Europe and Australia report a significant rise in cyber attacks

The investigations in Australia and the European Union showed a rise in cyber threats over the past twelve months, fuelled by the war in Ukraine and wider geopolitical tensions. 

The Australian Cyber Security Centre (ACSC)'s annual cyber threat report said the company received 76,000 cyber-crime reports last financial year, up 13 per cent from the previous period, and resulting in costs of A$39,000 for a small business and A$62,000 for a large business.

These numbers equated to one attack taking place every seven minutes, the agency said. 

The Australian Signals Directorate’s latest annual cyber threat report, published on Friday, also warns that cyberspace “has become a battleground” and is “increasingly the domain of warfare”.

"It's not just about the frauds or the texts that you or I might receive, but real issues around the security of our country going forward," said Clare O'Neil, Australia's minister for cyber security. 

"It is a national security focus of the government," she added.

Over the last few months, Australian government agencies have suffered multiple attacks - most of which were thwarted - that put sensitive citizen data at risk.

Due to the timeframe it covered, the agency's report did not take into account the high-profile hacks at telecoms company Optus, and health insurer Medibank Private Ltd, which combined compromised some 14 million customer accounts. 

However, it did reference a November 2021 attack on government-owned utility CS Energy, responsible for a tenth of the nation's electricity output, as well as other attacks from China's Ministry of State Security, Iran and Russian state-linked groups.

It also underscored accusations that the Optus and Medibank hacks were relatively unsophisticated, blaming the majority of major incidents on inadequate software updates.

“We know Australian organisations, businesses and households are worried about the cyber threat environment, about the impacts of ransomware attacks, email compromises and sophisticated phishing attempts, and from the theft of our most sensitive and personal information,” said the head of the ACSC, Abigail Bradshaw. 

“We know that cyber threats are constantly evolving, and that they are putting our critical infrastructure sectors at even greater risk, so it’s vital that we share our understanding of this threat environment.”

The publication of the report was preceded by the publishing of EU cyber-security agency ENISA's annual report, which expressed similar concerns. 

The agency said geopolitical situations - in particular the Russian invasion of Ukraine - were game-changers when it came to the analysis of the growing range of threats to governments, companies and essential sectors such as energy, transport, banking and digital infrastructure.

According to the ENISA report, zero-day, artificial intelligence-enabled disinformation and deepfakes resulted in more malicious and widespread attacks with more damaging impact during the period studied. As many as 24 per cent of cyber-security attacks targeted public administration and governments, while 13 per cent targeted digital services providers, the report said.  

"Today's global context is inevitably driving major changes in the cyber-security threat landscape. The new paradigm is shaped by the growing range of threat actors," said ENISA executive director Juhan Lepassaar.

Over the past year, organisations across the world, from the UK’s NHS to the US’s Apple, and even the Albanian government, have suffered severe cyber attacks that have disrupted their services and put their users’ personal information at risk. 

The European Union in May agreed on tougher cyber-security rules for essential sectors, with companies required to assess their risks, notify authorities and take measures to deal with the risks or face fines up to 2 per cent of global turnover. In October, GCHQ director Sir Jeremy Fleming warned of China’s growing use of technology to bolster its influence overseas.

In response to the ACSC report, Australia's defence minister, Richard Marles, said the government would be “reinforcing Australia’s cyber security as a national priority”.