What Happens to Cybercrime When the World Goes to War?
From hacktivism to attacks on critical infrastructure, global conflict is accelerating cyber threats—here’s what it means for Australian organisations.
What happens to cybercrime when the world goes to war?
Inflation woes? Petrol shortages? Impacted supply chains?
For countries caught up in (or causing) geopolitical tension, those are just the warm-ups to what will inevitably follow: A virtual flood of online reprisals from hacktivists and politically motivated cyber actors targeting essential industries and services.
How much of a flood?
Cybercrime has already skyrocketed 245%since the start of the Iran war, with banking and critical infrastructure being primary targets.
Words of warning from the wise
The Australian Signals Directorate wasted no time when, in early March, they reissued their advisory on cyber hygiene for organisations. First published in July last year, the article urged readers to: Consider your cyber hygiene in light of global events.
Recommending that organisations continue to review their current cyber security posture and maintain sufficient monitoring for cyber threats, ASD calls out a range of areas requiring extra diligence, including reviewing and enhancing detection, mitigation, and response measures.
They’re not alone in sounding the alarm, with several major cybersecurity vendors likewise issuing intelligence briefs in light of the war in Iran. Adam Meyers, senior VP of counter-adversary operations at CrowdStrike, announcedthat "CrowdStrike is already seeing activity consistent with Iranian-aligned threat actors and hacktivist groups conducting reconnaissance and initiating DDoS attacks."
The World Economic Forum already predicts that the impacts of the Iran conflict will extend far beyond the regions directly involved. They expect to see more cyberattacks against European infrastructure and an increase in online fraud, exploiting the flurry of online information circulating about the conflict.
In its Global Cybersecurity Outlook 2026, the World Economic Forum highlighted the significant impact that geopolitical risk has on cybersecurity, reporting that “64% of organisations are accounting for geopolitically motivated cyberattacks such as disruption of critical infrastructure, sabotage or espionage.”
Cyber warfare, the emerging vehicle of chaos
Over the last few decades, major cyberwar incidents have shifted from simple website defacement to destructive, malware-based attacks targeting critical infrastructure and military communications.
Most recently, the Russia-Ukraine war (2022 onwards) has seen Russia launch ongoing destructive cyberattacks within Ukraine. They’ve combined network penetration and information operations aimed at public perception.
But even before this, Pro-Russian cyber groups targeted the Ukrainian military and government communications from 2013 to 2014 as Russia invaded and annexed the Crimean Peninsula from Ukraine. The attacks successfully disrupted Ukraine’s telecom infrastructure and leaked stolen data to support information operations.
As for right now? Well, Iran is no stranger to using cyberattacks to deliver cyber chaos to its enemies.
Most recently, Pro-Iranian hackers claimed responsibility for a significant retaliatory cyberattack against Stryker, a US medical device company, in response to US airstrikes that killed Iranian schoolchildren. According to PBS News, since 28 February, hackers have attempted to penetrate cameras in Middle Eastern countries to improve Iran's missile targeting, and targeted data centres in the region, industrial facilities in Israel, a school in Saudi Arabia and an airport in Kuwait.
Should you be worried?
Multiple American regulators are warning their financial institutions in particular about increased cybersecurity risks. To quote PBS News, “…experts say Iranian hackers and their allies will aim for quick victories by targeting the weakest links in American cybersecurity.”
So, does this mean that, with the focus firmly on the US, Australian businesses and organisations are safe from attack?
Yes, and no.
The yes answer: According to ACSC, as of March 4, 2026, “There is almost certainly a heightened risk of indirect cyber threat for those organisations and entities who have a presence, or supply chains, in the Middle East.”
The no answer: However, ACSC also counterbalance the above statement with “there is no evidence of a specific increase in cyber threats directed at Australia.” And if that’s so, long may that train of non-evidence last.
But as do we, they recommend caution against complacency. Along with fuel, crystal balls are in short supply – so an excess of diligence, in tandem with revisiting your current cybersecurity measures, is the most sensible next step.
A key point to remember is that Australia's concentration of critical infrastructure and high-value data makes us a prime target – in times of both war and peace. We are not just part of the global risk landscape; we’re a leading target for sophisticated threat actors and are often used as a testbed for new AI-powered attack techniques.
(More reading: A Baidam Executive Briefing: The 5 Key Pillars to Protecting Australian Enterprises Against Third Party Supply Chain Attacks.)
What’s in your cybersecurity arsenal?
Any arsenal of cybersecurity tools and strategies starts with ASD’s Essential Eight.
The Essential Eight continues to serve as a sound foundation for Australian organisations, government agencies, and businesses to improve their security postures across the board.
Then comes the review of your capabilities and capacity to respond to and remediate the impact of cyberattacks. Popular cyber warfare attack tactics (used by Pro-Iranian, Russian, and Israeli cyber groups and agencies, to name a few) include:
DDoS attacks
Spear phishing
Advanced Persistent Threats (APTs)
Supply chain attacks
Zero-day exploits
Keyloggers & RATs (Remote Access Trojans)
PowerShell and script abuse
Proxy tools
Credential theft
Keylogger components
Wiper malware
Ransomware
Logic bombs
ICS/SCADA attacks
Browser credential theft
DLL sideloading
Tunnelling tools
Scheduled task persistence
Remote access tool abuse
Active Directory reconnaissance
Destructive boot tampering
Our advice: Go on the offensive
While we may be subject to the fallout from geopolitical tensions beyond our control, we are still responsible for ensuring that our organisation, people, and services can survive.
Like that storm that may never come, it’s the commitment to “just in case” preparation that makes the difference in a fight for survival.
Here at Baidam, our recommended survival tactics include:
Elevate: Essential Eight review and further alignment
Stay aware: Sign up for ASD’s alert and advisories service and any other relevant threat intelligence feeds
Be vigilant: Increase SOC coverage, ramp up monitoring
Review: Scan for vulnerabilitiesand check SaaS based permissions
Toughen up: Harden your identity and access controls
Remediate: Patch, harden and reduce your attack surface
Validate: Test out your backup and recovery readiness
Engage: Work with a trusted partnerwho is invested in your future
What next?
We believe that cybersecurity isn't about defeating attackers. It's about making sure your defenses are so robust that they move on to the next target.
Targets and types of attacks
Prime wartime targets for cyberattacks include government, critical infrastructure, defence, financial services, academic and media sectors. What are the main objectives of these attacks? To create doubt, confusion, disruption, and despair.
Wartime cyberattacks can be divided into three types:
Information warfare: This is where cyberattacks are used extensively to spread disinformation to the targeted population, silence opposition, and create confusion.
Targeting critical infrastructure: These attacks usually aim to disrupt power, finance, and logistics.
Hybrid tactics: Countries at war are increasingly leveraging kinetic deployment and digital intrusion simultaneously to maximise mission impact.