The number of electronic phishing emails received by the Australians increased by 30% last year, as a new investigation of the abnormal security firm has found. Cybercriminals have been addressed more and more to the Asia and Pacific region, partly because it is becoming a larger player in critical industries such as data and telecommunications centers.
For APAC as a whole, credential phishing attacks increased by 30.5% between 2023 and 2024, according to the investigation. New Zealand saw a 30%increase, while for Japan and Singapore, it was 37%. Of all types of advanced attacks by email, including commercial email commitment and malware implementation, Phishing saw the greatest increase.
“The increase in the volume of attack throughout the APAC region can probably be attributed to several factors, including the strategic importance of their countries as epicentres for trade, finance and defense,” said Tim Bentley, vice president of APJ Security Abnormal in a press release.
“This makes organizations in the region attractive objectives for complex email campaigns designed to exploit economic dynamics, interrupt essential industries and steal confidential data.”
See: 80% of national infrastructure critical companies experienced an email security violation in last year
Between 2023 and 2024, the average monthly rate of all advanced attacks increased by 26.9% throughout APAC, including Australia, New Zealand, Japan and Singapore. This covered a 16% increase of Q1 to Q2 2024, and a 20% increase of Q2 to Q3.
While Phishing was the type of dominant attack, BEC attacks, including executive supplantation and payment fraud, also grew 6% year after year in APAC. According to abnormal security, the average cost associated with a successful BEC attack exceeded USD $ 137,000 in 2023.
Australian cyber immaturity and AI boom are causing a perfect storm
The news that Australia is prone to cyber attack is not entirely new. A Rubrik survey last year found that Australian organizations reported the highest rate of data violations compared to global markets in 2023.
Antoine Tard, Vice President of Asia-Pacific and Japan in Rubrik, said at that time that Australia was a favorite objective in part because the country “is a mature market and an early adopter of cloud and business security technologies,” and therefore they may have prioritized the rapid implementation on integral security.
At the national level, the cyber security approach has been a bit slow. The Australian Signal Directorate reported that only 15% of government agencies achieved the minimum level of cyber security in 2024, a strong decrease of 25% in 2023. These entities have also proven to be reluctant to adopt methods of authentication of the key to key Access, derived from the maturity of cyber security in the public sector and the perception of implementing it is complex.
There is also the AI factor, which influences the security scene worldwide. The ease of access to chatbots, both regular and jailbroken for disastrous purposes, makes it faster to generate material for phishing emails and reduce the input barrier, since technical knowledge is not required to use them. Chatbots with AI were named one of the main threats of 2025 for Australian cyber professionals, for that reason.
See: IA impacts on the cyber security landscape
The number of BEC attacks detected by the Vipre security firm in the second quarter of 2024 was 20% higher than the same period in 2023, and AI generated two fifths of them. In June, HP intercepted an email campaign that diffuses malware in nature with a script that “it was very likely that it has been written with Genai's help.”
In addition, adversaries have begun to use AI chatbots to generate trust with victims and, ultimately, scam them. The technique mimics how a company can use AI to combine the interaction driven by humans with the chatbot ai to involve and “turn” a person.
