Online activity during COVID lockdowns sees surge in cyber attacks and espionage
A cybercrime is now reported every eight minutes in Australia with criminals and spies taking advantage of large numbers of people working from home during COVID-19 lockdowns.
The federal government's latest official assessment shows malicious online actors are exploiting the pandemic and are actively targeting vulnerable Australians and health services.
In its second annual threat report, the Australian Cyber Security Centre (ACSC) has revealed over 67,500 cybercrime reports were made in the last financial year, a jump of 13 per cent on the previous 12 months.
About one-quarter of cyber incidents reported to the ACSC last year were associated with Australia's critical infrastructure or essential services, including education, communications, electricity, water and transport.
Taking advantage of online activities
ACSC head Abigail Bradshaw says criminals and spies are taking advantage of COVID-19 factors such as the need for Australians to conduct more activities online.
"It's shaped both the targets that malicious actors are going after and it's shaped the vectors, or the means by which those targets are accessed," she said.
The health sector reported the second-highest number of ransomware incidents, which grew as COVID-19 vaccines were developed and rolled out.
During the past year, cyber security officials working with Telstra and Services Australia helped to take down over 110 malicious COVID-19 themed websites.
"The exploitation of the pandemic environment, largely criminals but also state-based actors, utilising tactics such as spear-phishing to target people who are seeking information or a service," Ms Bradshaw said.
Staff from the Australian Signals Directorate have even been embedded in the Federal Health Department to protect this country's COVID-19 response from cyber attacks.
The ACSC estimates cybercrime has cost Australian businesses and individuals $33 billion over the past year.
Protective measures available to counter attacks
Australian Federal Police Assistant Commissioner Justine Gough said there were several things organisations and individuals could do to protect themselves.
"Being aware of phishing — that is unsolicited attempts to steal your personal via email and text, limiting the personal information you place on social media, and securing systems through strong passwords and regularly updating software," Commissioner Gough said.
While Australian cyber authorities have been busy repelling attacks, they've also managed to launch various offensive operations against undisclosed foreign targets.
Assistant Defence Minister Andrew Hastie said it was very important that Australia keeps "cyber adversaries off balance" by taking the fight to them.
"Going after them offshore, disrupting and dismantling their operations, their business model," Mr Hastie said.
"We're not just the hunted, we're the hunters and so we want to be putting the 'Jolly Roger' on our adversaries' screens, not just them hacking us or conducting cyber espionage against us."