Whether people have a computer at home, use online banking services or simply receive electricity supplies, the community's reliance on technology is increasing. A safe and secure online environment enhances trust and confidence and contributes to a stable and productive community.
Government and business also take advantage of opportunities for economic development through increased use of information technology.
The AFP sees the increasing use and dependence on technology as one of the major influences on the domestic and international law enforcement operating environment.
What is Cybercrime?
In Australia, the term 'cybercrime' is used to describe both:
- crimes directed at computers or other information communications technologies (ICTs) (such as computer intrusions and denial of service attacks), and
- crimes where computers or ICTs are an integral part of an offence (such as online fraud)
Just as the internet and other new technologies are opening up tremendous possibilities, they also provide opportunities for criminals to commit new crimes and to carry out old crimes in new ways. On the evidence available, it is clear that the number, sophistication and impact of cybercrimes continues to grow and poses a serious and evolving threat to Australian individuals, businesses and governments.
Online, criminals can commit crimes across multiple borders in an instant and can target a large number of victims simultaneously. Tools that have many legitimate uses, like high speed internet, peer to peer file-sharing and sophisticated encryption methods, can also help criminals to carry out and conceal their activities.
The AFP is responsible for detecting, preventing, disrupting, responding to and enforcing cybercrime offences impacting the whole of the Australian economy. It focuses on investigating cybercrime threats against Commonwealth Government departments, critical infrastructure and information systems of national significance, with a key element being the banking and financial sector. The AFP is guided by Commonwealth priorities for combatting cybercrime.
In general, the investigation of fraud against an individual is a state police responsibility. However, where there is a crossover between the investigation of a fraud against an individual and the investigation of an organised attack against critical banking systems, the AFP will work together with the local jurisdiction and the banking and finance industry.
The AFP also works closely with State and Territory Police and international policing agencies in the fight against all types of cybercrime.
For the latest advice on the types of cybercrime currently impacting Australians visit the Australian Cyber Security Centre website.
Cybercrime law
Cybercrime offences are found in Commonwealth legislation within parts 10.7 and 10.8 of the Criminal Code Act 1995 and include:
- Computer intrusions
- Unauthorised modification of data, including destruction of data
- Unauthorised impairment of electronic communications, including denial of service attacks
- The creation and distribution of malicious software (for example, malware, viruses, ransomware)
- Dishonestly obtaining or dealing in personal financial information.
Each State and Territory in Australia has its own legislated computer-related offences that are similar to the Commonwealth legislation as well as legislation which covers online fraud and other technology enabled crimes.
What to do if you believe you are the victim of cybercrime
IF THERE IS AN IMMEDIATE THREAT TO LIFE OR RISK OF HARM, CALL 000.
If you or your business are a victim of a cybercrime, please report it in the first instance to the Australian Cyber Security Centre.
Online child abuse material
- AFP online child sex exploitation form (do not use this reporting form to report emergencies or concerns which require a high priority response, such as a child who is in immediate danger or risk. In those cases call 000 or your local police station.)
Visit the child protection page for more information.
Online abuse
The Office of the eSafety Commissioner provides a platform to report online abuse, including cyberbullying, image-based abuse, and offensive and illegal content.
More information
Australian Cyber Security Centre
The Australian Cyber Security Centre (ACSC) is the Australian Government's lead on national cyber security. It brings together cyber security capabilities from across the Australian Government to improve the cyber resilience of the Australian community and support the economic and social prosperity of Australia in the digital age. It possesses a comprehensive understanding of cyber threats, and provides advice and assistance to help Australians identify and manage cyber risk.
The ACSC includes staff from the Australian Federal Police and from the following agencies:
ACSC Joint Cyber Security Centres (JCSC) have opened in Brisbane, Melbourne, Sydney, Perth and Adelaide to bring together business and the research community along with State, Territory and Commonwealth agencies to enhance collaboration on cyber security. JCSCs are a critical hub for business and governments to improve their cyber security practices and share information in a trusted and secure environment.
The ACSC's website replaces a number of government cyber security websites and services.
For more information on the Australian Cyber Security Centre itself, visit the corporate page.
ThinkUKnow
ThinkUKnow is an online education and prevention program that uses a network of trained volunteers to deliver online safety presentations to parents, carers and teachers on how young people use technology, the challenges they might face and how to get help and support if something goes wrong online. Presentations generally run for one hour, and are supported by a comprehensive website, thinkuknow.org.au that provides additional information and resources.
ThinkUKnow is a partnership between the AFP, Microsoft, Datacom, Commonwealth Bank and is delivered in collaboration with State and Territory police and Neighbourhood Watch Australia.
Scamwatch
Scamwatch is run by the Australian Competition and Consumer Commission (ACCC). It provides information to consumers and small businesses about how to recognise, avoid, and report scams.
Office of the eSafety Commissioner
The Office of the eSafety Commissioner is committed to empowering all Australians to have safer, more positive experiences online. The Office was established in 2015 with a mandate to coordinate and lead the online safety efforts across government, industry and the not-for profit community.
Online Safety
For a comprehensive list of all the Australian Government Initiatives for Online Safety, please visit Online Safety.
- View PDF
Volume 80, Issue 5, August 2014, Pages 973-993
//doi.org/10.1016/j.jcss.2014.02.005Get rights and content
Emerging technology trends
Cyber attacks and countermeasures
The motives for cyber attacks are many. One is money. Cyber attackers may take a system offline and demand payment to restore its functionality. Ransomware, an attack that requires payment to restore services, is now more sophisticated than ever.
Corporations are vulnerable to cyber attacks, but individuals are targets too, often because they store personal information on their mobile phones and use insecure public networks.
Tracking evolving and increasing cyber attacks is key to better cyber security. As cyber security professionals work to increase their knowledge of threats and cyber security information, earning an online cyber security master’s degree can be invaluable. Graduates of the University of North Dakota’s online Master of Science in Cyber Security program can expect to gain a deep and nuanced understanding of cyber attack methods.
What Is a Cyber Security Threat?
A cyber security threat refers to any possible malicious attack that seeks to unlawfully access data, disrupt digital operations or damage information. Cyber threats can originate from various actors, including corporate spies, hacktivists, terrorist groups, hostile nation-states, criminal organizations, lone hackers and disgruntled employees.
In recent years, numerous high-profile cyber attacks have resulted in sensitive data being exposed. For example, the 2017 Equifax breach compromised the personal data of roughly 143 million consumers, including birth dates, addresses and Social Security numbers. In 2018, Marriott International disclosed that hackers accessed its servers and stole the data of roughly 500 million customers. In both instances, the cyber security threat was enabled by the organization’s failure to implement, test and retest technical safeguards, such as encryption, authentication and firewalls.
Cyber attackers can use an individual’s or a company’s sensitive data to steal information or gain access to their financial accounts, among other potentially damaging actions, which is why cyber security professionals are essential for keeping private data protected.
Cyber security professionals should have an in-depth understanding of the following types of cyber security threats.
1. Malware
Malware is malicious software such as spyware, ransomware, viruses and worms. Malware is activated when a user clicks on a malicious link or attachment, which leads to installing dangerous software. Cisco reports that malware, once activated, can:
- Block access to key network components (ransomware)
- Install additional harmful software
- Covertly obtain information by transmitting data from the hard drive (spyware)
- Disrupt individual parts, making the system inoperable
2. Emotet
The Cybersecurity and Infrastructure Security Agency (CISA) describes Emotet as “an advanced, modular banking Trojan that primarily functions as a downloader or dropper of other banking Trojans. Emotet continues to be among the most costly and destructive malware.”
3. Denial of Service
A denial of service (DoS) is a type of cyber attack that floods a computer or network so it can’t respond to requests. A distributed DoS (DDoS) does the same thing, but the attack originates from a computer network. Cyber attackers often use a flood attack to disrupt the “handshake” process and carry out a DoS. Several other techniques may be used, and some cyber attackers use the time that a network is disabled to launch other attacks. A botnet is a type of DDoS in which millions of systems can be infected with malware and controlled by a hacker, according to Jeff Melnick of Netwrix, an information technology security software company. Botnets, sometimes called zombie systems, target and overwhelm a target’s processing capabilities. Botnets are in different geographic locations and hard to trace.
4. Man in the Middle
A man-in-the-middle (MITM) attack occurs when hackers insert themselves into a two-party transaction. After interrupting the traffic, they can filter and steal data, according to Cisco. MITM attacks often occur when a visitor uses an unsecured public Wi-Fi network. Attackers insert themselves between the visitor and the network, and then use malware to install software and use data maliciously.
5. Phishing
Phishing attacks use fake communication, such as an email, to trick the receiver into opening it and carrying out the instructions inside, such as providing a credit card number. “The goal is to steal sensitive data like credit card and login information or to install malware on the victim’s machine,” Cisco reports.
6. SQL Injection
A Structured Query Language (SQL) injection is a type of cyber attack that results from inserting malicious code into a server that uses SQL. When infected, the server releases information. Submitting the malicious code can be as simple as entering it into a vulnerable website search box.
7. Password Attacks
With the right password, a cyber attacker has access to a wealth of information. Social engineering is a type of password attack that Data Insider defines as “a strategy cyber attackers use that relies heavily on human interaction and often involves tricking people into breaking standard security practices.” Other types of password attacks include accessing a password database or outright guessing.
Evolution of Cyber Security
Cyber security practices continue to evolve as the internet and digitally dependent operations develop and change. According to Secureworks, people who study cyber security are turning more of their attention to the two areas in the following sections.
The Internet of Things
Individual devices that connect to the internet or other networks offer an access point for hackers. Cytelligence reports that in 2019, hackers increasingly targeted smart home and internet of things (IoT) devices, such as smart TVs, voice assistants, connected baby monitors and cellphones. Hackers who successfully compromise a connected home not only gain access to users’ Wi-Fi credentials, but may also gain access to their data, such as medical records, bank statements and website login information.
The Explosion of Data
Data storage on devices such as laptops and cellphones makes it easier for cyber attackers to find an entry point into a network through a personal device. For example, in the May 2019 book Exploding Data: Reclaiming Our Cyber Security in the Digital Age, former U.S. Secretary of Homeland Security Michael Chertoff warns of a pervasive exposure of individuals’ personal information, which has become increasingly vulnerable to cyber attacks.
Consequently, companies and government agencies need maximum cyber security to protect their data and operations. Understanding how to address the latest evolving cyber threats is essential for cyber security professionals.
University of North Dakota’s Master of Science in Cyber Security Program
Choosing the right online cyber security master’s program is crucial. The best programs offer courses that stay current with today’s cyber security issues and concerns.
UND prepares students for cyber security careers with concentrations such as Autonomous Systems Cyber Security, Cyber Security and Behavior, Data Security and General Cyber Security. Learn more about how UND’s online Master of Science in Cyber Security prepares students for top cyber security careers.
Recommended Reading
5 Powerful Cryptography Tools for Cyber Security Professionals
Common Types of Cyber Attacks and Prevention Tactics
Health Care Cyber Security During Epidemics
Sources
Cisco, Defending Against Today’s Critical Threats
Cisco, What Are the Most Common Cyber Attacks?
CSO, “The 15 Biggest Data Breaches of the 21st Century”
Cytelligence, Cyber Security in the Ear of the Smart Home Devices
Digital Guardian, “What Is Social Engineering? Defining and Avoiding Common Social Engineering Threats”
Grove Atlantic, “Exploding Data”
Netwrix, “Top 10 Most Common Types of Cyber Attacks”
Secureworks, Secureworks State of Cybercrime Report 2018
UpGuard, “What Is a Cyber Threat?”