The Australian Signals Directorate (ASD) has published its fifth annual Cyber Threat Report.

The report emphasises the need for national cooperation to combat threats that no single entity can address alone.

Calls to the Australian Cyber Security Hotline rose 12% in 2023–24, totalling over 36,700. ASD responded to more than 1,100 cyber security incidents, including 11 per cent linked to critical infrastructure. 

The incidents demonstrate the appeal of critical systems to malicious actors due to their sensitive data and societal impact.

State-sponsored cyber actors remain a persistent threat, including the People’s Republic of China’s (PRC) use of "living off the land" techniques, consistent with disruptive pre-positioning, and Russia’s increasing exploitation of cloud platforms. 

Cybercriminals, meanwhile, are leveraging artificial intelligence to amplify attacks, with common crimes including business email compromise, ransomware, and online fraud.

But ASD says it has expanded threat intelligence sharing by 66 per cent, growing partnerships to over 400. Collaborations like the ASD-Microsoft initiative have significantly improved the scale of real-time information-sharing. 

The report shows that the Australian Protective Domain Name System also blocked access to 82 million malicious domains, a 21 per cent increase from the previous year.

The report details Australia’s first use of its autonomous cyber sanctions framework to target two Russian individuals for cybercrime. ASD also conducted 16 cyber security exercises with over 130 organisations, boosting national resilience.

The report highlights the growing severity of incidents categorised as C3 or above, affecting governments and large entities. 

Isolated compromises rose by 39 per cent and the ASD says it proactively identified 26 per cent of high-severity incidents through notifications to affected organisations.

ASD stresses the importance of regular system updates and using secure-by-design products. 

Critical infrastructure operators are advised to prepare for inevitable attacks by developing and testing robust incident response plans.

ASD recommends following the Essential Eight framework and reporting threats through platforms like ReportCyber

CareerSpot This email address is being protected from spambots. You need JavaScript enabled to view it.