Australia ranks fourth in global cybersecurity attack list

An increase in cyber threats targeting critical infrastructure has placed Australia among the top five most attacked countries, a recent report from Nozomi Networks Labs reveals.

The Nozomi Networks Labs OT and IoT Security Report highlights Australia's move to the fourth position globally for cybersecurity attacks, previously not within the top five.

The report indicates a notable rise in attempts to gain access to critical infrastructure industries, with Australia's threat landscape showing a diverse range of attack types.

These include Network Denial of Service, Network Service Scanning, Remote System Discovery, Adversary-in-the-Middle, and Brute Force attacks, using tactics such as Impact, Discovery, Credential Access, and Collection.

The United States, Sweden, and Germany are the only countries reporting greater numbers of attacks than Australia. The report emphasises vulnerabilities in unprotected wireless networks, highlighting the ease of threat actors gaining deep access to critical infrastructure. "Cyberattacks on the world's critical infrastructure are on the rise," said Chris Grove, Director of Cybersecurity Strategy at Nozomi Networks.

"The systems we design and defend must not only withstand a barrage of threats in today's multipolar world but also balance the need to operate safely at scale, where human lives are at stake."

"By understanding these evolving threats and leveraging actionable insights, we can defend our critical infrastructure systems to ensure resilience, safety and operational continuity in an increasingly uncertain world."

The report's analysis covered more than 500,000 wireless networks globally, revealing that a mere 6 percent are adequately protected against wireless deauthentication attacks.

This statistic underscores the high exposure level of most wireless networks, even those in mission-critical environments. For instance, unprotected networks in healthcare could lead to unauthorised access to patient data or interference with critical systems, while in industrial settings, undetected intrusions might disrupt automated processes or halt production lines.

Furthermore, the report notes that nearly half of the observed cyber threat alerts during the latter half of last year occurred in the Impact phase of the cyber kill chain. This was particularly prevalent in industries such as Manufacturing, Transportation, Energy, Utilities, and Water/Wastewater, with Command and Control (C&C) techniques accounting for a substantial portion of these alerts.

The research identified 619 newly published vulnerabilities in the second half of 2024, of which 71 percent are classified as critical. Additionally, 20 vulnerabilities were highlighted with high Exploit Prediction Scoring System (EPSS) scores, indicating a significant likelihood of future exploitation. Four vulnerabilities have been observed as actively exploited in real-world scenarios (known exploit vulnerabilities).

Reflecting current security challenges, the report suggests an urgent need for organisations to promptly address the most critical vulnerabilities.

The findings reveal that critical manufacturing was the sector most impacted, accounting for 75 percent of all Common Vulnerabilities and Exposures (CVEs) reported. The Energy, Communications, Transportation, and Commercial Facilities sectors followed closely behind.

The "OT/IoT Cybersecurity Trends and Insights" report by Nozomi Networks Labs provides security professionals with valuable insights to reassess their risk models and security initiatives.

It offers recommendations to enhance the defence of critical infrastructure against a growing array of cyber threats.