Pandemic creates ‘perfect storm’ for rising cyber crime

In the 2020–21 financial year, the Australian Cyber Security Centre (ACSC) was alerted to more than 67,500 incidents of cyber crime, an increase of almost 13 per cent over the previous financial year, according to an annual report released by the body.

The ACSC Annual Cyber Threat Report was produced in collaboration with the Defence Intelligence Organisation (DIO), Australian Criminal Intelligence Commission (ACIC), Australian Security Intelligence Organisation (ASIO) and the Department of Home Affairs. Looking back over the past year, it paints a picture of cyber crime rising alarmingly in Australia.

The COVID-19 pandemic has created a particular set of circumstances under which cyber crime thrives, according to the report.

“The pandemic has significantly increased Australian dependence on the internet – to work remotely, to access services and information, and to communicate and continue our daily lives. This dependence has increased the attack surface and generated more opportunities for malicious cyber actors to exploit vulnerable targets in Australia,” the report states.

Noting a marked rise in the volume of cyber crime reporting in the last financial year over the 12 months prior, the ACSC said that the increase equated to the agency receiving one incident report every eight minutes, up from previous levels of one every 10 minutes. The self-reported losses from these crimes total more than $33 billion.

Not only is online criminal activity increasing in frequency, but the perpetrators of these crimes are using more complex and sophisticated methods, the ACSC said. Coupled with that, those with the technical expertise to carry out attacks are also finding new ways to offer their services to people with criminal intentions.

“The accessibility of cyber-crime services – such as ransomware-as-a-service (RaaS) – via the dark web increasingly opens the market to a growing number of malicious actors without significant technical expertise and without significant financial investment,” the report noted.

But even with new strategies emerging, the ACSC found that long-observed tactics for committing fraud or carrying out shopping scams and banking scams were still the top reported cyber crime types, targeting individuals as well as businesses.

To protect your personal and business information from cyber attacks and assist enforcement track down cyber criminals, the ACSC asks that you take the following steps:

• Report all cyber crime and cyber security incidents, via Reportcyber. 

Cyber security incidents, cyber crimes, or cyber security vulnerabilities should all be reported to the ACSC.

• Become an ACSC Partner. 

Australian organisations who partner with the ACSC receive threat insights, advisories and advice to enhance their situational awareness. 

• Know your networks. 

The ACSC is encouraging all users to understand and review their networks to establish where valuable or sensitive information and infrastructure is located.

• Patch exploit opportunities within 48 hours. 

Malicious cyber actors monitor reporting of security vulnerabilities and use automated tools to regularly scan for and exploit network vulnerabilities. This means that organisations can no longer follow monthly patch update cycles, and should prioritise patching to protect their networks from cyber security incidents. 

• Prepare for a cyber security incident by having incident response, business continuity and disaster recovery plans in place, and testing them. 

An incident response plan enables organisations to respond decisively to a cyber security incident, limit its impact and support recovery. Testing the incident response, business continuity and disaster recovery plans provides an opportunity to review and improve in a controlled environment.