Firms warned to upgrade encryption ahead by 2030 to guard against quantum-aided hacks
Businesses have been warned they have just five years to overhaul their cyber defences to withstand quantum computing-enabled attacks.
Businesses have been warned they have just five years to overhaul their cyber defences to withstand quantum computing-enabled attacks, as AI turbocharges online threats using currently available technology.
The Australian Signals Directorate’s annual threat report reveals a more than doubling of suspected cyber attacks on critical infrastructure providers in the year to June 30, and a tripling of the value of losses for companies whose systems are breached.
Ransomware attacks were also up, including a 100 per cent jump in those targeting healthcare providers, with a single breach on an e-prescription service exposing the personal data of nearly 13 million Australians.
The report was released just days after the data of more than 5.7 million Qantas customers was posted online after the company refused to pay a ransom to criminal organisation Scattered Lapsus$ Hunters.
ASD said there were two incidents during the reporting period in which major federal government systems or regulated critical infrastructure operators sustained “extensive compromise”, but refused to identify the targeted entities.
It said state-sponsored actors such as China were a “persistent threat”, planting malicious code in critical systems to be activated “at a time of strategic advantage”.
Cybercriminals intensified their attacks, with ASC’s Australian Cyber Security Centre receiving more than 84,000 cybercrime reports over the period, or about one every six minutes.
ASD director-general Abigail Bradshaw warned hackers were using new technology, including AI, “to increase the speed and scale of their attacks”.
She said the cyber threat environment was likely to become exponentially worse following the introduction of quantum computing, with ASD warning current encryption systems could become obsolete as early as 2030.
Companies have been advised to urgently upgrade their protections to make use of new algorithms designed to withstand attacks using quantum computing technology.
“The years ahead will bring challenges for organisations in emerging technology, such as post-quantum cryptography,” ASD’s threat report states.
“Effective transition plans will be critical to operating in 2030 and beyond – in a post-quantum computing world – and this planning must start now.”
According to the report, ASD notified businesses and government agencies of more than 1700 suspected malicious cyber attacks in 2024-25 – an 83 per cent increase on the previous year.
Critical infrastructure operators were notified of more than 190 potential attacks on their networks, an increase of 111 per cent.
Ms Bradshaw said affected companies were responding positively to new “limited use” laws providing legal protection to entities that voluntarily shared information about cyber security incidents.
The frequency of cyberattacks was aided by cybercriminals’ “aggressive campaign of credential theft”, with stolen usernames and passwords being purchased off the dark web to access email, social media and financial accounts.
“Compromised accounts or credentials accounted for 42 per cent of incidents impacting large organisations, government, academia, or supply chains,” Ms Bradshaw said.
“Australia is increasingly targeted by cyber criminals looking to steal credentials. Once access is gained, they mimic legitimate user behaviour to steal sensitive personal or corporate information, install ransomware or malware and take over accounts.”
Identity fraud remained the top-reported cybercrime, up by 8 per cent, with average losses for individuals of $33,000.
Cybercrime losses for small businesses jumped by 14 per cent, to $56,600, while big businesses faced average losses of $202,700 – up by 219 per cent.
During the reporting period, ASD issued 14 advisories with its international partners attributing cyber attacks to state-sponsored groups, including those from China, Russia and Iran.
Ms Bradshaw said: “The report shows geopolitical tensions and power competition is reflected in cyberspace, with malicious actors leveraging cyber to conduct espionage and to target the networks of Australian government, critical infrastructure and business to disrupt and degrade.
“ASD continually undertakes disruption activities to protect individuals, businesses and government from cyber criminals.”
The threat report said state-sponsored hackers continued to use network administration tools to carry out their objectives, “blending in with normal system and network activities, enabling them to decide when to steal information or cause harm to an organisation’s network at a time of their own choosing”.
It said the line between state-sponsored and criminal actors was becoming increasingly blurred, with both using similar tools and exploiting similar weaknesses in systems.
Businesses were warned to update legacy systems and reconsider the data they kept.
To join the conversation, please log in. Don't have an account? Register
Join the conversation, you are commenting as Logout