Cybercriminals exploit pandemic environment

The ACSC Annual Threat Report 2020-2021 presents a compelling case for the need to increase cyber security awareness and adopt behavioural changes to prevent falling victim to cybercrime. 

In the 2020-21 financial year, the ACSC received more than 67,500 cybercrime reports, an average of one every eight minutes, representing an increase of nearly 13% from the previous financial year.  

Cybercrime reports submitted via ReportCyber recorded total financial losses of more than $33 billion (AUD). More than 12,000 reports, or 18%, were made from NSW. 

The complexity and sophistication of cyber threats continued to rise during 2020-21. 

One major trend identified in this year’s report was the exploitation of the pandemic environment, with malicious cyber actors pivoting to exploit the coronavirus pandemic. 

The report found malicious cyber actors took advantage of Australia’s heightened vulnerability during this time to conduct espionage, steal money and sensitive data, and disrupt the services on which Australians rely. 

Meanwhile, ransomware continued to pose one of the most significant threats to Australian organisations. 

Cybercriminals are moving away from low-level ransomware operations towards extracting hefty ransoms from large or high-profile organisations. 

To increase the likelihood of ransoms being paid, cybercriminals are encrypting networks and also exfiltrating data, then threatening to publish stolen information on the internet. 

These shifts in targeting and tactics have intensified the ransomware threat to Australian organisations across all sectors, including critical infrastructure. 

Business email compromise (BEC) presented an insidious and growing threat to Australian businesses and government enterprises. 

BEC was one of the top-five cybercrime categories, responsible for more than 4,600 reports to ReportCyber, representing nearly 7% of total cybercrime reports received. 

The average reported loss was from business email compromise, about $50,600, representing a 54% increase compared to the previous financial year. 

Cybercrime reported through ReportCyber cost small businesses, on average, $9,000. Medium-sized were the hardest hit, with an average cost of $33,000 while large organisations incurred a $19,000 cost.