An increase in incidents that caused extensive compromise, such as significant data breaches involving cybercriminals exfiltrating data from critical infrastructure for the purposes of financial gain, was revealed by the Australian Signals Directorate (ASD) Cyber Threat Report 2022-23.
ASD categorises incidents from most severe (1) to least severe (6). In the 2022-23 financial year, the number of incidents of category 2 — those that caused extensive compromise — rose from two to five, compared to the previous financial year. These five incidents occurred across Australia’s federal government, government shared services, regulated critical infrastructure, national security and systems of national significance.
Cyber security incidents were consistent with last financial year, with around 15% of all incidents being categorised category 3 (C3) or above. Of the C3 incidents, over 30% related to organisations self-identifying as critical infrastructure, with transport (21%), energy (17%), and higher education and research (17%) the most affected sectors. The most common C3 incident type was compromised assets, network or infrastructure (23%), followed by data breaches (19%) and ransomware (14%). The common activities leading to these incidents included exploitation of public-facing applications (20%) and phishing (17%).
In 24% of the cases, ASD was who notified the affected organisations of suspicious activity.
Government is the leading sector reporting cyber incidents
Australia’s federal and state governments were the leading sectors reporting cybersecurity incidents in FY 2022-23, according to the report. The federal government reported 30.7% of incidents followed by state and local governments with 12.9%.
There are a few reasons why this is so. The report warns that one of the reasons is due to the reporting obligations on government sectors, suggesting these are more likely to report an incident that unregulated ones. It is however no secret that attackers are targeting government worldwide, so this could still mean a legitimate higher number of attacks suffered by federal, state and local governments.