Common threats

The cyber threat to Australian organisations is undeniable, unrelenting and continues to grow.

Organisations could be a target even if they do not think the information held on their networks is valuable, or that their business would be of interest to cyber adversaries.

Many organisations are at risk purely because they are vulnerable through unpatched software or unaware staff members.

Common threats impacting Australian businesses include:


Ransomware  is malicious software that makes data or systems unusable until the victim makes a payment. It is the fastest growing malware threat, targeting users of all types and affecting businesses around the world. For more information you can go to the Ransomware page on our website.


Phishing is where untargeted, mass emails are sent to many people asking for sensitive information (such as bank details), encouraging them to open a malicious attachment or visit a fake website that will ask the user to provide sensitive information or download malicious content. For more information you can go to the Phishing page on our website.

Distributed Denial of Service

A Distributed Denial of Service (DDoS) attack is when legitimate users are denied access to computer services (or resources), when the service is overwhelmed with requests from multiple sources. For more information you can go to the DDoS page on our website.

Scams targeting businesses

Australian businesses are a common target for a range of scams, with adversaries using advanced social engineering techniques to target staff members and enhance the perception of being legitimate. For more information you can go to the Scams page on our website.

Secondary targeting

This is where adversaries prey on small networks which are connected through their IT systems to a target organisation of higher value. It can enable cyber adversaries to exploit customer data and networks through a range of direct and indirect means. For more information you can go to the Secondary targeting page on our website.

Targeting bulk personally identifiable information

Australian networks holding large numbers of records of personally identifiable information (PII) are often targeted by cyber adversaries. Cybercriminals may use the stolen information for identity theft or attempt to extort money from organisations and individuals by threatening to release the stolen data. For more information you can go to the Targeting bulk PII page on our website.