Cyberspace has also become a “battleground” of war in the wake of Russia’s invasion of Ukraine, according to the Australian Cyber and Security Centre (ACSC) in its Annual Cyber Threat report released on Friday.

The ACSC, which is part of the nation’s most secretive spy agency, the Australian Signals Directorate, warned Chinese and Iranian state-actors have also sought to exploit any online weaknesses.

Even households are at risk, with up to 200,000 internet routers in Australian home offices and small businesses identified by the ACSC as “vulnerable to compromise, including by state actors”.

Individuals are also being “indiscriminately targeted” by malicious cyber attackers persistently scanning for vulnerabilities, often to use them as “entry points for higher value targets”.

Over the year, the ACSC repelled more than 29,000 “brute force attacks” against Australian servers, and blocked more than 24 million malicious domain requests.

There were 76,000 cybercrime reports lodged in 2021-22, which was a 13 per cent increase on the previous year.

Of these a disproportionate amount of reports came from Queensland, with 29 per cent, and Victoria, with 27 per cent, while NSW accounted for 22 per cent.

More than a quarter of all reports related to fraud.

On average the attacks cost small businesses about $39,555, medium businesses lost about $88,407, while large businesses suffered $62,233 in losses.

Cyber security “incidents” targeting state government, academia, large businesses and supply chain also increased, with 28 instances of an “extensive compromise” detected last year.

Of the 1,100 cyber incidents the ACSC responded to last year, about a quarter related to the federal government, 10 per cent were state, territory or local government, nine per cent were in the health care and social assistance sector, while eight per cent was in media and telecommunications.

About $98 million was lost in 1514 cases of business email compromise, with sectors like real estate increasingly targeted as they often communicate about large amounts of money related to house purchases.

Some of the highest losses occurred in NSW, where a phishing-style email attack cost businesses $69,000 on average.

Companies caught by email scams in Victoria lost on average $56,000 and Queensland lost $53,000.

ACSC head Abigail Bradshaw said government agencies were increasingly partnering with the private sector to repel and prevent cyber attacks as the threats increased in sophistication and volume.

“Fraud is the most common cybercrime threat impacting Australians, with business email compromise increasingly used to target high value transactions,” she said.

Ms Bradshaw said the “weaponisation” of sensitive stolen data was an increasing issue, as was the buying and selling of cyber hacking tools between criminals.

“We have witnessed the continued commercialisation of malicious malware and cybercrime tools, which have fed a growing network of cybercrime gangs,” she said.

Defence Minister Richard Marles said the “heightened level” of malicious activity in the past year reflected the “evolving strategic competition across the globe”.

“This has been clearly demonstrate in the brutal invasion of Ukraine – where Russia has sought to cause damage not just in traditional warfare, but through the use of destructive malware as well,” he said.

“Threat actors across the world continue to find innovative ways to deploy online attacks, as a result, too many Australians have felt the impacts of cybercrime.”

Got a news tip? Email clare.armstrong@news.com.au

More Coverage

Renters could face ‘devastating’ cyber hack

Kate McIntyre

Flybuys’ huge cyber boost as hackers wage war

ELI GREENBLAT

Originally published as 76,000 cyber crimes reported in Australia last financial year