Key Takeaways from Australia’s 2024–2025 Cyber Threat Report
- Katarzyna Celińska
- 25 minutes ago
- 2 min read
Following the recent European Union Agency for Cybersecurity (ENISA) 2025 Threat Landscape Report and Microsoft’s cybersecurity intelligence findings, I reviewed Australia’s Annual Cyber Threat Report 2024–2025 — and the conclusions point to a consistent global trend.
Photo: WangXiNa na Freepik
Key Findings
✅ Passwords
➡️ According to the ASD, weak or reused hasztag#passwords are still responsible for a significant share of compromises.
➡️ Credential-based intrusions now account for 42% of major hasztag#cyber incidents affecting large organizations, government, and supply chains.
➡️ Attackers no longer “hack in” — they simply log in using stolen credentials.
Once inside, criminals mimic legitimate user behavior, making detection far more difficult while they:
➡️ steal sensitive information,
➡️ deploy ransomware,
➡️ move through internal systems undetected.
➡️ Attackers automate password attacks at massive scale.
➡️ Password managers and passkeys offer exponentially stronger security.
➡️ Passkeys — using biometrics like fingerprints or facial recognition — are highlighted as a critical next step.
✅ Ransomware
ASD responded to 128 ransomware incidents, consistent with previous years, reinforcing ransomware as the dominant global disruptor.
✅ State-Sponsored Espionage
Australia warns of an “increasing danger” to essential services and government systems — a trend echoed in ENISA and Microsoft ’s reports.
✅ AI
The report highlighted increasing use of AI for:
➡️ voice cloning,
➡️ fake websites,
➡️ synthetic identities,
➡️ more convincing phishing and social engineering.
After reviewing the ENISA 2025 Report, Microsoft’s Report, and now Australia’s Report, I can say that:
➡️ Attackers across continents may have different motivations or state affiliations, but the attack vectors, techniques, and intended outcomes remain almost identical.
➡️ The easiest and most common technique is phishing.
➡️ The biggest threat is ransomware.
➡️ The persistence of password-related breaches is not surprising.
Author: Sebastian Burgemejster
Comments