It has been reported that Australia is currently the target of a “sophisticated” cyber attack – and an unnamed foreign government is behind it. Scott Morrison, the country’s prime minister, says the attacks have targeted all levels of the government – as well as political organisations, essential service providers and operators of other critical infrastructure. “We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting,” he said at a news conference.
Information Security Buzz (aka ISBuzz News) is an independent resource that provides the experts comments, analysis and opinion on the latest Information Security news and topics
The technical details of the attack issued by the Australian Government point to China as a likely state actor. Although the techniques and vulnerabilities exploited are not new, the scale, sophistication and targeting are consistent with Chinese cyber-attacks against the Australian parliament, and other organisations and companies in many democratic countries.
Chinese state cyber-attacks of this type are not new but have progressed from large scale and low sophistication to high grade, carefully targeted attacks in recent years. China still harvests intellectual property from the private sector on an industrial scale, but the sophistication of its targeted attacks against states is increasingly alarming.
We need to collectively find ways of raising the cost of cyber-attacks by China and other states. That starts with calling them out but should lead to concerted economic and diplomatic sanctions.
Offensive cyber capabilities have niche uses but in general, the best responses to wholesale cyber-attacks of this kind will be economic and political sanctions. Although we need offensive cyber capabilities, investment in better cyber defenses, and cybersecurity across the economy is the top priority and always will be.
Nation state attacks are not uncommon and occur on a continuous basis so it’s interesting that this was highlighted by the Australian government.
There is a general belief that government networks and systems, of which there are thousands, with network the scale of a huge enterprise, are underfunded and less secure than private corporation systems. Nation state actors will hunt for anything which will give them a foothold across the full stack of a network.
The challenge for governments is trying to stay on top of the constant flow of new vulnerabilities that are discovered on a daily basis. When securing systems at such a large scale, continuous visibility is of paramount importance in order to detect and mitigate weakness in a timely manner. Continuous testing and vulnerability detection is also key. The days of annual, once-off pentesting just don’t scale to defend against industrial level hacking by nation states or large cybercrime groups.
The practice of stealing intellectual property in this way has been going on for a very long time. And this highly targeted phishing technique or ‘spear phishing’ is presenting itself as a huge risk to governments and companies across the board. Cybercriminals utilise information from social media profiles, even using advanced technology such as AI to improve the scale and fidelity of threats. This enables them to fine tune phishing emails to look more and more like the real thing, creating targeted, personal emails to trick even the savviest recipient into believing the correspondence is genuine.
In order to limit the impact of these attacks, the key focus should be on awareness. Employees need to understand the risks to business, why installing software updates, and clicking links within emails should be done with great care. However, this is not always possible, and enterprises will need to look beyond traditional solutions, investing in proven next generation threat intelligence offerings coupled with email filtering to help remove these lures from inboxes.
The potential impact of an attack on critical national infrastructure should not be understated. As smart buildings, cities and the Internet of Things become more common, vulnerabilities are growing, and state sponsored attackers are on the lookout for ways in. The lines between cyber and physical are blurring and this raises the stakes for all involved – increasing the likelihood of unintentional escalations and further complicating international relations. With such prospects, it is now the time to supercharge the cyber defense of the world’s critical digital infrastructure with advanced technologies. This will ensure that nations are resilient and can prevent data breaches or system compromise once attackers are inside – both at machine-speed and in real time.
There will undoubtedly be more information coming out in the coming days and weeks as to the specifics of the attackers. The ACSC advisory indicated that the attackers tried to compromise public-facing software, and where that wasn\’t possible they reverted to spearphishing. While protective actions include advising organisations to patch systems and deploy MFA, it\’s surprising to see they didn\’t also recommend user awareness and training, which is a key component of a layered strategy in defending against spearphishing and other social engineering attacks.
We can expect to see more brazen attacks by groups against government and private organisations, and a comprehensive and layered cybersecurity strategy is vital to ensuring the ongoing security.