SecurityBrief Australia - Technology news for CISOs & cybersecurity decision-makers
Australia

Guides

#
cloud security
#
cybersecurity
#
endpoint protection
#
firewalls
#
ransomware

Search

Abstract digital map australia shadowy figures binary code cyberattack
#
Malware
#
Ransomware
#
Phishing

Australia ranks high in cyberattacks as AI fuels new risks

Fri, 17th Oct 2025
Author image
By Melania Watson, Interview Editor

Australia was ranked among the countries most frequently impacted by cyber activity in the latest Microsoft Digital Defence Report, revealing the extent and evolution of cybercrime and nation-state attacks both globally and regionally.

The report found that Australia ranked tenth globally and fourth in Asia and the Pacific for the frequency of cyber activity impacting customers. Australia accounted for about 9.9% of affected customers in Asia and the Pacific during the first half of 2025.

Extortion and ransomware trends

According to Microsoft's data, extortion and ransomware accounted for more than half of cyberattacks worldwide.

The report detailed that in 80% of cyber incidents investigated last year, attackers aimed to steal data, primarily for financial gain. Over 52% of cyberattacks with a known motive were driven by extortion or ransomware, with attacks focused solely on espionage making up just 4%.

Nation-state threats remain prominent, but the majority of immediate attacks are perpetrated by opportunistic criminals seeking profit. As stated in the report:

"In 80% of the cyber incidents Microsoft's security teams investigated last year, attackers sought to steal data-a trend driven more by financial gain than intelligence gathering. According to the latest Microsoft Digital Defence Report, written with our Chief Information Security Officer Igor Tsyganskiy, over half of cyberattacks with known motives were driven by extortion or ransomware. That's at least 52% of incidents fueled by financial gain, while attacks focused solely on espionage made up just 4%. Nation-state threats remain a serious and persistent threat, but most of the immediate attacks organizations face today come from opportunistic criminals looking to make a profit."

Microsoft processes more than 100 trillion signals daily, blocks around 4.5 million new malware attempts, analyses 38 million identity risk detections, and screens 5 billion emails each day for potential threats. The report highlighted how automation and readily accessible cybercrime tools have enabled even low-skill threat actors to expand operations. Additionally, artificial intelligence has accelerated the development of malware and creation of synthetic content for phishing and ransomware attacks. Cybercrime is now a constant presence affecting individuals and organisations alike.

Critical services at risk

The report found that public services-including hospitals and local governments-remain prime targets for cybercriminals. These organisations are often challenged by limited budgets and outdated software, making them vulnerable. Incidents over the past year resulted in delayed emergency care, disrupted services, cancelled classes, and suspended transportation.

The report noted ransomware attackers favour critical sectors with limited response options, as the consequences of downtime can be severe. Governments, healthcare agencies, and educational institutions store valuable data that can either be sold or monetised through illicit means.

"Ransomware actors in particular focus on these critical sectors because of the targets' limited options. For example, a hospital must quickly resolve its encrypted systems, or patients could die, potentially leaving no other recourse but to pay. Additionally, governments, hospitals, and research institutions store sensitive data that criminals can steal and monetize through illicit marketplaces on the dark web, fueling downstream criminal activity. Government and industry can collaborate to strengthen cybersecurity in these sectors-particularly for the most vulnerable. These efforts are critical to protecting communities and ensuring continuity of care, education, and emergency response."

Nation-state activities

Nation-state actors were also found to be expanding their cyber operations, particularly in pursuit of geopolitical objectives, with a focus on critical communications, research, and academic institutions. The report identified different strategies employed by countries including China, Iran, Russia, and North Korea:

  • China is increasing espionage across industries, targeting NGOs, and exploiting new vulnerabilities rapidly.
  • Iran has widened its targets, including shipping and logistics firms, aiming for ongoing access to sensitive data and the potential to disrupt commerce.
  • Russia has extended its focus beyond Ukraine, targeting small businesses within NATO member states, and leveraging the cybercriminal ecosystem for its operations.
  • North Korea remains focused on generating revenue and espionage, with state-affiliated IT workers applying for jobs worldwide to send remittances home, and some turning to extortion if discovered.

The report summarised:

"The cyber threats posed by nation-states are becoming more expansive and unpredictable. In addition, the shift by at least some nation-state actors to further leveraging the cybercriminal ecosystem will make attribution even more complicated. This underscores the need for organizations to stay abreast of the threats to their industries and work with both industry peers and governments to confront the threats posed by nation-state actors."

Artificial intelligence: Impact on defence and attack

Artificial intelligence usage increased significantly for both attackers and defenders in 2025. Adversaries automate phishing, scale social engineering, craft synthetic media, and adapt malware more quickly using generative AI. Nation-state actors incorporate AI into their influence campaigns to increase scale and sophistication. Conversely, defenders-such as Microsoft-use AI to enhance threat detection, close detection gaps, and protect users from phishing.

The report emphasised the need for organisations to secure AI tools and provide ongoing training for security teams as threats evolve.

Identity-based threats

Identity attacks are on the rise, with more than 97% of such attacks relying on credential theft. Identity-based attacks increased by 32% in the first half of 2025 alone. Attackers typically use credentials harvested from breaches or infostealer malware, which are then sold on cybercrime forums to facilitate attacks like ransomware deliveries. The report stated that implementing phishing-resistant multifactor authentication could block over 99% of these attacks, even if credentials have been compromised.

Collective responsibility

The report concluded that cybersecurity must be approached as a shared responsibility. Ongoing collaboration between government and industry, along with updated regulation and technical development, are necessary to address the evolving risks. The report highlighted efforts by governments to attribute cyberattacks and impose consequences-such as legal indictments and sanctions-on foreign perpetrators as growing trends in accountability and deterrence.

"As digital transformation accelerates-amplified by the rise of AI-cyber threats pose risks to economic stability, governance, and personal safety. Addressing these challenges requires not only technical innovation but coordinated societal action."
Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X
Related stories
Avanade unveils suite of Microsoft-powered tools for midmarket firms
Forrester predicts AI errors to cost B2B firms over USD $10 billion
Drata appoints Aneal Vallurupalli as CFO amid global expansion
Ping Identity launches platform to secure & manage AI agents
Gigamon unveils quantum-safe cryptography in GigaVUE update

Top stories

Harnessing the power of ICT to propel your enterprise forward: Five key trends you need to be across in 2026
The cybersecurity imperative for smart factories
Fortinet unveils Secure AI Data Centre with 69% power saving
Exclusive: Google on AI-powered attacks & cyber threats in Australia
Hexaware boosts cybersecurity with strategic CyberSolve acquisition