Recent Infostealer Attacks and Verified Cybersecurity Risks in Australia (2025)

Recent Infostealer Incidents and Security Verification in Australia: A Deep Dive

In recent months, Australia has witnessed an unprecedented surge in infostealer malware attacks, prompting our R&D team to conduct a comprehensive verification of security claims and statistics.

Recent Major Incidents

Banking Sector Infiltration: Multiple Australian financial institutions reported sophisticated infostealer attacks targeting customer credentials and financial data in Q1 2025

Healthcare Records Compromise: Three major healthcare providers experienced data breaches affecting patient records and medical histories

Government Agency Targeting: State government departments reported increased attempts of credential theft through advanced infostealer malware

Verification Report: Australia's Cybersecurity Situation (January-May 2025)

Executive Summary

This report verifies three claims about Australia's cybersecurity situation for the period of January to May 2025:

Australia ranked 16th globally for breached accounts

Email-based scams resulted in nearly 18,000 incidents reported in January and February 2025

There are ongoing risks from email scams and ransomware in Australia

All three claims have been verified as accurate based on multiple credible sources.

Claim 1: Australia ranked 16th globally for breached accounts

VERIFIED ✓

Evidence:

According to research by Surfshark (cybersecurity firm) reported in Insurance Business Magazine (April 2025):

Australia ranked 16th among affected countries globally for data breaches in Q1 2025

Approximately 398,500 breached accounts were recorded during Q1 2025

This marked a 98% decrease compared to the 17 million breaches reported in Q4 2024

The global number of compromised accounts dropped to 68.3 million in Q1 2025 (down from nearly one billion in Q1 2024)

Additional Context:

Since 2004, Australia has seen over 193 million user accounts compromised

Australia is the most affected country in the Oceania region

107 million passwords were exposed along with the compromised Australian accounts

On average, Australians have experienced seven data breaches per person

Claim 2: Email-based scams resulted in nearly 18,000 incidents reported in January and February 2025

VERIFIED ✓

Evidence:

According to ACCC's Scamwatch data reported in Insurance Business Magazine (April 2025):

Nearly 18,000 email scam incidents were lodged in January and February 2025

In 2024, email scams accounted for roughly 91,000 scam reports

Additional Context:

Australians have lost close to $300 million to email-based scams since 2020

Men made up 60% of these losses

Highest impact seen among individuals aged 65 and older ($63 million across 67,000 complaints)

Women aged 45 to 54 reported higher average losses (19,000 incidents amounting to $29 million)

Investment fraud accounted for nearly half of total financial losses associated with email contact

New South Wales recorded the highest incidence of investment scam reports per capita

Claim 3: Ongoing risks from ransomware in Australia

VERIFIED ✓

Evidence:

According to Bitdefender's March 2025 threat report, as reported by Insurance Business Magazine and SecurityBrief Australia:

Australia ranked sixth globally for ransomware detections in February 2025

962 ransomware incidents were recorded in February 2025

This represents a 126% increase year-over-year (compared to 425 incidents in February 2024)

Additional Context:

The increase in ransomware attacks is attributed to a shift in strategy where groups target newly discovered software vulnerabilities in edge network devices

Ransomware groups are increasingly seeking vulnerabilities with high-risk scores, particularly those that allow remote control of a system

The ransomware-as-a-service group known as Clop (Cl0p) accounted for 335 victims in February 2025

Australia was identified as one of the top 10 countries affected by ransomware globally

Conclusion

The verified claims paint a concerning picture of Australia's cybersecurity landscape in 2025. The dramatic increase in sophisticated infostealer attacks, combined with evolving threat vectors, necessitates a fundamental shift in security approaches across all sectors.

Organizations must recognize these verified statistics as a wake-up call and implement comprehensive security measures to protect against these evolving threats.

Stay productive and secure with TCD’s 24/7 managed cybersecurity services and keep your business safe from evolving cyber risks.

Your Security is our Priority

Your friendly Support Team

Speak to us about all your computer needs

This is Part of our Cyber Security awareness educational campaign. Through this training, you will learn awareness and key principles, and best practices to protect yourself, your organisation, and the public from cyber attackers. You will also be equipped with the knowledge to identify potential threats and take action before any damage can occur.