The annual update report, released on Wednesday by the Australian Signals Directorate (ASD), revealed one of the largest targets for cybercriminals was small business.

Over the last year, reports of cybercrime have increased by eight per cent, costing small businesses on average nearly $50,000.

According to the report, on average, cybercrime cost an individual more than $30,000, a figure that has increased 17 per cent over the past 12 months.

In the last year, there were 36,00 calls to the ASD, a figure that has remained steady over the last 12 months.

Worryingly, private schools have become an increasingly popular target for cybercriminals, who use malicious software to lure in unsuspecting users before taking advantage of their sensitive data.

Malicious cyber actors infected the private school’s system after an employee accidentally clicked on a malicious sponsored link while searching online for an Australian education sector enterprise agreement; this technique is known as search engine optimisation poisoning. After clicking the malicious link, the employee was led to a honey pot website, which is designed to look exactly like an online forum, and downloaded a ZIP file, which the employee thought was a copy of the enterprise agreement they initially needed.

The malicious actor had access to the school’s network for three days, which contained sensitive student data, which can be stolen and sold online, or used to extort money from parents.

Cybercriminals aren’t only targeting the education sector for sensitive data.

The ASD report found the training, electricity, waste services, transport and warehousing industries were also targeted by cybercriminals.

The ASD recommends keeping devices up-to-date, using two-factor authentication where possible, and training staff to recognise phishing, which is commonly used to compromise accounts.

Originally published as Cyber criminals ramping up attacks against private schools