Published on the 09/11/2022 | Written by Heather Wright
But govt deprioritises cyber skills in migration…
Australia has seen a jump in cyber attacks from both criminals and state-sponsored groups in the past year, with cybercrime reaching ‘profound’ levels, though one expert notes that when it comes to the types of attacks, it’s business as usual.
The Australian Cyber Security Centre’s third annual Threat Report for July 2021 to June 2022, shows a 13 percent increase in reported cybercrimes, with the 76,000 reports received by the organisation equating to one report every seven minutes.
“The line between cybercrime and national security is becoming blurred.”
Abigail Bradshaw, head of the Australian Cyber Security Centre, says the past 12 months have seen a sustained integration of cyber with conventional warfare in Ukraine and the coalescence of ‘powerful and disruptive’ cybercrime, gangs and nation states combining efforts in the conflict.
It’s not just Russia using cyber operations to pursue strategic interests.
The report notes the January 2021 Microsoft Exchange mail server hack which exposed tens of thousands to organisations across the world and allowed Chinese security agencies and criminals to access valuable data and IP.
The Australian government, as part of a US-led coalition of countries, laid blame for the hack at the feet of China’s Ministry of State Security. The report notes a joint Five-Eyes Advisory in November 2021 confirmed exploitation of those vulnerabilities by an Iranian state actor.
“Regional dynamics in the Indo-Pacific are increasing the risk crisis and cyber operations are likely to be used by states to challenge the sovereignty of others,” the report notes.
Lennon Chang, Monash Data Futures Institute senior lecturer in criminology, says the line between cybercrime and national security is becoming blurred.
“Cyberattack and cybercrime are now part of cyberwar,” he says. “Cybercrime can become a national security issue, given the current landscape.”
For businesses themselves, however, there are plenty of more pressing cybercrime issues to contend with.
While ransomware garners plenty of publicity and is the most destructive cybercrime according to the ACSC, it accounted for just 0.6 percent – or 447 reports made to the organisation in the year to July. That’s a 10 percent drop on the previous year, though the ACSC says it is likely that ransomware remains ‘significantly under reported’ especially by victims who choose to pay the ransom.
The education and training sector took top spot for ransomware attacks accounting for 11 percent of reports, up from fourth last year. Information media and telecommunications and professional, scientific and technical services followed at 10 percent.
Recent months have seen a number of very high profile – and large scale – ransomware attacks, including Optus and Medibank.
While those attacks may be heightening awareness of ransomware, it was fraud that accounted for the highest portion of reports, at 27 percent. It was followed by shopping (14 percent), online banking (13 percent) and investment (12 percent).
Higher profile types of cybercrime, including ID theft (1.8 percent) and malware (2.2 percent), figured towards the bottom of the list.
Business email compromise reports trended down slightly to 1,514, but the losses increased significantly to more than $98 million – an average loss of more than $64,000. Western Australia had several reports of financial loss in excess of $1 million due to BEC. The report says the year saw BECs focused increasingly towards targeting high value transactions like property settlements.
Adding to the headache for businesses is a 25 percent increase in the number of publicly reported software vulnerabilities.
The ACSC notes 45 attacks that resulted in ‘extensive compromise’ including two affecting federal government, government shared services or regulated critical infrastructure, though no details are provided.
The bulk of attacks resulting in extensive compromise were targeted at state government, academia/R&D, large organisations or supply chain, at 28.
Deputy Prime minister and Minister for Defence Richard Marles says Australia has witnessed a heightened level of malicious cyber activity, reflecting strategic competition across the globe.
But his comments that the Government is committed to reinforcing Australia’s cyber security as a national priority, are in stark contrast to moves by the government last week to deprioritise the visa migration of cyber experts.
IT jobs roles, including cybersecurity professionals, are among 27 job roles removed from the Priority Migration Skilled Occupation list as the government attempts to cull long wait lists in a move that caught many by surprise.
Chris Vein, CEO of industry body ACS, says “Given Australia’s ongoing chronic technology skills shortage, ACS is surprised IT visas are being de-prioritised.”
Matthew McCormack, Australia and New Zealand managing director for IT solutions provider UST dubbed the removal ‘perplexing’ given the state of cyberskills in Australia and the increasing frequency of cyber incidents.
“Visa migrations are fundamentally designed to address a gap in the talent pool, and while not a long term solution, they are a key mechanism to address the cyber skills crisis we now face.
“The ramifications of this decision is that we may see Australia fall further behind the rest of the world with regard to cybersecurity at a time when we should be strengthening our capabilities,” McCormack says.
“There is also the risk that this kind of visa policy will make other markets more attractive destinations for organisations to invest in setting up their cybersecurity hubs.”
Steven Armitage, Australian country director for private US cybersecurity training organisation Sans Institute said the removal of much-needed cyber related roles from the list is ‘another challenge’ Australian companies will need to overcome.
“The fact is we’re not seeing enough people graduate from university courses with the skills the industry needs, and cyber experts don’t have priority for skilled migration programs, so organisations must instead look at developing the skills from within with professional training, in order to fill the security gaps, which as recent high-profile breaches have shown, are hugely important.”
