Australia and New Zealand Threat Landscape in H1 2025 is Worrying, but has a Silver-Lining 

The first half of 2025 followed the upward trend of cyber threats from previous quarters in the Australia and New Zealand region. The continent is experiencing an unprecedented surge in cyber threats that are evolving rapidly in sophistication and scale. For CISOs, this isn’t merely a technical challenge; it’s a critical business risk, demanding immediate strategic recalibration and a renewed focus on enterprise resilience. 

The Primary targets—healthcare, finance, education, and critical infrastructure—in this region show the direct implications for national security and economic stability. While ransomware continues its relentless dominance, the emergence of AI-powered tactics and widespread supply chain compromises signals a new era of complex adversaries. Nation-state actors and organized cybercriminal groups are demonstrably leveraging advanced Tactics, Techniques, and Procedures (TTPs) and pushing the boundaries of traditional defenses. 

Key Highlights for H1 2025: 

• Ransomware prevalence: Increasing frequency and sophistication of ransomware campaigns. 

• Evolving phishing tactics: Use of AI for creating highly convincing phishing attacks. 

• Vulnerabilities Exploited: Exploitation of zero-day vulnerabilities and supply chain breaches. 

• Cloud-targeted threats: Rise in attacks targeting misconfigured or vulnerable cloud infrastructures. 

The Evolution of Cyber Adversity 

H1 2025 has been characterized by several critical threat trends that demand a granular understanding and strategic response: 

Ransomware’s Relentless Evolution 

The ransomware threats “Down Under” doubled in the first six months of the year as compared to the previous year. Australia saw 57 ransomware attacks, whereas the Kiwi land further down south, registered seven attacks. 

The prevalence and sophistication of ransomware campaigns have escalated significantly. While Sarcoma and Safepay were the prominent active threat actors in the region for the first quarter, Akira, Lynx, and INC Ransom actors dominated the region in the second half. 

In New Zealand, the DragonForce actor was a force to reckon with, as many as 33% of the attacks were attributed to this actor. 

Also, while Akira concentrated on the targeting of the Manufacturing sector, Healthcare remained the primary target, followed by Construction and Professional Services. 

Groups like Akira and Qilin are not just encrypting data; they are executing highly effective double extortion attacks. This elevates the risk from operational disruption to severe reputational damage, regulatory non-compliance, and substantial financial penalties. 

Average ransom demands in ANZ-specific cases now exceed USD $750,000, highlighting the direct financial impact on targeted enterprises, particularly in healthcare, financial services, and SMEs. The ROI on robust ransomware preparedness has never been clearer. 

AI-Powered Phishing: A New Frontier in Social Engineering 

Phishing tactics have undergone a radical transformation with the integration of Artificial Intelligence. Adversaries are now capable of generating highly convincing, tailored messages that are adept at bypassing conventional detection systems.  

We’re observing sophisticated impersonations of government entities for tax and regulatory scams, alongside highly targeted spear-phishing campaigns against C-suite executives aimed at deep account compromise. The exploitation of collaboration tools (e.g., Slack, Teams) for chat-based phishing, where attackers impersonate internal employees, presents a severe insider threat vector. This necessitates a profound shift in security awareness training, moving beyond generic campaigns to AI-aware, dynamic simulations. 

Key Trends Observed 

• Impersonation of Government Entities: Targeting individuals and SMEs with tax and regulatory scams. 

• Spear-Phishing: High-value targets (CEOs, C-suite executives) faced tailored attacks aimed at account compromise. 

• Use of Chat-Based Phishing: Exploiting collaboration tools (Slack, Teams) to impersonate internal employees. 

The Pervasive Threat of Supply Chain Compromise 

IT and software supply chain incidents have been trending higher in recent months, as threat actors have become more adept at exploiting the interconnected hardware, software, and services that comprise modern IT environments. 

An analysis of Cyble data reveals that software supply chain attacks have increased from an average of just under 13 a month during 2024 to just over 16 a month in the first half of the year, an increase of 25%. 

The last two months have averaged nearly 25 cyberattacks with supply chain impact, which would represent a near-doubling of supply chain attacks if the recent trend continues. 

However, monthly variations in supply chain attacks tend to be quite large, ranging from a low of 6 attacks in January 2025 to a high of 31 attacks in April 2025, so some variability should be expected even as supply chain attacks generally trend higher. 

Supply chain attack data is sourced from Cyble investigations and OSINT sources. The data is, by its nature incomplete, as not every cyberattack or its source is always known. 

Looking at the 79 cyberattacks with supply chain implications documented by Cyble in the first half of 2025, the majority (50, or 63%) directly targeted IT, technology, and telecommunications companies, which are rich potential targets for threat actors hoping to exploit downstream users. 

Damage from a single successful exploit in those areas can be widespread, as happened with the hundreds of CL0P ransomware victims from a single vulnerability. Supply chain attacks have hit 22 of the 24 sectors tracked by Cyble. Only the Mining and Real Estate industries have been untouched. 

Cloud Infrastructure Under Siege 

Our increasing reliance on cloud platforms has, predictably, opened new attack vectors. Misconfigured permissions, exposed databases, and unpatched services are frequently exploited entry points. Cyble’s ODIN vulnerability search tool recently detected more than 200 billion exposed files in cloud buckets across seven major cloud providers. 

Another notable trend is the surge in crypto-mining malware leveraging hijacked cloud resources, indicating not just resource drain but also a critical compromise of core infrastructure. Cloud security postures require continuous monitoring, stringent access controls, and automated configuration reviews. 

The Emerging Horizon of Threats 

Beyond the dominant trends, the first half of 2025 has brought several nascent but potent threats to the forefront: 

• Advanced AI-Powered Cybercrime: The automation of exploit code generation, malware variant development, and phishing kit creation through AI will significantly lower the barrier to entry for cybercriminals and accelerate attack cycles. 

• Deepfake Technology in BEC: The use of deepfake audio and potentially video in Business Email Compromise (BEC) attacks adds a terrifying layer of authenticity, making traditional verification protocols obsolete and raising the stakes for financial fraud. 

• Zero-Day Exploitation: High-profile incidents involving previously unknown vulnerabilities in widely used software suites (e.g., VPNs, collaboration tools) underscore the need for advanced threat intelligence and rapid patch management capabilities. 

Strategic Imperatives for 2025 and Beyond 

In this escalating threat landscape, CISOs must champion proactive and integrated strategies: 

• Elevate Ransomware Preparedness to a Board-Level Priority: Beyond robust backup and disaster recovery plans, enforce stringent network segmentation and deploy advanced Endpoint Detection and Response (EDR) systems. This is not just about recovery; it’s about minimizing the attack surface and containing breaches rapidly. 

• Revolutionize Human-Centric Awareness: Traditional training is insufficient. Implement dynamic, AI-aware phishing simulations and continuous education programs that reflect evolving social engineering tactics. Empower employees to be the first line of defense. 

• Harden Supply Chain Risk Management: Conduct exhaustive cyber hygiene vetting of all third-party vendors. Crucially, embed robust security compliance clauses into all contractual agreements and ensure regular audits. The weakest link in your supply chain is the weakest link in your security. 

• Fortify Cloud Security Posture: Mandate proper access controls, rigorous patch management, and continuous security monitoring for all cloud environments. Regular, automated configuration reviews are no longer optional but essential. 

• Master Incident Readiness and Response: Engage in frequent tabletop exercises simulating complex ransomware or supply chain attacks. Develop and continuously refine comprehensive Incident Response (IR) plans that are customized for your organization’s unique threat profile and critical sectors. Speed and precision in response are paramount to mitigating damage and accelerating recovery. 

Enterprise Resilience Needed of the Hour 

The ANZ region faces a volatile and rapidly expanding cyber threat landscape. This demands heightened vigilance, strategic foresight, and unwavering commitment from CISOs and leadership teams. As adversaries continuously refine their TTPs, organizations must prioritize enterprise-wide cybersecurity awareness, invest judiciously in advanced security technologies, and actively engage in collaboration with threat intelligence partners.  

The focus must shift from reactive defense to proactive resilience and robust incident response preparedness. The economic stability and national security of the ANZ region depend on the collective ability to navigate and mitigate these evolving cyber challenges effectively.