ASD's Cyber Threat Landscape 2023–24: Introduction
The Australian Signals Directorate’s Australian Cyber Security Centre (ASD’s ACSC) is the Australian Government’s technical authority on cyber security. Their capabilities include, but are not limited to, providing notifications on significant cyber security threats; monitoring cyber threats and sharing intelligence with partners; and helping Australian organizations respond to cyber security incidents.
Today ASD released their 2023–24 Annual Cyber Threat Report unveiling a troubling but important snapshot of Australia’s evolving cyber threat landscape. It underscores the persistent (and dynamic) threats targeting Australian businesses, governments, and critical infrastructure. In this blog we have summarised the key statistics and threats for you.
The report highlight the targeting of critical infrastructure via sectors essential to daily life, like energy, education, and transport. With the rise of AI-driven attacks and sophisticated state-sponsored operations, adopting proactive measures like multi-factor authentication and robust incident response plans is no longer optional.
ASD Cyber Threat Landscape 2023–24
Cybercrime Trends
- Over 87,400 cybercrime reports, averaging one every 6 minutes.
- Business email compromise (BEC) caused $84M in self-reported losses, with average losses per incident exceeding $55,000.
- Identity fraud was the top threat for individuals (26% of reports), followed by online shopping fraud (15%) and online banking fraud (12%)
Incident Responses
- ASD responded to over 1,100 cybersecurity incidents, with 11% targeting critical infrastructure.
- Ransomware attacks accounted for 11% of incidents, showing a 3% increase year-over-year.
Infrastructure Threats
- DoS and DDoS incidents were overrepresented in critical infrastructure, occurring twice as often as other sectors.
- Sectors most affected: electricity, gas, water services (30%), education and training (17%), and transport (15%)
Proactive Measures:
- ASD’s Australian Protective Domain Name System blocked access to 82 million malicious domains (+21%).
- Over 189,000 malicious domains were taken down, reflecting a 49% increase.
Emerging Trends
Artificial Intelligence (AI): Cybercriminals are leveraging AI to craft more sophisticated phishing campaigns and even use deepfake technologies to impersonate high-level executives. This coincides with an increased number of executive impersonation takedowns brandsec has been engaged to assist with. It should be noted that bad actors do not just target executives but staff as well. All staff should be encouraged to lock down their Linkedin profiles and make their accounts private.
State-Sponsored Activity: Foreign actors, particularly from Russia and China, continue to exploit vulnerabilities to pre-position for disruptive attacks.
Critical Infrastructure Vulnerabilities: Increasing interconnectivity between IT and operational technology (OT) systems heightens the risk for essential services.
Call to Action
The report emphasizes that cybersecurity is not a “set-and-forget” effort. Organizations must:
- Adopt multi-factor authentication (MFA)
- Regularly patch systems
- Develop robust incident response plans
Unphish: Removing Web-Based Phishing Properties
At brandsec, we are deeply aligned with the objectives highlighted in the ASD report. Sponsored by the Australian Government’s Industry Growth Program, Unphish, our phishing enforcement tool, is a cutting-edge solution built to detect and dismantle web-based phishing attacks targeting Australian businesses and brands.
As a partner of the ASD Cyber Security Partnership Program, we leverage advanced threat intelligence to proactively safeguard our clients. From advanced monitoring to rapid takedown of phishing sites and social media, Unphish is at the forefront of ensuring Australian brands remain resilient against ever-evolving cyber threats.
Cyber resilience demands collaboration, vigilance, and innovation. Together, with initiatives like the ASD report and Unphish’s commitment, we can make Australia a harder target for malicious actors.
Learn more about how Unphish protects businesses at the intersection of security and innovation
About brandsec
brandsec is a team of highly experienced domain name management and online brand protection experts. We provide corporate domain name management and brand enforcement services, helping brands eliminate phishing platforms across the internet. Supporting some of the largest brands in the region, we offer innovative solutions to combat threats across multiple industries.
