During 2024-25, Australia has emerged as the number one focus area for international cybercriminals and state-sponsored actors. Malicious activity has increased by nearly 300 percent, directly affecting the security of our country’s critical infrastructure. In fact, according to recent reporting, incidents impacting these networks have increased by 111 percent, with more than 190 breaches so far. Cybersecurity Minister Tony Burke is encouraging all Australians to do their part to Defence Connect protect themselves and their families. He emphasizes the need to stay current with all software and implement multifactor authentication wherever possible.
Just last year, the ASD responded to more than 1200 cybersecurity incidents. That’s an 11 percent uptick from last year. This measure included blocking access to 334 million harmful domains. The increase in violent threats has led officials to advise people and private companies to invest in increased security.
Abigail Bradshaw, ASD director-general, highlighted how both the international climate and threats to systems have changed. She announced that we have to get past the password paradigm for account security once and for all. “I hope it [using passwords] is over. What we need is more technologies that enable multi-factor authentication, so that you are never solely reliant on a username and a password,” she said.
Additionally, the data confirms that almost half of the events affecting major companies were due to compromised credentials. This time cybercriminals used actual usernames and passwords — which they frequently obtained from the dark web — to get access. The ASD pointed to an especially important finding. Of those breaches, they said 42 percent of the breaches in last fiscal year’s incidents used stolen credentials.
Bradshaw further explained, “Networks are increasingly not being hacked, but are being breached through compromised or stolen credentials to gain unauthorized access.” Once access is established, bad actors can further emulate legitimate users’ actions and behaviors to exfiltrate sensitive data or deploy destructive malware.
The burden of cybercrime on Americans is more than operational—it’s financial. According to the ACCC, last year victims around the country lost an average of $33,000 from cyber-related scams. That’s an appalling 8 percent more than what we’ve seen in the past. For small business the average self-reported cost increased by 14 percent to $56,600. In contrast, business losses from each crime totaled about $202,000 per crime or double the amount from a year earlier.
To combat these rising threats, Burke emphasized that “most cyber incidents are preventable, and basic defensive measures make a huge difference.” Mr Tudge said multifactor authentication was one of the best cybercrime defenses that Australians could commit to.
Further, the ASD aims to prepare for an environment that will become more hostile towards industry with the progression of technology. As National Academies experts predict post-quantum cryptography by 2030. Among other things, they advise organizations to log more critical events and monitor them faster, patch legacy IT infrastructure, and third-party risk management.
Cybersecurity expert Stephanie Crowe noted the implications of these trends: “What that enables them [cyber criminals] to do is use a username and password to get onto an individual’s device, or, if they’re lucky enough, they’ve been able to take usernames and passwords for people’s corporate accounts.”
While cyber threats are increasingly commonplace, the ASD makes clear that they will require continued awareness and response. Bradshaw stated, “This highlights the ongoing need for vigilance and action to mitigate against persistent threats.” This very frightening data and expert commentary demonstrates why we need to act now. It’s clear that Australians need to step up their cybersecurity efforts at this crucial juncture.
