WavebreakMediaMicro - Fotolia

Australia becoming hotbed for cyber attacks

Research by Imperva shows an 81% increase in cyber security incidents in Australia between July 2021 and June 2022, including automated attacks that doubled in frequency

Australia is becoming an increasingly lucrative target for cyber criminals, who have launched more attacks – and with higher severity – against businesses and individuals in the country.

According to research by Imperva, there was an 81% increase in cyber security incidents in Australia between July 2021 and June 2022, a trend that grew over the 12 months with a sharp rise in 2022.

The severity of these attacks also increased, with critical attacks more than tripling (227%) between August 2021 and May 2022. Both increases are above the global trend for the same timeframes.

“Cyber criminals are targeting the personal data of Australians for financial gain – to sell, to hold to ransom, or to commit financial fraud and scams,” said Reinhart Hansen, director of technology at Imperva’s CTO office.

“During the pandemic, many organisations inadvertently created more opportunities for these bad actors. Many rushed their online implementations and transformation projects, taking shortcuts that left them vulnerable to exploitation.

“Now we’re seeing a large uptick in common, off-the-shelf and automated type attacks that hackers are continuously recycling and using against Australian targets,” he added.

Hansen noted that threat actors have also been looking for known weaknesses and vulnerabilities in applications and application programming interfaces (APIs) to gain access to the data repositories that sit behind them.

“During the pandemic, many organisations inadvertently created more opportunities for [cyber criminals]. Many rushed their online implementations and transformation projects, taking shortcuts that left them vulnerable to exploitation”
Reinhart Hansen, Imperva

“Their ultimate aim is to exfiltrate data at scale that will allow them to build citizen profiles that are used as the basis of their illegal activity,” he said.

The most heavily targeted industries in Australia were financial, retail and business services. In particular, incidents targeting financial services almost tripled (189%) in the first half of this year compared with the first half of 2021.

Attacking IPs mainly came from the US and Australia, which is to be expected, given that it’s common for hackers to use botnets based in the country they’re targeting. The US also accounted for a large number of infected devices and large cloud providers that attackers often use as infrastructure.

Automated attacks on the rise

The top three most common risks faced by Australian organisations were automated threats and remote code execution (RCE) or remote file inclusion (RFI). Attacks related to these risks grew in frequency between July 2021 and June 2022, with automated threats doubling in frequency.

It’s easy for attackers to aim bad bots at the information they want to steal, so bots are commonly used across the board for attacks in all industries. Financial services were heavily targeted, with bot attacks increasing almost sevenfold (588%) in the first half of 2022.

When it comes to account takeovers in Australia, attackers mainly used brute force attacks (70%) and credential stuffing (20%), which Imperva said was high compared with globally, where these two categories only accounted for a combined 28% of such attacks during the same period.

RCE, which allows attackers to execute malicious code on a targeted device, followed at an almost 60% rise across the board. Such attacks can be used to exfiltrate information from a system and, when combined with social engineering attacks or malware, can provide easier access to the target’s system.

Hansen noted that the findings underscore the need for Australian organisations to invest in security that better aligns with the modern data-driven enterprise.

“Today’s threat landscape requires data-centric security that spans from the network edge to applications and APIs and all the way down to the data itself. Only by protecting data and the modern online enterprise paths to that data can organisations truly defend their critical systems and maintain trust with customers, both of which are critical to success in the digital economy,” he said.

Read more about cyber security in Australia

  • The massive data breach that affected more than 10 million Optus customers has cast the spotlight on API security and other factors that contribute to the cyber resilience of organisations in Australia.
  • Australia is playing to its strengths in niche areas such as governance and deep tech to punch above its weight in the cyber security industry.
  • Australian state agency Transport for New South Wales is the latest victim of the supply chain attack against Accellion’s legacy file transfer system.
  • Supply chain security risks can wreak havoc for Australian firms if measures are not taken to deter cyber attackers from exploiting a supplier’s security gaps to target another firm.

Read more on Hackers and cybercrime prevention