Australia says hacks surging, state-sponsored groups targeting critical infrastructure

A 3D printed model of men working on computers are seen in front of displayed binary code and words “Hacker” in this illustration taken, July 5, 2021. REUTERS/Dado Ruvic/Illustration/File Photo Acquire Licensing Rights

SYDNEY, Nov 15 (Reuters) – State-sponsored cyber groups and hackers have increased assaults on Australia’s critical infrastructure, businesses and homes, a government report said, adding that its new defence agreement with Britain and the U.S. had likely made it more of a target.

Reports of cybercrime surged 23% to more than 94,000 in the financial year to June, the Australian Cyber Security Centre said in its annual threat report on Wednesday.

It estimated there was a hack on Australian assets every six minutes.

“The cyber threat continues to grow,” Defence Minister Richard Marles told ABC Radio. “We’re also seeing a greater interest from state actors in Australia’s critical infrastructure.”

The report said that was party due to the new AUKUS defence partnership “with its focus on nuclear submarines and other advanced military capabilities”.

In May, the Five Eyes intelligence alliance and Microsoft (MSFT.O) said a state-sponsored Chinese hacking group was spying on U.S. critical infrastructure organisations. The U.S., Canada, New Zealand, Australia and the UK make up the Five Eyes intelligence sharing network.

Techniques used by the China hacking group could be used against Australia’s critical infrastructure including telecommunications, energy and transportation, the report said.

Marles said Australia’s relationship with China, its largest trading partner, was “complex” and the government had never pretended the relationship would be easy. Diplomatic and trade ties between the two countries have stabilised recently after several disputes since 2020.

“We value, clearly, a productive relationship with China … but China has been a source of security anxiety for our country and we prepare for that as well,” Marles said.

The spike in cyber intrusions prompted the government in February to set up an agency to help coordinate responses to hacks. It is also overhauling federal cyber laws – details of which are due to be released next week – and the government has said it will make it compulsory for companies to report ransomware incidents.

The average cost of a cybercrime to its victim rose 14%, the report said.

“This sort of evidence gives the government the requirement to have a much closer relationship between industry and government,” said Matthew Warren, director of the RMIT University Centre for Cyber Security Research and Innovation.

“Some of the statistics are quite frightening.”

The Australian Securities and Investments Commission also said this week that a survey of 700 companies had found 44% did not manage risks associated with third parties like supply chain partners accessing confidential data. It also found that 58% had limited or no measure to protect confidential data and 33% had no cyber incident response plan.

Cyber attacks against Australia will continue to rise until organisations started putting more effort into security and the risk management of their information assets, said Nigel Phair, cybersecurity professor at Monash University.

This month, a cyber incident at DP World Australia, one of the country’s largest ports operators, forced it to suspend operations for three days.

The shakeup of the country’s cyber security rules was triggered by the 2022 data theft at telecoms provider Optus, which exposed personal information of 10 million Australians.

Reporting by Renju Jose and Byron Kaye in Sydney; Editing by Lincoln Feast and Edwina Gibbs

Our Standards: The Thomson Reuters Trust Principles.

Acquire Licensing Rights, opens new tab