Australia Ranks Fourth Globally for Cyber Threats in Critical Infrastructure

The semi-annual report draws on data from a global network of honeypots, wireless monitoring, and telemetry sources to assess threat activity targeting critical infrastructure and industrial organisations.

Australian manufacturing in the crosshairs

Manufacturing continues to bear the brunt of cyber threat activity in Australia, followed closely by the minerals and mining sectors—two critical pillars of the national economy and supply chain.

The most prevalent attack method observed across Australian networks involved the use of default credentials and valid accounts, making up 45.6% of recorded alerts. Adversary-in-the-Middle (AiTM) attacks—where threat actors intercept communications between two systems—was the third most common tactic, signalling a shift from the network denial-of-service (DoS) attacks that previously dominated.

Botnet activity on the rise

Although Australia did not rank in the global top 10 for IoT botnet activity, the country has moved from 25th to 20th place over the past six months, indicating a rise in botnet presence. One noticeable surge occurred on 17–18 January, linked to an updated variant of the Mirai botnet—an infamous malware family targeting IoT devices.

Global trends mirror geopolitical tensions

The report also draws attention to wider geopolitical implications. In May and June 2025, attacks from six Iranian state-affiliated groups increased by 133%, with U.S. transportation and manufacturing sectors among the primary targets.

Globally, the most frequently targeted industries included transportation, manufacturing, business services, mining, energy, utilities, and waste—highlighting the cross-sector nature of OT and IoT threats.

Strategic implications for Australia

With Australia consistently ranking among the top four most attacked nations, the report underscores the urgency for organisations—particularly those operating in industrial and critical sectors—to strengthen OT and IoT security postures.

The findings also add weight to recent calls by national security leaders for greater sovereign cyber capability, increased visibility into industrial environments, and more robust identity and credential management practices.

As cyber threats continue to evolve in parallel with global conflict and technological expansion, Australian enterprises are urged to adopt proactive, intelligence-led security strategies to safeguard operational resilience.