A recent report by Zscaler, a leading cloud security company, reveals a disturbing trend: Australia has become a top source of phishing attacks, experiencing a staggering 479% increase in hosted phishing content in 2023. This alarming statistic highlights the growing sophistication of cybercriminals and the urgent need for Australian businesses and individuals to step up their defenses.
The Zscaler ThreatLabz 2024 Phishing Report, based on analysis of 2 billion blocked phishing transactions, paints a concerning picture. Australians are not only facing a surge in phishing attempts, but they are also unwittingly contributing to the problem by hosting malicious content within the country.
Significant Increase in Phishing Activity in Australia
The report reveals that phishing activity in Australia surged in 2023. The Australian Competition and Consumer Commission’s (ACCC) Scamwatch service recorded nearly 109,000 phishing-related scam reports, resulting in losses totaling AU$26.1 million. Within the Asia-Pacific and Japan (APJ) region, Australia faced 29,427,987 phishing attacks, accounting for 12.32% of the region’s phishing attempts and a 479.3% increase in hosted phishing content.
Rise of AI-Driven Phishing Attacks
Globally, phishing attacks increased by nearly 60% year-over-year, driven by AI-enhanced schemes such as voice phishing (vishing) and deepfake phishing. The report offers actionable insights and strategies to improve organizational security against phishing threats.
“The potential of AI is reshaping the cyberthreat landscape,” said Eric Swift, Area Vice President, ANZ at Zscaler. “With 29,427,987 phishing attempts in Australia alone, it is crucial for organizations to adopt best practices and a zero trust approach to combat these evolving threats.”
Targeted Sectors in Australia
In Australia, the manufacturing sector recorded the highest number of phishing attacks in 2023, with 5,984,195 incidents, followed closely by the services sector with 5,776,337 attacks. Other targeted industries included Technology, Government, Education, Finance and Insurance, and Retail and Wholesale sectors.
Global Phishing Landscape
North America experienced more than half of all phishing attacks, with the United States (55.9%) leading, followed by the United Kingdom (5.6%) and India (3.9%). The majority of phishing attacks originated from the U.S., the U.K., and Russia. Australia’s entry into the top 10 was driven by a significant increase in phishing content hosted in the country.
The finance and insurance sector saw a nearly 400% increase in phishing attacks, highlighting its vulnerability due to heavy reliance on digital platforms. The manufacturing sector also faced a 31% increase in phishing attacks, reflecting the industry’s growing digital integration and associated risks. Microsoft remained the most impersonated brand in phishing attacks, with 43% of attempts involving its platforms, including OneDrive (12%) and SharePoint (3%). ANZ Banking Group was ranked eleventh among the top twenty enterprise brands targeted for phishing.
Zscaler advocates for a Zero Trust architecture to defend against phishing attacks, leveraging AI-powered controls to prevent, detect, and respond to threats. The Zero Trust Exchange platform offers robust protection by inspecting TLS/SSL traffic, enforcing policy-driven access controls, preventing lateral movement, and stopping data loss through advanced inspection techniques.
For organizations aiming to bolster their security posture, adopting a Zero Trust framework is essential to counter the sophisticated phishing threats outlined in the Zscaler ThreatLabz 2024 Phishing Report.
Five everyday habits making SMEs a target
A new survey by the Council of Small Business Organisations of Australia’s (COSBOA) Cyber Wardens program has identified the top five cybersecurity bad habits among Australian small businesses. Based on responses from over 2,000 businesses, the study highlights common pitfalls that could lead to data breaches, financial losses, and other security threats as businesses return to work from the summer holidays. The findings aim to raise awareness and encourage small business owners to adopt better cybersecurity practices.
“It’s hard to remain vigilant, so this is a reminder on how to avoid slipping into bad habits and instead build good habits that improve your business culture of simple cybersecurity,” said COSBOA CEO Luke Achterstraat. “Through the Cyber Wardens program, we are encouraging small business owners to make simple swaps in their everyday habits to kickstart their new year cyber safety plan.”
Kirsten Lynch, owner of Plato’s Wonder. Create. Discover, a gift and toy shop in central Hobart, shared her experience. “Running a small business, I know just one attack could mean the end of my business, so I take cybersecurity very seriously,” she said. After completing the Cyber Wardens training, her staff stopped sharing passwords and started using strong, unique passwords. “The Cyber Wardens program is an informative, simple tool all businesses can use to help prevent cyber crime. I’ll be asking all my staff to do the training.”
Top Five Cybersecurity Habits to Adopt
- Shut Down Computers
27% of small businesses put their computers in ‘sleep mode’ instead of shutting them down, increasing the risk of out-of-date software being exploited. Shutting down ensures automatic updates are installed. - Use Strong, Unique Passphrases
26% of businesses reuse passwords across multiple systems, and 16% use short passwords. Using complex, unique passphrases for each account reduces the risk of multiple breaches. - Report Suspicious Emails
21% of businesses delete suspicious emails without alerting IT or management. Reporting these emails helps investigate and block potential threats. - Give Team Members Unique Logins
20% of businesses share passwords among staff. Unique logins ensure that if one password is compromised, the damage is limited. - Action Software Updates Promptly
18% of businesses delay software updates, leaving systems vulnerable. Prioritizing updates ensures critical security patches are applied.
The Cyber Wardens program, funded by the Australian Government, offers free training to small business owners and employees on essential cybersecurity practices, including multi-factor authentication, password management, device updates, and backups.
In 2023, Australians lost over $429 million to scams, with phishing, false billing, online shopping scams, and identity theft being the most reported. The ACCC reported a 73% increase in businesses losing money to scams, and the ASD’s Annual Cyber Threat Report revealed a 14% rise in the average cost of cyber crime per incident for small businesses, now at $46,000.
Keep up to date with our stories on LinkedIn, Twitter, Facebook and Instagram.