2023–24 Annual Cyber Threat Report Summary

The 2023–24 Annual Cyber Threat Report highlights Australia’s growing cyber threats. Global conflicts, rising tensions in the Indo-Pacific, and advancing technology are providing cybercriminals and state-sponsored hackers with new ways to target governments, businesses, and households. Key risks include espionage, spreading disinformation, and cyberattacks on critical infrastructure.

The Australian Signals Directorate (ASD) is a government agency dedicated to protecting Australia from cyber threats. The ASD monitors electronic communications, defends critical infrastructure, and conducts operations to support national security and military efforts.

In the past year, ASD received over 36,700 calls for help and handled 1,100 cyber incidents. Hackers, often backed by foreign governments like China and Russia, are using advanced tactics to disrupt networks and steal sensitive data. Critical infrastructure such as energy and healthcare are primary targets, as cyberattacks on these sectors can cause widespread disruption.

Cybercrime Continues to Grow

Cybercrime remains a significant threat, with criminals increasingly using advanced tools like artificial intelligence to carry out their operations more effectively. In FY2023–24, common cybercrimes reported in Australia included business email compromise, fraud, ransomware, and data theft extortion. These attacks have led to financial losses, significant disruption, and reputational damage for businesses.

Ransomware: A Growing Threat

Ransomware remains one of the most significant cyber threats, particularly for small and medium-sized businesses. In this form of attack, cybercriminals encrypt data or lock systems, demanding a ransom for its release. Increasingly, attackers are stealing sensitive data and using it for extortion. Businesses that pay ransom do not guarantee data recovery, and often, the attack doesn’t stop with one payment.

Small businesses are particularly vulnerable to these types of attacks, as they often lack the resources to implement robust cybersecurity measures. Ransomware can lead to significant financial losses, reputational damage, and operational disruptions, leaving businesses offline and unable to access critical data.

The ASD advises businesses not to pay ransoms, as it doesn’t ensure data recovery or prevent further attacks. Instead, the focus should be on adopting strong security measures, including regular updates, secure backups, and proactive threat detection systems.

Cybersecurity Is an Ongoing Effort

Cybersecurity isn’t a one-time fix – it’s an ongoing effort that requires constant vigilance. Organisations must prioritise replacing outdated systems with secure-by-design products. These are built with security in mind from the start, reducing vulnerabilities. New technologies should be assessed with security as a key consideration. Following industry best practices, such as the Essential Eight, is crucial to mitigating risks. Regular updates and ongoing maintenance are also essential for strengthening resilience. For critical infrastructure organisations, preparing for a cyberattack should be assumed. Every organisation needs a tested response plan, an understanding of its systems, and a plan to recover from incidents quickly.

Reporting Cybersecurity Incidents

If you experience a cybercrime or security incident, it is vital to report it immediately. Cybercrime reports will be referred to the relevant law enforcement agency, while cybersecurity incidents should be reported through the ReportCyber portal.

Cybersecurity incidents can include:

• Denial of Service (DoS) attacks.
• Scanning and reconnaissance.
• Unauthorised access to a network or device.
• Data exposure, theft, or leaks.
• Malware or ransomware attacks.
• Phishing or spear-phishing attempts.
• Other suspicious cyber activity.

When reporting an incident, be ready to provide indicators of compromise, logs, network traffic captures, or other relevant analysis.

How The ASD Can Help

When you report an incident, ASD provides immediate assistance, including advice on how to contain and remediate the issue. They may also connect you with relevant Australian government organisations for further support. In more complex cases, the ASD may deploy a team of digital forensics specialists to assist with technical investigations.

The ASD encourages every organisation and individual who observes suspicious cyber activity, incidents and vulnerabilities to report to cyber.gov.au/report or the Australian Cyber Security Hotline 1300 CYBER1 (1300 292 371). ASD provides free technical incident response advice and assistance 24 hours a day, 7 days a week. ASD also offers guidance on managing public communications during an incident to protect the integrity of the investigation.

Source: Cyber.gov.au – Annual Cyber Threat Report 2023-2024