Spy agency points finger at common password habits
15 October
In five years time passwords could be a thing of the past for Australians.
The nationâs top cyber spy agency is warning against using common passwords as cyber attacks costs cause business costs to soar.
Cybercrime reports have dropped but businesses face a bigger financial impact from them, the Australian Signals Directorateâs annual cyber threat report released on Tuesday reveals.
Directorate director-general Abigail Bradshaw hopes that in five yearsâ time the nation moves on from using passwords.
âI hope it (using passwords) is over. This is the thing that concerns us most,â Ms Bradshaw told AAP.
âAll accounts must have multi-factor authentication. Change your passwords increasingly regularly.
âDonât use it across multiple devices.â
Networks are increasingly being breached through compromised or stolen details to gain unauthorised access, rather than being hacked, making it harder to detect.
âOnce access is gained, they mimic legitimate user behaviour to steal sensitive personal or corporate information, install ransomware or malware and take over accounts,â Ms Bradshaw said.
These types of breaches account for 42 per cent of cyber incidents impacting large organisations, government or supply chains, head of ASDâs Australian Cyber Security Centre, Stephanie Crowe, said.
Passwords and usernames remain the biggest vulnerability for safety, with home routers often targeted by cybercriminals seeking to conceal their activities.
Have I Been Pwned cybersecurity expert Troy Hunt believes passwords will still be around in five years because âeveryone knows how to use themâ.
But this is exactly why attacks against them were so easy, he said.
âTheyâre usually simplistic and repeated allowing attacks on passwords to be automated at an enormous rate,â Mr Hunt said.
He said using an online password manager, suck as 1Password, that securely stores login credentials and setting up two-factor authentication are common defences against these types of threats.
âThe only secure password is one you canât remember,â Mr Hunt said.
âIf you donât have a password manager, then youâll just be reusing passwords across accounts.â
A stronger defence is using a passkey, he said, which is a passwordless login method that uses biometrics such as a fingerprint or facial recognition.
The Australian Signals Directorate report states the agency responded to 128 ransomware incidents, consistent with 2024, with these types of cybercrimes labelled as the âmost disruptiveâ threat.
It comes as the data of 5.7 million Qantas customers was posted online after hackers from Scattered LAPSUS$ Hunters made good on a ransom threat.
The airline was one of six global companies to have its data released at the weekend, and included customersâ full names, email addresses and Frequent Flyer details.
The incident was not included in the report because it happened in the current financial year.
The report warned artificial intelligence may also create an avenue for cybercriminals to carry out threats, such as creating fake voices, websites, and customer records to present themselves to victims as legitimate.
Cyber-enabled espionage posed a âreal and increasing dangerâ to Australiaâs essential services, Defence Minister Richard Marles said.
âThe report makes clear that malicious actors have been working unseen to steal data and demand ransom payments from Australian victims,â Mr Marles said.
