Sep 17, 2021

Increase in attacks to Australia's critical infrastructure

Cybersecurity
cyberattack
cyberreport
Ransomware
2 min
A new report from the Australian Cyber Security Centre reveals ransomware incidents have increased by 15% as cybercrime losses hit $33bn.

A quarter of cyber incidents reported to Australian security officials over the past year have targeted critical infrastructure and essential services, including health care, food distribution and energy according to the Australian Cyber Security Centre (ACSC) which has disclosed a new report. The ACSC says the report "highlights significant targeting both domestically and globally, of essential services".

The report also showed ransomware attacks disclosed to the ACSC increased 15% in the 2020-21 financial year, when compared with the previous financial year.

The ACSC, which is part of the Australian Signals Directorate, received more than 67,500 reports of cybercrime of all types in 2020-21, or one every eight minutes. That compared with one every 10 minutes the previous year.

The report says businesses, individuals and other entities had incurred more than $33bn in total losses from cyber crime throughout the year.

Cybercriminals sought to exploit the pandemic by encouraging recipients to enter personal credentials to access Covid-related information or services, while unnamed foreign governments targeted the health sector seeking “access to intellectual property or sensitive information about Australia’s response to Covid”. 

The ACSC responded to about 1,630 cybersecurity incidents in 2020-21, or an average of 31 cybersecurity incidents a week.

“Approximately one quarter of reported cybersecurity incidents affected critical infrastructure organisations, including essential services such as education, health, communications, electricity, water and transport,” the report says.

A breakdown of the severity of cyber incidents in 2020-21 shows there were 14 cases in which federal government entities or nationally significant infrastructure suffered the removal or damage of sensitive data or intellectual property.

The report does not name most of the affected entities, although it includes several case studies, including a March 2021 ransomware attack against the Victorian public health service. That attack “affected four hospitals and aged care facilities, and resulted in the postponement of elective surgeries”.

Share article