CyberCX Reveals Insights into Australian and New Zealand Cyber Attack Landscape in 2023

• Business email compromise, unauthorised access and cyber extortion led incident types
• CyberCX observed a 50 per cent drop in victims paying ransoms
• Large variance in time-to-detect, with a maximum of 2.2 years for espionage
• Attackers increasingly stealing data only, without deploying ransomware

Melbourne, Australia – 08 April 2024 

CyberCX has released its annual Digital Forensics and Incident Response Year in Review Report for 2023, revealing that business email compromise, unauthorised access, and cyber extortion attacks dominated the attack landscape across Australia and New Zealand (AUNZ) last year.

 Using data from a sample of over 100 serious incidents CyberCX’s Digital Forensics and Incident Response (DFIR) team responded to last year, the report highlights a range of important cyber trends across AUNZ including:

• Business email compromises (BEC), where attackers compromise email accounts typically through phishing, are continuing to grow, with a 37 per cent increase during 2023.
• Time-to-detect (TTD) varied depending on the type of attack, with an average TTD of 18 days for cyber extortion incidents, a minimum of one day and a maximum of 75 days. By comparison, the average TTD for espionage incidents was 390 days, with a longest TTD of 2.2 years uncovered by CyberCX in 2023.
• Multi-factor authentication (MFA) isn’t stopping BEC, with five times more cases involving Adversary-in-the-middle (AITM) or session theft as Initial Access for BEC incidents than 2022.
• “Data extortion only” as a cyber extortion tactic was more common 2023, with the number of cases involving a threat actor stealing data only and not deploying ransomware more than tripling.
• Remote access solutions with valid credentials became the number one initial access method for cyber extortion incidents, surpassing vulnerability exploitation.
• Fewer victims are paying ransoms, with a roughly 50 per cent drop in payments by victims of cyber extortion observed.
• Not paying doesn’t always mean your data will be leaked publicly, with 53 per cent of cyber extortion victims that did not pay a ransom subsequently not observing their data leaked publicly or on a dedicated leak site (up from 46 per cent in 2022).

CyberCX’s Executive Director of Digital Forensics and Incident Response, Hamish Krebs said: “CyberCX’s DFIR team is the largest group of digital forensics investigators and incident responders across both Australia and New Zealand.

“The threat actors we go up against are relentless in their efforts to exploit vulnerabilities and cause maximum harm to organisations large and small, across all industries. Our insights are therefore hard-won and genuinely unparalleled in our region.

“We publish this data as part of our mission to secure the communities we live and work in. It is our hope that organisations across our region will leverage these valuable insights and implement our recommendations to increase their security posture as they consider how to protect their organisations, customers and their people in 2024 and beyond.”

The Report also includes insights into the most common cyber extortion and ransomware groups targeting AUNZ organisations, initial access vectors and tactics used by attackers, the vulnerabilities exploited, and threat actor motivations.

You can download and read the full Digital Forensics and Incident Response 2023 Year in Review report here.

ENDS

About CyberCX 

CyberCX is the leading provider of end-to-end cyber security and cloud services. With a workforce of 1,400 cyber security professionals, CyberCX is a trusted partner to private and public sector organisations, helping customers confidently manage cyber risk, respond to incidents, and build resilience in an increasingly complex and challenging threat environment.

Media Contact

Dexter Gillman

+61 439 393 196