybercrime landscape, enabling more sophisticated social engineering attacks. For example, cybercriminals use AI to generate spear phishing emails, create fake voices, and bypass traditional defences.
Emerging Threat: Quishing
Quishing, or QR code phishing, exploits the trust in QR code technology. Malicious QR codes redirect users to harmful sites or install malware, with ASD responding to 30 quishing incidents in FY2023–24.
Mitigation Strategies
To defend against cybercrime:
Enable multi-factor authentication (MFA) for accounts.
Use long, unique passphrases for each account.
Regularly update devices and software.
Back up important data and device settings.
Remain vigilant against phishing and scams.
Cybercrime continues to evolve, and proactive measures are essential. By adopting robust security practices and reporting suspicious activity via ReportCyber, Australians can play a key role in strengthening the nation’s cyber defences.
Hacktivism: A Growing Cyber Threat
Rising global tensions and geopolitical conflicts have fuelled an increase in hacktivist activity, complicating the cyber threat landscape. Hacktivists, driven by political, social, or ideological causes, use malicious cyber activity to disrupt services, embarrass, or intimidate their targets—often governments, businesses, or individuals.
What is Hacktivism?
Hacktivists leverage publicly available tools to promote their agendas, often targeting perceived injustices or state adversaries. Common activities include:
Denial of Service (DoS) attacks
Website defacements
Doxxing: Exposing sensitive personal information.
The Impact
Although less skilled than state-sponsored actors, hacktivists exploit accessible tools to cause real-world disruptions. Their rise, linked to global reliance on digital communication and ongoing conflicts, highlights the growing risk they pose in today’s interconnected world.
Strengthening Cyber Resilience: Key Practices for 2023–24
Cyber resilience is essential for mitigating and recovering from cyber security incidents. Both organisations and individuals must adopt proactive measures, secure systems, and strengthen cyber hygiene to address evolving threats.
Key Practices for Organisations
1. Implement the Essential Eight:
Patch applications and operating systems.
Use multi-factor authentication (MFA), prioritising phishing-resistant methods.
Regularly back up critical data and restrict administrative privileges.
Harden user applications and control access to Microsoft Office macros.
2. Secure ICT Supply Chains:
Conduct due diligence on vendors’ security practices.
Monitor software and hardware for vulnerabilities.
Mitigate risks from third-party access to systems and data.
3. Adopt Secure-by-Design Principles:
Embed security into every stage of product design and deployment.
Collaborate with suppliers to ensure products remain secure throughout their lifecycle.
4. Utilise Event Logging:
Implement centralised logging for effective threat detection and incident response.
Monitor for malicious behaviours, such as living off the land (LOTL) techniques.
Securing Edge Devices
Edge devices, such as routers, firewalls, and VPNs, are primary targets for malicious actors as they bridge internal networks and the internet. Mitigation steps include:
Keeping devices updated and enabling automatic patches.
Changing default usernames, passwords, and Wi-Fi settings.
Limiting unnecessary connections to external networks.
Focus on SOHO Routers
With 8.3 million Australian internet connections relying on SOHO routers, these devices are a significant vulnerability. Cybercriminals target them to gain access to networks or create botnets for larger attacks. Individuals and small businesses should:
Update routers regularly.
Change default login credentials and Wi-Fi passwords.
Enable secure settings and automatic updates.
Cloud Security and the Shared Responsibility Model
Cloud services involve shared responsibilities between providers and users. Organisations must:
Configure cloud services securely.
Choose providers that meet their security needs.
Monitor and control access to sensitive data stored in the cloud.
Resilience Against Advanced Threats
Artificial Intelligence (AI): While AI improves efficiency, it introduces risks like data poisoning and adversarial inputs. Secure-by-Design principles should be applied to AI systems.
Phishing-Resistant MFA: Strong authentication methods, like FIDO2/WebAuthn standards, protect against phishing attacks that compromise accounts.
Building National Cyber Resilience
ASD encourages adopting the Essential Eight Maturity Model and the Information Security Manual (ISM) to combat modern cyber threats. Collaboration across government, industry, and individuals is vital to enhancing resilience against incidents such as supply chain attacks, ransomware, and botnet exploitation.
By embracing these measures, Australia can better prepare for, withstand, and recover from the growing complexity of cyber threats.
Final words
The 2023–24 Annual Cyber Threat Report underscores the urgent need for proactive and comprehensive cybersecurity strategies. At Nemean Cyber, we specialise in providing tailored solutions that address the complexities of today’s evolving cyber threat landscape.
Advanced Defence Strategies: Our team leverages the Essential Eight Maturity Model and Secure-by-Design principles to create robust, future-proof cyber defences.
Comprehensive Services:
Penetration Testing: Identify and address vulnerabilities before cybercriminals exploit them.
Incident Response: Minimise damage with swift containment and recovery strategies.
Supply Chain Security: Secure third-party dependencies to reduce risks.
Tailored Training: Equip your staff with the knowledge and skills to detect and respond to threats, reducing risks like phishing and social engineering.
With over 15 years of experience in the cybersecurity industry, we’re dedicated to helping Australian organisations fortify their defences.
Don’t wait until it’s too late—contact Nemean Cyber today to secure your digital future.