Analyzing Australia’s cyberthreat landscape, and what it means for the rest of the world

Australia has been the victim of damaging cyberattacks in the latter half of this year, with high-profile incidents impacting businesses across critical sectors such as telecoms, healthcare, and government. The impacts of some of these attacks have been rolling on for months, with new details and further information about data breached from the incidents suffered by Optus and Medibank breaking regularly.

The Australian Cyber Security Centre (ACSC) recently confirmed what the media has already been reporting, releasing data that showed cyber-attacks have risen 13% YoY.

What makes Australia such an attractive target? And what does this shift mean for the future of other countries around the world?

Australia’s appeal

When it comes to ransomware and cyber extortion, cybercriminal gangs have typically targeted populous English-speaking countries such as the US and Canada due to the size of their economies and the fact that language does not present a barrier for many of these groups. Of the 10 countries with the highest number of recorded victims over the past year, seven are also counted among the world’s largest economies measured by GDP. The reasoning is simple: big economy = more business = more potential victims = higher chance of a fruitful compromise.

However, our data shows that threat actor groups are changing their behavior and preferred targets, which could be the reason for the rise in attacks seen in Australia. Over the last year, we’ve observed an 8% decline in US-based victims and a notable 32% reduction in Canada-based victims.

As well as the decrease in North America, we’re seeing the geography of attacks shifting from this area through the UK and Western Europe (which have seen victim numbers fall by 34% and 20% respectively over the past six months), and towards the rest of the world. The number of victims in East and Southeast Asia grew by 30% and 33% over the same period.

Australia presents a unique opportunity as threat actors look for new targets: it’s an English-speaking nation, with similar working practices and culture to the US and UK (unlike those of Asian countries). This makes it far easier for cybercriminals to conduct convincing phishing attacks and far more likely that those targeted will fall for the malicious emails landing in their inboxes.

Contrary to what’s being reported in the media, attacks in this region are not yet particularly high – with our data only showing between two and four incidents a month. However, observable cyber extortion attacks did increase by 8% in Australia and New Zealand between October 2021 and 2022.

Unless efforts like the International Counter Ransomware Initiative or recent commitments by the Australian government to “investigate, target and disrupt cybercriminal syndicates bear fruit, we anticipate this figure to keep rising.

The shifting geography of cybercrime

The obstacles language and business culture may or may not present to cyber extortion can be compared to a dam wall. When they are to what threat actors are accustomed to – as in Australia’s case – the wall is low, meaning that cybercriminals will have little difficulty adapting to a new hunting ground. Asian countries, however, present a higher dam wall.

To continue this analogy: when cybercrime can no longer “flow” comfortably into familiar, large, English-speaking nations, it will have to flow somewhere else. It is inevitable that the water level will eventually rise above the dam wall in those countries where socioeconomic obstacles for criminals are bigger. This is when we’ll see more cybercrime flowing into countries in Eastern Europe, Latin America and Asia.

As they look for new targets away from their usual stomping grounds, Australia’s appeal to cybercriminals is clear. I believe that Australia hasn’t reached the peak of its cybercrime wave yet, and that Australian organizations should be as prepared as they can be – as should African, Asian and South American countries. Australia will likely be just the start of a shift to new countries, which may not have the cyber maturity of often-targeted countries and that are therefore not as equipped to protect themselves.