Award Banner
Award Banner

Australia says hacks surging, state-sponsored groups targeting critical infrastructure

Australia says hacks surging, state-sponsored groups targeting critical infrastructure
Broken Ethernet cable is seen in front of binary code and words "cyber security" in this illustration taken March 8, 2022.
PHOTO: Reuters file

SYDNEY — State-sponsored cyber groups and hackers have increased assaults on Australia's critical infrastructure, businesses and homes, a government report said, adding that its new defence agreement with Britain and the US had likely made it more of a target.

Reports of cybercrime surged 23 per cent to more than 94,000 in the financial year to June, the Australian Cyber Security Centre said in its annual threat report on Wednesday (Nov 15).

It estimated there was a hack on Australian assets every six minutes.

"The cyber threat continues to grow," Defence Minister Richard Marles told ABC Radio. "We're also seeing a greater interest from state actors in Australia's critical infrastructure."

The report said that was party due to the new Aukus defence partnership "with its focus on nuclear submarines and other advanced military capabilities".

In May, the Five Eyes intelligence alliance and Microsoft said a state-sponsored Chinese hacking group was spying on US critical infrastructure organisations. The US, Canada, New Zealand, Australia and the UK make up the Five Eyes intelligence sharing network.

Techniques used by the China hacking group could be used against Australia's critical infrastructure including telecommunications, energy and transportation, the report said.

Marles said Australia's relationship with China, its largest trading partner, was "complex" and the government had never pretended the relationship would be easy. Diplomatic and trade ties between the two countries have stabilised recently after several disputes since 2020.

"We value, clearly, a productive relationship with China ... but China has been a source of security anxiety for our country and we prepare for that as well," Marles said.

The spike in cyber intrusions prompted the government in February to set up an agency to help coordinate responses to hacks. It is also overhauling federal cyber laws — details of which are due to be released next week — and the government has said it will make it compulsory for companies to report ransomware incidents.

The average cost of a cybercrime to its victim rose 14 per cent, the report said.

"This sort of evidence gives the government the requirement to have a much closer relationship between industry and government," said Matthew Warren, director of the RMIT University Centre for Cyber Security Research and Innovation.

"Some of the statistics are quite frightening."

The Australian Securities and Investments Commission also said this week that a survey of 700 companies had found 44 per cent did not manage risks associated with third parties like supply chain partners accessing confidential data. It also found that 58 per cent had limited or no measure to protect confidential data and 33 per cent had no cyber incident response plan.

Cyber attacks against Australia will continue to rise until organisations started putting more effort into security and the risk management of their information assets, said Nigel Phair, cybersecurity professor at Monash University.

This month, a cyber incident at DP World Australia, one of the country's largest ports operators, forced it to suspend operations for three days.

The shakeup of the country's cyber security rules was triggered by the 2022 data theft at telecoms provider Optus, which exposed personal information of 10 million Australians.

ALSO READ: Police investigate 'cyber incident' at Australia ports operator DP World

This website is best viewed using the latest versions of web browsers.