Critical Cyberattacks More than Triple in Australia in the Last Year

In an attempt to raise awareness, Sapien Cyber has been continually reporting on the increasing frequency and sophistication of cyberattacks against Australia over the past couple of years. Unfortunately, new data suggests that despite industry investment and government legislation aimed at uplifting cyber security, particularly in the critical infrastructure sectors, attacks are continuing to increase at an unprecedented rate, outstripping the global trend.

Recent estimates suggest that there is one cyberattack conducted every eight minutes in Australia. Critical attacks have more thantripled, increasing by a staggering 227% between August 2021 and May 2022, almost double the global trend for the same period. This unprecedented rise cannot be attributed to an increase in Australia’s traffic alone, which only rose by 38%.

Australia Attacks

Rise in Cyberattacks in Australia 2021 – 2022. Source: Imperva, Inc.

The increased efforts and focus by threat actors on Australian businesses and government appears to be paying off. Grocery giant Woolworths, a business now considered as critical infrastructure under new legislation, had a breach in mid-October 2022 which leaked the details of over 2.2 million MyDeal customers. This attack has come hot on the heels of the data breach of major telco Optus, in which 10 million customers were impacted. Not even the Australian Federal Police (AFP) have been immune from attack. In August this year, more than five million emails, tens of thousands of documents, and the details of 35 AFP operations were hacked, exposing operatives of our international crimefighting partners.

All of this has occurred despite the government’s best efforts to keep legislative pace with the evolving threat landscape. Sapien Cyber has reported extensively on the government’s legislative amendments designed to protect our most critical infrastructure, and new amendments continue to be enacted. The most recent of these amendments came in April this year, with the Security Legislation Amendment (Critical Infrastructure Protection) Act 2022 (SLACIP Act).

Australian Businesses Struggling to Keep Up

Evidence suggests that the multitude of industries captured under the new definitions as critical infrastructure sectors may be struggling to establish and maintain appropriate defences. One key outcome of the pandemic has been that many businesses were forced to hasten their transformation projects to enable them to cope with the necessary shift to more remote operations. This has created avoidable vulnerabilities that are now ripe for exploitation. When combined with increased obligations, such as new reporting requirements for some entities to notify the Australian Cyber Security Centre (ASCS) within 12 hours of becoming aware of an incident, organisations are struggling to keep up.

Some commentators have suggested that the ever more rigorous obligations could create cyber risks in and of themselves, not only threatening system effectiveness and integrity, but also the viability of small businesses to achieve the required security uplift, or pay the resulting fines if they fail.

Increased Fears of Risk to Operational Technologies

In addition to the threats to IT infrastructure, there are also increasing fears among CEOs and C-suite executives about the risks to operational technologies. A recent survey of business executives revealed a prediction that over a third of cyberattacks in 2023 will threaten operational technology systems, citing 33% of threat vectors originating from the industrial internet of things (IIoT).

The preponderance of attacks seen in the last year have been described as common, off-the-shelf and automated type attacks. These have included a 108% increase in malicious bot activity, a 60% increase in Remote code execution (RCE) attacks, path traversal and local file inclusion (LFI) attacks (18%), and cross-site scripting (XSS) attacks (16%). This suggests that threat actors are attempting to exploit the multitude of vulnerabilities stemming from pandemic-induced transformation projects.

Cyberattacks Now Costing Australian Businesses Trillions

The financial impact of successful cyberattacks in Australia now runs into the trillions. Expenditure on cyber defences is on the rise too, however, with an estimated 60% of Australian organisations planning to increase cyber budgets in 2023, although only 37% have reported investing in preventative and defensive technologies. The direct financial impact of a successful attack is not the only issue that organisations have to be concerned about. Reputational damage can produce a domino effect, costing businesses even more. A case in point is the desperate attempts by Optus to secure its reputation and retain customers after the recent historic exposure of 10 million records.

Ransomware attacks and data-held-for-ransom breaches are by no means the sole concern of retail and financial institutions. A keen lesson may be learned from the Colonial Pipeline attacks in the USA in 2021, where lax security measures led to a complete shutdown of the pipeline, the first in the company’s 57 year history. In that incident, attackers held almost 100 gigabytes of data to ransom, prompting the company to shut down and scour their networks and physical infrastructure for signs of more deadly potential consequences of the breach. After an extensive inspection of the pipeline, covering 29,000 miles (46,670 km) on the ground and in the air, searching for visible damage, the company paid a US$4.4 million ransom to Russian-linked cybercrime group ‘DarkSide’.

Cyberattacks are Preventable

Sadly, the attack on the Colonial Pipeline was entirely preventable. Investigators found that the breach originated from a single compromised VPN password which lacked the basic security requirement of two-factor authentication. Evidence also suggest that the password may have been reused by an employee for other purposes, leading to its discovery by the attackers. The attack could have been much worse had the attackers either had the ability or motivation to breach the more critical operational technology systems, leading to potentially deadly consequences.

Many organisations are now realising that effective security need not be complex or particularly expensive in comparison to the potential financial, reputational, and life-threatening consequences.

Nikki Saunders, Cybersecurity EcoSystem Program Manager from Schneider Electric recently made a very astute observation, stating that implementing effective cybersecurity requires asset and system visibility and working with an experienced partner “that understands your unique challenges and ensures open lines of communication”.

Here at Sapien Cyber, we pride ourselves on being just such a partner to our customers. As an Australian sovereign company, our suite of products and cadre of highly experienced and trained professionals provide the visibility and clear communication articulated by Saunders that is so sorely needed in the current threat climate in Australia. The reality is that the current trend shows no signs of abating. Geopolitical tensions, poor implementation of transformation projects, and the success and wealth we enjoy as a nation all point to Australia continuing to be an increasingly attractive target for threat actors of all types. Sapien Cyber encourages you to explore how we can help your organisation avoid falling victim to one of the cyberattacks currently being conducted against Australian businesses every eight minutes.