Cyber actors compromising home devices connected to the internet, according to the Australian Signals Directorate
Employees working from home have become the latest targets of cybercriminals, according to a new report from the Australian Signals Directorate, prompting warnings for employers about cybersecurity.
The Annual Cyber Threat Report revealed that it responded to more than 1,200 cybersecurity incidents, up 11% from last year.
"Over FY2024–25, state-sponsored cyber actors targeted Australian networks, and they continue to present an active and evolving cyber threat to Australia," the ASD report read.
"State-sponsored cyber actors conduct operations to serve political and military objectives, including cyber espionage, malign influence, interference and coercion, or to pre-position for disruptive and destructive cyber effects in the event of crisis or conflict."
It warned that state-sponsored cyber actors have also compromised home devices connected to the internet, such as home routers.
"State-sponsored cyber actors continue to use built-in network administration tools to carry out their objectives and evade detection by blending in with normal system and network activities, enabling them to decide when to steal information or cause harm to an organisation's network at a time of their own choosing," the report read.
"This is known as living off the land (LOTL). LOTL tradecraft requires network defenders to think like the malicious cyber actor, by studying abnormalities in behaviours occurring on systems rather than through traditional means such as intrusion detection systems."
Defence Minister Richard Marles called on businesses to review and apply the Australian Signals Directorate (ASD) guidance to protect their networks.
"I urge Australian businesses to review and apply the ASD and its partners' technical advice to protect your networks," he said.
The average self-reported cost of cybercrime per report for businesses went up 50% to $80,850, according to the report.
For large businesses, the average self-reported cost hit $202,691 for 2024–2025.
"A portion of this increase may be driven by the 138% increase in total financial losses from BEC for large business," the report read.
"However, the increase in financial losses for large business may also be attributed to low reporting numbers, making the average cost susceptible to outliers."
To boost their cybersecurity, the ASD's Australian Cyber Security Centre told employers to focus on four key areas:
- Implement best-practice logging.
- Replace legacy technology.
- Manage third-party risk.
- Prepare for post-quantum cryptography.
