Criminal gangs are using digital coins as their currency and cyberattacks as a potent weapon, and Australians are being warned to protect themselves.
Australia's financial intelligence agency released two new guides on Thursday to help businesses deal with ransomware attacks and spot the criminal use of cryptocurrencies.
Lenders should report any suspicions that digital currencies are being used for money laundering, financing terrorism, cashing in on scams, or to pay ransoms, Australian Transaction Reports and Analysis Centre chief executive Nicole Rose says.
Officials are trying to keep up with an increased threat from Russian-linked hackers and rapid change in the digital economy. Criminals are taking advantage of the increasing take-up of cryptocurrencies to commit crimes and hide from law enforcement.
Advice has been issued jointly with Australia's Five Eyes intelligence partners - the United States, United Kingdom, Canada and New Zealand - to tighten up cybersecurity to fend off Russian cyberattacks against critical infrastructure such as power grids and hospitals.
Australia's prudential regulator also released guidance on Thursday, requiring banks and insurers to better understand risks associated with crypto-assets.
As well as being highly volatile and presenting a material risk as crypto exposure increases, there are investment and credit risks to consider, Australian Prudential Regulation Authority chair Wayne Byres warns.
Operational risks are "particularly important" to manage, and he recommends robust cybersecurity, providing proper advice on new products, and complying with anti-money laundering and counter-terrorism financing rules.
Custody arrangements, outsourcing to technology companies, and managing the minting, issuance and burning of any coins are also of concern.
Digital currencies are being used for schemes including romance, investment, and job scams. Scamwatch received more than 10,000 reports last year, with losses of almost $130 million.
Australians, mostly men, lost $95 million to scams in March 2022 alone - the greatest monthly amount on record.
Mobile app scams were the leading method of losing money last month and men aged 25 to 34 were the most likely to hand over personal and banking information, according to cyber experts at Proofpoint.
Company emails are another weakness, where fraudulent messages known phishing are used to get private information or deploy bugs to infect networks.
Crispin Kerr, vice-president at Proofpoint, said cryptocurrency provided another avenue for criminals to exploit Australians.
"Cybercriminals have become more sophisticated, even setting up fake cryptocurrency exchange platforms to carry out crypto-jacking, tricking people into using their computers and mobile devices to mine cryptocurrency against the users' will," he said.
Blockchain Australia CEO Steve Vallas said businesses need greater awareness of risks, and help to protect against ransomware.
Some 500 ransomware attacks were reported in the 2020/21, up nearly 15 per cent on the year before.
Ransomware attacks use malicious software, or malware, that locks out computer users. Payments are demanded in exchange for restoring access to data and systems, increasingly in cryptocurrencies because they are harder to track.
Defence Minister Peter Dutton has identified Russia-aligned Conti as the most active ransomware operator in Australia.