PM hints at attack
The Prime Minister gave a vague address about cyber-security threats last week, and now experts have fleshed out his message.
Prime Minister Scott Morrison outlined concerns that a wide range of industries are currently being targeted by a sophisticated, yet unnamed, state-based cyber actor. But he said the attacks are not new, and having been going on for some months.
“We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting and the tradecraft used,” Mr Morrison said.
“This activity is targeting Australian organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers, and operators of other critical infrastructure.”
He gave no details on the type of attack he was referring to, nor any sign that he knew the source of the attacks.
Instead, he said his “objective is to raise awareness of these specific risks and targeted activities”, despite the lack of specific or targeted information.
The announcement was backed by a warning for all Australian organisations to patch their internet facing devices promptly, ensure the use of multifactor authentication to secure internet-accessible infrastructure, and become an Australian Cyber Security Centre (ACSC) partner.
Australian government services in particular have a long and detailed history of cyber-failure.
From the AEC to MyHealth, Parliament itself and the APS, many have raised concerns about Australia's cyber resilience, and its security regime that has been described as being of a “low level of maturity”.
Professor Ryan Ko, director of UQ Cyber Security, has helped decode a detailed ACSC report that accompanied the PM’s announcement.
“As mentioned in the ACSC Advisory; ‘The actor was identified making use of compromised legitimate Australian web sites as command and control servers’, and ‘This technique rendered geo-blocking ineffective and added legitimacy to malicious network traffic during investigations’,” Dr Ko said.
“This means that since the attacker was able to use the infected organisation’s own computers as a listening, observing or reconnaissance base for intel or further threat possibilities.”
Professor Alana Maurushat, an expert in cybersecurity at Western Sydney University, says the recent rise in attacks may have been because the targets were distracted.
“In cybersecurity, cyber-attacks commonly occur when targets are otherwise more thoroughly engaged with dealing with emergencies or during public vacations,” she said.
“Attack targets are otherwise pre-occupied dealing with the crisis or holiday in hand when their guards are down, and expert staff and leaders are otherwise occupied with more pressing matters.
“This is a tactic as old as time. It comes as no surprise that a sophisticated 'state-based' sponsored cyber-warfare unit would be busily using this time to gain intelligence in its adversaries systems. And sometimes, cyber intelligence is also gathered within in the systems of its allies as well.”
Professor Richard Buckland - professor in cybercrime, cyberwar and cyberterror at UNSW – says that “for the public there is no need to panic”.
“So far there is no information suggesting a single crisis problem unfolding which needs an emergency response,” he said.
“The real lesson from the announcement is that Australian defences are too weak. The Government has been working quite seriously for a number of years to improve Australian Cyber capability – but so many organisations have been caught by this that it is clear that adoption of best practice and understanding of cyber risks at an organisational level is still seriously inadequate.”
But he warned that “staff need to be treated as cyber vulnerabilities”, as they are the targets of more precise, ‘spear-phishing’ attempts.
Cyber security lawyer Leah Mooney backs that point, saying “the last line of defence in an organisation’s cybersecurity is almost always its people”.
“Just as Australians are practising personal hygiene to reduce the spread of coronavirus, we need them to practice 'cyber hygiene' and become their own personal 'human firewall' in response to this latest cybersecurity threat,” she said.
“It is therefore crucial that individuals take personal responsibility for implementing best practice cybersecurity measures in their online environment.
“This may mean choosing strong passwords, the timely 'patching' of device software and refraining from clicking on links or attachments in unexpected communications. By practising good cyber hygiene, Australians can become a 'human firewall' against phishing and other scams.”
The Prime Minister said one state was likely behind the rise in attacks, but would not mention which. At a time of heightened tensions between Australia and China, experts say the gaps can be filled.
“The Prime Minister's video press release on this current attack is interesting in that it refers to, but does not name the country most likely to be behind the attack,” said Dr David Tuffley from Griffith University.
“The list of possibles is not controversial,” he said, citing China, Russia, North Korea and Iran.
Dr Richard Matthews from the University of Adelaide says there is reason behind the PM’s lack of specificity.
“We don't attribute attacks unless it is in our interest to do so. The Department of Foreign Affairs and Trade cyber Engagement strategy released in 2017 states as much,” he said.
“What we are seeing here today is an announcement from the Prime Minister which states we are under cyber-attack from nation state actors with no specifics. There is reason for this.
“The Prime Ministers statement is vague enough to remind us to reinforce our cyber hygiene but, specific enough to target diplomatic relations as a likely proportionate response to ongoing diplomatic affairs.
“Modern warfare has changed. We are unlikely to put boots on the ground. Instead, we send packets online and use other means to cause damage. It’s all part of a wider strategy called Grand Strategy or Hybrid Warfare.
“The Prime Minister's announcement today, is a proportionate response to remind those that would cause us harm that Australia is aware and we won’t stand idle.”