The ASD’s Australian Cyber Security Centre is the government’s foremost technical authority on cyber security. Photo: ADF.
The 2024-25 Annual Cyber Threat Report has been released by the Australian Signals Directorate (ASD), and shows increased awareness of cyber vulnerabilities among companies and individuals.
In the past financial year, Australian Signals Directorate’s Australian Cyber Security Centre (ASD ACSC) received 42,500 calls, a 16 per cent increase over the previous year, and responded to more than 1200 cyber incidents.
Located within Defence’s vast Russell Hill campus, the ACSC is the Australian Government’s technical authority on cyber security. It brings together capabilities to improve the nation’s national cyber resilience through a 24/7/365 cyber security hotline, technical advice and alerts, monitors cyber threats and shares intelligence with partners, and helps Australian organisations respond to cyber security incidents.
One of the most alarming items in the report is that the ACSC notified entities more than 1700 times of potentially malicious cyber activity in the past year, an 83 per cent increase over the previous year. It says this highlights the need for vigilance and action to mitigate against persistent threats.
“State-sponsored cyber actors continue to pose a serious and growing threat to our nation,” it says.
“They target networks operated by Australian governments, critical infrastructure (CI) and businesses for state goals. State-sponsored cyber actors may also seek to use cyber operations to degrade and disrupt Australia’s critical services and undermine our ability to communicate at a time of strategic advantage.”
The report said the frequency of ransomware attacks and the number of reported data breaches all increased in FY2024–25.
Nowhere was this more amply demonstrated than in this week’s report that the phone numbers of prominent Australians including the Prime Minister and numerous federal and state politicians were ‘scraped’ from publicly available social media and other websites by AI software, and are available on a US-based website accessible through a free trial.
Other examples include the release of the personal details of more than five million Qantas passengers on the dark web earlier this month, and similar data breaches that have been reported at Optus, Medibank, Toyota, Disney, IKEA, Salesforce, and McDonalds in the past year.
ASD says the “prevalence of AI almost certainly enables malicious cyber actors to execute attacks on a larger scale and at a faster rate, and that the potential opportunities open to malicious cyber actors continue to grow in line with Australia’s increasing uptake of – and reliance on – internet-connected technology”.
Other trends noted in the report include an eight per cent increase in the average self-reported cost of cybercrime for individuals to $33,000. For businesses, the self-reported costs rose 50 per cent to $80,850, including a 219 per cent increase for large businesses to $202,700.
Another concerning trend was a 280 per cent increase in incidents involving Denial of Service (DoS) or Distributed Denial of Service (DDoS), while elsewhere, publicly reported common vulnerabilities and exposures increased 28 per cent, with 11 per cent of all incidents responded to including ransomware.
In response, the ACSC published 108 alerts, advisories, knowledge articles and publications on cyber.gov.au and the Partner Portal, it grew its Cyber Security Partnership Program by 11 per cent to more than 133,000 partners, it led 17 cyber security exercises involving more than 120 organisations, and it briefed board and executive leadership teams from 41 per cent of ASX100 listed companies.
It has also bolstered its Cyber Threat Intelligence Sharing (CTIS) partnership program, Cyber Hygiene Improvement Programs, and the Government and Critical Infrastructure (CI) Uplift Programs.
“The years ahead will bring challenges for organisations in emerging technology, such as post-quantum cryptography,” the report reads.
“ASD’s ACSC will continue to work with Australian industry and partner organisations to ensure the continued security of our communications and sensitive data. Effective transition plans will be critical to operating in 2030 and beyond – a post-quantum computing world – and this planning must start now.
“Businesses must ensure that, in order to harness the full benefits and productivity associated with AI, a safe and secure approach is taken to the integration of AI technologies.”
Acting Prime Minister and Defence Minister Richard Marles said the world continued to face complex strategic circumstances through an increase in state-sponsored cyber actors targeting Australian networks to steal sensitive information.
“Cybercriminals also relentlessly targeted Australians, with ransomware attacks and data breaches increasing in frequency,” he said.
“Using malware designed to covertly harvest information from Australian victims, cybercriminals used stolen data, usernames and passwords to launch subsequent attacks, compromise corporate networks and accounts.”
