Financial Crime World

Cybercrime and Crypto Threats: A Wake-Up Call for Australia’s Digital Defenses

Australia’s digital prosperity has made it an attractive target for cybercriminals and cryptocurrency fraudsters. With one cybercrime report filed every seven minutes in the country 1, targets range from Australia’s largest corporations to small-medium businesses and individual citizens.

Australia’s cyber threat landscape

According to the Australian Cyber Security Centre’s (ACSC) latest Annual Cyber Threat Report, Australia faces a “scale and intensity in the threat landscape that far outstrips the recent cases we have seen” 2. Assistant Director-General Rita Erfurt of the Australian Signals Directorate (ASD) describes the cybercrime situation in Australia as “prolific, overt, and constantly evolving” 3.

The nexus of cyber and crypto crime

The connections between cyber and crypto crime have grown stronger, with bad actors employing increasingly sophisticated techniques to move funds across the globe at unprecedented speed and scale. The same qualities that make digital assets a force for good - decentralized, permissionless, cross-border value transfer at the speed of the internet - also make them attractive to illicit actors.

During Australia’s Cyber Security Awareness Month, we examine some of the crypto-related cybercrime that has hit Australia in the past year and efforts to disrupt these illicit acts.

Triple strikes: Ransomware attacks on Australian corporations

Ransomware has been identified by the ACSC as the “most destructive cybercrime” 1. In the past year, three major Australian corporations have fallen prey to ransomware attacks:

  1. Optus (September 2022): Australia’s largest telco had 11 million customer records, including extensive personal information, hacked. The cybercriminal released 10,000 records on an online forum before abandoning the attack.
  2. Medibank (October 2022): The health insurer suffered a breach of 9.7 million past and present customer records, including health claims data. Hackers released three sets of files, labeled “good list” and “naughty list,” and later “abortions,” onto the dark web.
  3. Latitude Financial (March 2023): The financial services giant saw 14 million customer records compromised, including sensitive personal information.

Ransom demands were attached to all three cases, demanding payment in cryptocurrencies. The Optus hacker sought AUD1.5 million (USD1m), while Medibank is linked to Russia-based cybercriminals, possibly including ransomware syndicate REvil or its offshoot. These syndicates have demonstrated histories of moving their illicit proceeds on the blockchain.

Hitting the hackers hard: Australian Federal Police efforts

To combat these attacks, the Australian Federal Police (AFP) launched Operation Pallidus to apprehend the criminals behind the assaults and Operation Guardian to monitor and disrupt any attempts to leverage or profit from the stolen data. Both operations involve international law enforcement partners.

The AFP emphasized its “significant powers within its remit” to tackle such attacks, a “chilling reminder to hackers” that the AFP will relentlessly pursue them 4. A Sydney man was arrested and charged for attempting to blackmail Optus customers, with text messages concerning his scam uncovered by Operation Guardian.

State-sponsored advanced persistent threats (APTs)

Besides financially motivated attacks, state actors also pose a considerable cyber threat to Australia. The ACSC report states that Australia has been a “target of persistent cyber espionage by a wide range of state actors due to its regional and global interests, international partnerships, and participation in multilateral forums” 1.

One example of state-backed APTs is North Korea’s Lazarus Group, which has perpetrated some of the most prolific cryptocurrency hacks globally, including a USD41m theft from Australian-founded crypto betting platform Stake.com 5. TRM Labs analysis shows that Lazarus hackers frequently employ sophisticated techniques such as token swaps, cross-chain movements, and cryptocurrency mixers to obfuscate their on-chain asset movements.

Addressing state-sponsored cyber threats requires a multifaceted approach that combines technically sophisticated law enforcement activities and cybersecurity measures. It’s not just about catching criminals; it’s about mitigating the risks associated with these actors through developing cybersecurity policies and strategies.

Cyber-enabled crimes and online scams

Outside of high-profile corporate hacks and state-sponsored attacks, Australians have also been affected by online scams. The ACSC report notes that cyber-enabled crimes like online fraud, online shopping, and online banking-related crimes made up 54% of all reported incidents 1. The modus operandi of such schemes includes impersonating legitimate businesses to phish personal information and trick victims into making payments.

Data from the Australian Competition and Consumer Commission’s (ACCC) latest scam activity report aligns with this, with 34% of reported scams starting with an online contact method such as email, social media, or other internet platforms 6. Phishing was the most commonly reported scam, with 74,000 reports made and losses totaling AUD24.6m (USD15.6m). The use of cryptocurrency as a scam payment method is on the rise, with more victims reporting losses paid through cryptocurrencies in 2022 and being contacted via social media or mobile apps.

Australian law enforcement has stepped up their crypto-related capabilities in response, with the Australian Federal Police establishing a dedicated cryptocurrency unit in September 2022. TRM’s Forensics tool allows investigators to follow the flow of funds more transparently and keep pace with the increasing complexity of laundering techniques.

Prevention is the best cure: Staying safe and informed

An ounce of prevention is worth a pound of cure. Ordinary Australians and businesses can take steps to protect themselves against cybercrime.

“Education is key. The best way to protect yourself from cybercrime is to understand how you might be targeted” - Anthony Newman, Ncrypted.org 7

Scammers employ various tactics, including creating email addresses that mimic legitimate businesses or spoofing caller ID on text messages to seem legitimate. They craft messages to urgently convince victims. For example, “We have identified fraudulent activities on your account; verify your details below within 24 hours, or your account will be terminated.”

It’s essential to independently verify such messages. To stay informed on crypto-related scams and ensure online safety, visit Chainabuse’s safety center.