The Australian Signals Directorate (ASD) has released its fifth ASD Cyber Threat Report (ACTR). The Report details the latest cyber threats affecting Australian businesses and organisations, critical infrastructure, and individuals.

In FY 2023-24, ASD received over 36,700 calls to its Australian Cyber Security Hotline, an increase of 12% from the previous financial year. ASD also responded to over 1,100 cyber security incidents, highlighting the continued exploitation of Australian systems and ongoing threat to our critical networks.

ASD notified entities more than 930 times of potential malicious activity on their networks.

Business email compromise and fraud were among the top self-reported cybercrimes for businesses and individuals in Australia. Ransomware and data theft extortion also remained a pervasive and costly threat.

Incidents categorised as C3 or above involve organisations such as federal and state governments, large organisations, academia, and supply chains.

Over a quarter (26%) of all C3 incidents were discovered as a result of a tipper, where ASD proactively notified the affected organisation of suspicious activity. The most common malicious activity leading to 30% of C3 incidents was the exploitation of public facing applications.

C3 incidents commonly involved compromised accounts or credentials (23%), malware infection other than ransomware (19%) and compromised assets, networks or infrastructure (18%)

State-sponsored cyber actors persistently target Australian governments, critical infrastructure and businesses using evolving tradecraft. These actors conduct cyber operations in pursuit of state goals, including for espionage, in exerting malign influence, interference and coercion, and in seeking to pre-position on networks for disruptive cyber-attacks.

Over the past year, ASD co-sealed several joint advisories with international partners to highlight the evolving operations of state-sponsored cyber actors. In February 2024, ASD joined the US and other international partners in releasing an advisory that assessed the People’s Republic of China (PRC) is leveraging living off the land techniques that abuse native tools and processes on systems. The PRC's choice of targets and pattern of behaviour is consistent with pre-positioning for disruptive effects rather than traditional cyber espionage operations.

Russia is also adapting its techniques, including for the exploitation of cloud platforms. The evolution of this tradecraft means that network defenders must prioritise and invest in cyber security skills, resources and teams.

Critical infrastructure networks are an attractive target due to the sensitive data they hold and the widespread disruption that a cyber security incident can cause on those networks. In FY2023-24, over 11% of cyber security incidents ASD responded to related to critical infrastructure.

Cybercrime is a persistent and disruptive threat. Cybercriminals are adapting to capitalise on new opportunities, such as artificial intelligence, which reduces the level of sophistication needed for cybercriminals to operate.

View the full report here.