SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Australian industrial cyberattacks factory mining digital shields lightning
#
IoT Security
#
IoT
#
Advanced Persistent Threat Protection

Australia ranked fourth globally for cyberattacks on industry

Wed, 30th Jul 2025
Author image
By Sean Mitchell, Publisher

Australia has been ranked as the fourth most targeted nation for cyberattacks, with threats increasingly affecting key sectors such as manufacturing, mining and minerals, according to analysis released in the latest Nozomi Networks Security Labs Report.

The report, focused on the operational technology (OT) and Internet of Things (IoT) threat landscape, provides detailed insights into how industrial organisations and critical infrastructure operators in Australia are being targeted by a range of cyber threats.

High level of targeting

Data from Nozomi Networks indicates that Australia retained its position as the fourth most targeted country, trailing Japan, Germany and Brazil. Over the first half of 2025, a diverse array of Australian organisations have been impacted by significant cyber incidents, including a well-known IVF fertility clinic, multiple major superannuation funds and a large-scale auto parts manufacturer.

The report's findings are based on a collection of threat data from globally distributed honeypots, wireless monitoring sensors, inbound telemetry, and partnerships. This broad base allows Nozomi's threat intelligence team to uncover both general trends and specific, novel attack methods worldwide and in Australia.

Types of cyber threats

Within Australia, the most frequently observed threats in the OT and IoT sectors were attacks using default credentials and valid accounts. Such attacks, which made up 45.6 per cent of all alerts, exploit pre-set device usernames and passwords or legitimate user accounts to gain unauthorised access. The third most common method was the Adversary-in-the-Middle tactic, in which attackers insert themselves between two communicating parties to intercept or alter information.

Attackers' shift in tactics is further illustrated by a change in prevalence: "In the previous six month period, Network Denial of Service was the most prevalent technique observed in Australia. This now takes fourth place."

Focus on manufacturing and mining

Industry targeting analysis within the report shows that manufacturing remains the most affected sector within Australia, followed by minerals and mining. These two areas are key components of the nation's critical infrastructure, amplifying concerns about the broader impacts of such attacks.

Internationally, the report notes that the most targeted industries include transportation, manufacturing, business services, minerals and mining, as well as energy, utilities and waste. This reflects a global trend of cybercriminals honing in on essential service providers.

Botnet activity trends

A further area of concern highlighted in the report is the detection and growth of IoT botnet activity within Australia. While not among the top 10 countries for IoT botnet attacks, Australia has moved from 25th to 20th position since the previous report. This shift suggests an uptick in local malicious activity using compromised connected devices.

The report states, "The number of compromised devices in Australia fluctuates throughout the year. Spikes in compromised devices are associated with the increased activity of botnets. In Australia, research showed an increased number of connection attempts on January 17 and 18, associated with an updated Mirai-based botnet."

Global context

Globally, the report documents notable developments in the origin and motivations behind cyberattacks. Nozomi Networks found, "Botnet attacks originated predominantly from the U.S., which overtook China in the number of compromised devices."

The report draws a link between cyber activity and geopolitical conditions: "The cyberworld reflects military conflict. In May and June there was a 133 per cent increase in cyber-attacks coming from six well-known Iranian threat actor groups – primarily targeting U.S. transportation and manufacturing organisations."

The regular publication of the Nozomi Networks Security Labs Report is intended to help raise awareness of active and emerging threats faced by organisations globally and within Australia. Its findings highlight the ongoing challenges facing the country's industrial and essential service sectors, as well as the need for continued vigilance and mitigation efforts in cyber security.

Related stories
Fireblocks & Thales deepen bank crypto key control
SentinelOne debuts lifecycle platform for AI security
Australians urged to tighten online habits on & off duty
Australians turn to AI for love as dating scams surge
Synology gains ISO 27001:2022 for security management

Top stories

Espionage Without Noise: Understanding APT36’s Enduring Campaigns
EC-Council unveils new AI risk & CISO training suite
SpecterOps unveils BloodHound Scentry identity risk service
Fortinet unifies cloud risk signals in FortiCNAPP upgrade
CDN market to hit USD $42.89bn as edge demand surges