THE HON. ANDREW HASTIE MP, ASSISTANT MINISTER FOR DEFENCE: Today, I am launching the Australian Cyber Security Centre’s Annual Cyber Threat Report. The headline news is that the online world is a dangerous place for Australians. Cyber is a battlefield. And if you own one of these, or if you're connected in any way, you're on the battlefield. So this report is about preparing the Australian people for the challenges that we have in the realm of cyber. The Cyber Threat Report updates the Australian people on the threats impacting Australia, and how the Australian Cyber Security Centre which is based in Canberra, which is a 24/7 standing task force, is responding. It also provides vital advice on how all Australians and Australian organisations can protect themselves against those threats – and the threat is growing.
In the last financial year, the Australian Cyber Security Centre received over 67,500 cybercrime reports. That's an average of one every eight minutes, representing an increase of 13 per cent from the previous financial year. So, the situation is deteriorating, and that's partly a consequence of the pandemic. Australians over the last 18 months have migrated much of their lives online. Services that we normally would conduct in person, whether it be shopping, banking, education, are now being done online and that means the threat surface area in Australia has grown, which has incentivised more criminal activity online, and so as we're seeing the cybercrime reports that are submitted to cyber.gov.au have recorded total financial losses of more than $33 billion in the last year and that's losses that are actually reported, so the figure could be higher. So this is a really big hit to our prosperity as a country, which is why we need to take the increasing cyber threat so seriously. Ransomware remains the most serious cybercrime threat due to its financial and disruptive impacts, and there are almost 500 ransomware related cybercrime reports received in the last financial year, an increase of almost 15 per cent compared to the previous financial year, with ransom demands ranging from thousands to millions of dollars. Cyber criminals continued to steal significant amounts of money by impersonating trusted suppliers or business representatives through business email compromise, and the average loss of each incident through business email compromise has cost more than $50,000. So if you're a small or medium business, you can imagine how much of a hit that is to your bottom line if you're the subject of a fraudulent cyber criminal activity. Malicious actors exploited the coronavirus pandemic environment by targeting Australia's desire for digitally accessible information or services. And the ACSC received over 1,500 cybercrime reports per month of malicious cyber activity related to the pandemic – with more than 75 per cent of these relating to loss of finances or important personal information, so you can see why scams and online fraud is such a risk to Australians.
So the question though is what action is the government taking? Between July 2020 and June of 2021, the ACSC received over 22,000 calls on the cybersecurity hotline – an average of 60 per day, and representing an increase of over 310 per cent from the previous financial year. So the good news is that people are aware of the Australian Cyber Security Centre and they're using it and they're reporting cybercrime. We provided assistance to over 1,630 cyber security incidents, we undertook 25 high priority operational tasking activities in response to identified and potential cyber threats of significant events. We removed from the internet over 7,700 websites hosting cybercrime activity. And earlier this year, I watched first-hand at the Australian Cyber Security Centre, cyber warriors, working for the Australian Government, disrupt criminals who were seeking to harvest credit card details of vulnerable Australians. So our people at the ACSC are working very hard to protect us around the clock. We disrupted over 110 malicious COVID-19 themed websites with assistance from Telstra and Services Australia. You can understand how important disrupting these operations which peddle misinformation, and also are used for fraudulent behaviour, why it's so important to disrupt them.
The Morrison government is investing $1.67 billion, including $1.35 billion through the Australian Signals Directorate and the ACSC to keep Australians safe online, and this is part of the $15 billion that we're spending over the next decade towards investment in our cyber and Defence capabilities. Importantly, we're not just responding but we're also taking the fight to our cyber adversaries through the Australians Signals Directorate – they are very busy disrupting offshore plots to target Australian organisations, businesses and the Australian people. It's really important that we keep them off balance. And the ASD has a very strong capability which we know was used against Islamic State. ASD put a virtual spear through the heart of ISIS and its online operations and so too, they are doing that to our cyber adversaries online as well. We're not just the hunted, ASD is hunting on behalf of us, and disrupting those people who are conducting espionage or cyber attacks on Australians and our important organisations. The AFP is also very active disrupting criminal cyber activity here in Australia, and so law enforcement, whether it be federal or state, plays an important role in disrupting cyber attacks.
The question is for people at home: what can individuals do to protect themselves? We've always talked about sovereignty in territorial terms. But we need to start thinking about sovereignty in digital terms. Of course, as a country, all our collective personal security adds up, and it's really important that we not just protect ourselves, but Australian digital sovereignty and so we need people to take action and there are basic steps that people can take to protect themselves. Make sure you update your apps and your computer systems regularly to the latest version, and install any security patches. Yesterday, Apple put out an alert for an iOS update. I did mine yesterday. Please do the same yourself. It's really important that you protect yourself from online threats. Be mindful of suspicious links sent to you via email and other messaging systems and don't click on them if you can't verify where they've come from. Everyone probably has had a DHL or Amazon message sent by text, many of these if not all of them are fraudulent – don't click on the links. People are using all sorts of means to attack and defraud Australians during the pandemic. Be very careful about what you click on. Install multi-factor authentication, and make sure there is an extra step between your valuable data like your bank account, and you. For example, you should get a text message with a code before you log into your bank account, or any important information. This is basic stuff, but we need to do a better job of doing it. And finally, use complex passphrases, not passwords. Make your passphrase difficult to hack. That's pretty easy and regularly change it and that way you protect yourself. And I should say finally, keep a backup of your data off your network. Ransomware attacks involve encryption of your personal data, and then you're forced to ransom that information back. If you've backed up your data, if you've managed your data well, particularly if you're a small and medium business, you stand a greater chance of surviving and thriving through a ransomware attack, and the Australian Cyber Security Centre has easy to follow guides on cyber.gov.au to increase your cyber security online or call 1300 CYBER1. That's 1300 CYBER1.
In closing, we're in a new era. We've always thought about war in terms of air, sea, or land. We now need to start thinking about it in terms of cyber. In this report, one in four of the attacks reported last year were on essential services. So you can imagine what a cyber attack, if successful, on critical infrastructure could do to our lives together as Australians. Think about what a cyber attack could do to our electricity, our water, our telecommunications – it would pose all sorts of problems. And that's why the government is moving to increase and enhance our legislation to protect our critical infrastructure. But the key point out of this report is that one in four cyber attacks this past financial year, were attempted on our critical infrastructure. And so it's really important we get across it.
I’ll now open up for questions. Thank you.
JOURNALIST: With critical infrastructure that you're talking about, like health and water, who's behind these attacks? Do you believe, is it other foreign governments?
ANDREW HASTIE: Well, we have a number of actors who are conducting malicious cyber operations online. We have state-based actors. We have sophisticated malicious criminal syndicates. We have individuals. We have all sorts of people. But since 2017, we've made public attribution to Iran, North Korea, Russia, and, more recently, China for cyber activity conducted against Australians, and indeed, we will call out bad behaviour when we see it. And that's an important part of this process of bringing more transparency to the cyber domain.
JOURNALIST: Do you think it's appropriate for Christian Porter to declare a blind trust paid part of his legal fees then claim he doesn't know anything about how that trust operates?
ANDREW HASTIE: Christian Porter has made a declaration in accordance with the requirements of the register, it's exactly how many other parliamentarians have done it before him. Importantly, he has not received any taxpayer funding for his legal fees. And as far as I'm concerned, he's executed his duties as a parliamentarian as required. And I have nothing further to add to that.
JOURNALIST: Is he misleading the Parliament by not providing those details?
ANDREW HASTIE: He's done exactly what is required of him as a parliamentarian.
JOURNALIST: And is it wise for any cabinet minister to accept money when they don't know where it came from?
ANDREW HASTIE: He's done exactly what has been required of parliamentarians before him and it's all in accordance with the rules.
JOURNALIST: Your messages today are mostly to consumers in Australia, what's the federal government doing to engage governments overseas, over what is pretty clearly a foreign threat?
ANDREW HASTIE: Well, you will remember the Prime Minister flew to Cornwall, met with Prime Minister Boris Johnson, President Joe Biden, and other world leaders. He put cyber on the agenda there, and then you would have seen the attribution that we made to China for the hacking of the Microsoft Exchange vulnerability and exploiting that. Thousands of businesses worldwide were affected, 39 countries made a joint attribution of China. So we are working very closely with not just the Five Eyes but also EU partners, and further afield as well. So this is an international problem and cyber now is an expression of national power, it's really important that we're able to protect our people, and that involves liaising with regular Australians – mums and dads, seniors, schools, businesses, whether they're small and medium, local and state governments, not-for-profits, charities, all of civil society need to be aware of cyber, and they need to protect themselves. And then of course, there's things that we're doing as a government and I mentioned that $15 billion investment over the next 10 years into cyber and defence capabilities, and empowering our law enforcement and our intelligence agencies to take it to adversaries and disrupt them before they disrupt us.
JOURNALIST: How easy is it for an Australian to become a victim, say they get sent a text message, they click the link, and they become a victim just because of that. Is that how simple it can be?
ANDREW HASTIE: It's as simple as that. It's very simple, and this is why it's so important that people understand the threat. We can't put our heads in the sand. We have to understand it. And that requires everyone learning, and so go to cyber.gov.au – we do partnerships with individuals, we do partnerships with businesses, over the last financial year, we've sent out many alerts. When the Microsoft Exchange vulnerability became known earlier in the year, we sent out multiple alerts to get businesses to update and patch their software – which is really, really important stuff. So it's a very simple thing and it's very easy to get hacked, which is why many people need to take action.
JOURNALIST: A lot of consumers would be savvy enough to not click the link that comes to their phone, it looks suspicious, but they might want to know how they can prevent receiving those emails and messages in the first place. What would you say?
ANDREW HASTIE: That's a great question, because I still get those texts myself, I certainly get them on my on my emails. So this is a problem that our service providers need to work through as well and, and I know they are aware of it, that they're working very hard, because they don't want to be responsible for fraudulent behaviour. Not that they are, but they certainly don't want to enable it. So they're working very hard, as I mentioned, with our law enforcement and intelligence agencies to disrupt this fraudulent behaviour, and also alert people to scams when they come through.
JOURNALIST: So it's the service providers that it comes back down to because I know in my own phone, I'm getting messages every couple of days from DHL and different companies and stuff like that. So is it just the service provider? Or is there more that government can do to stop these messages coming through, because they seem to be so much more frequent?
ANDREW HASTIE: And this is why it's so important that people, when they experience a scam or a ransomware attack, they report it to the Australian Cyber Security Centre – really important because that builds out a threat picture, we can understand what's going on. And we can send out the alerts which then equips people and prevents them from clicking on things. So look, these people are very sophisticated in the way they do these things and it's just constantly evolving. We're never going to reach a point where we can rest on our laurels and be content and that's why we need these regular updates. And that's why the Joint Cyber Security centres around the country – like the one right here in Perth – are so important, because we're building a network to defeat the networks online that are trying to harm us. And that's why the relationship that people here have with industry are so critical.
JOURNALIST: So if someone does click on a link, what do they need to do? What's the next step? They go ‘oh I think that's not a true link’ – what do I do?
ANDREW HASTIE: Well, I think I think the first thing is to, generally speaking, to get into the detail and I don't want to be prescriptive here because these scams have different forms, but certainly, let's talk about the DHL text, it always comes from an unknown number and there's always some urgency or emotional call – click on this your parcels being held up or you need to do something urgently – I would encourage all Australians to be very circumspect about clicking on urgent messages that they're not sure about or where they've come from.
JOURNALIST: And say when they do click on the link, and they've got on maybe that scam, what do they do? Do they need to change their passwords? What's the advice?
ANDREW HASTIE: The advice is on cyber.gov.au and there's information there for scams and I'd direct people to that website. It's the single source of truth from government on matters relating to cyber and it's tailor-made for Australians out there who aren't sure what to do in these situations and then you can also call the hotline and report and get advice there as well.
JOURNALIST: A few questions on Afghanistan, what is the future of the war crimes inquiry now that the Taliban is back in power?
ANDREW HASTIE: That's a process that's ongoing and it's at arm's length from government. The Office of Special Investigator has been established, and they are conducting their investigations in accordance with their own procedures and their own timelines. So sure, Afghanistan now being closed, and with no embassy there, that has complications, not just for this, but for a whole range of things. And I know there are still visa holders in Afghanistan who were unable to get out, and that's where my attention is, at the moment.
JOURNALIST: Should Australia recognise the Taliban as a legitimate government? And if not, what level of engagement should we have?
ANDREW HASTIE: That's a decision for Cabinet. But certainly, based on past behaviour, the Taliban – we need to be very realistic about what sort of government that will be. Certainly some of the reports over the last few weeks have been quite disturbing about the treatment of women and those who are not Taliban, or who you'd consider minorities or dissidents. So the jury is still out on the Taliban, but certainly, as you would know, I opposed the test match in Hobart that was proposed against Afghanistan, not because I have a problem with Afghan cricketers, but because my concern was about giving the Taliban a strategic victory through the proxy of sport and legitimising them and as we know, through past history, they have a very bad record with the treatment of minorities, women and others in their land.
JOURNALIST: The Taliban are seeking an embassy in Canberra, is that something you would oppose?
ANDREW HASTIE: I'm not sure if any overtures been made, but certainly, these things are all contingent on how they treat their own people. Thanks very much.