Overview

• The Australian Signals Directorate responded to 1,200 incidents in 2024–25, an 11% rise, and issued about 190 alerts to critical infrastructure, including two cases of extensive compromise across government and regulated sectors.
• Compromised credentials accounted for roughly 42% of major-impact incidents, with attackers using valid logins to mimic legitimate users and deploy ransomware or steal data.
• Reported losses surged, with large businesses averaging about $202,700 per incident, medium businesses $97,200, small businesses $56,571, and individuals about $33,000.
• ASD detailed state-backed activity, singling out China-linked APT40 and revealing botnets built from hundreds of thousands of hijacked home devices, which obscure follow-on operations.
• Officials urge multi-factor authentication, unique passphrases and prompt software updates as AI is expected to speed attack campaigns, while recent breaches such as the Qantas data leak sit outside the report period but underscore ongoing risk.