The Federal Government is responding to a cyber threat targeting Australian governments and companies across a range of sectors.
Prime Minister Scott Morrison announced on Friday 19 June that, based on the advice provided by the Federal Government’s cyber experts, a “sophisticated state-based cyber actor” was targeting Australian organisations.
“This activity is targeting Australian organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure,” Mr Morrison said.
“We know it’s a sophisticated state-based cyber actor because of the scale and nature of the targeting and the tradecraft used.
“The Federal Government is aware of an alert to the threat of cyber attacks.”
The Australian Cyber Security Centre (ACSC), which advises the Federal Government on cyber matters, has published a range of technical advisory notices in recent times to alert about potential targets and has been briefing states and territories on risks and mitigations.
The ACSC has also been actively working with targeted organisations to ensure that they have appropriate technical mitigations in place and their defences are appropriately raised.
“Regrettably, this activity is not new. But the frequency has been increasing,” Mr Morrison said, adding that these were “specific risks” associated with targeted activities.
“Thanks to the cooperation between the affected entities, the Australian Cyber Security Service and a range of private cyber security providers, we have been working together to thwart this activity.”
New cyber security strategy to be released
Mr Morrison urged Australian individuals and organisations – especially organisations in critical infrastructure and essential services – to take action to protect themselves against cyber threats.
“The Government’s 2016 Cyber Security Strategy, backed a $230 million investment over four years, has strengthened Australia’s cyber security foundations and stimulated private sector investment in cyber security and positioned Australia as a regional cyber security leader,” he said.
Mr Morrison said the Federal Government would release a new cyber security strategy in the coming months, and that will include significant further investments.
It has also invested a further $156 million to build cyber resilience and expand the cyber workforce, and provided additional funding for a whole of government cyber uplift programme.
“Cyber security is a whole of community effort. Government, industry and individuals. That is why we are raising this matter today, to raise awareness of this important issue and to encourage organisations, particularly those in the health, critical infrastructure and essential services, to take expert advice and implement technical defences to thwart this malicious cyber activity.”
The ACSC described the attacks as ‘copy-paste compromises’ because the attacker had heavily copied public proof-of-concept exploit code.
The Centre said the cyber actor had also shown an aptitude for identifying vulnerable services that were not well-known or maintained by victim organisations.
China denies responsibility for the attacks
While Mr Morrison declined to name which country was carrying out the attacks, the finger was swiftly pointed to China.
Australian Strategic Policy Institute (APSI) Executive Director, Peter Jennings, told SBS News that the likelihood of China being behind the attack was “95 per cent or more”.
A spokesperson for the Chinese Foreign Ministry, Zhao Lijian, denied the allegation.
“China is a staunch guardian of cyber security,” Mr Zhao said. “There is no factual basis to the attack and accusation made by this institute [ASPI].”
COVID has increased cyber risk to businesses: ISACA
New international cybersecurity research has revealed that 89 per cent of IT professionals believe COVID-19 has increased the risk of cyber attacks to businesses.
The research, conducted by the Information Systems Audit and Control Association (ISACA), showed that only 40 per cent of technology professionals and leaders in Australia were highly confident that their cybersecurity teams were ready to detect and respond to the rising cybersecurity attacks occurring during COVID-19.
89 per cent of respondents said the rapid transition to remote work had increased data protection and privacy risk.
Prior to COVID-19, 64 per cent of respondents in Australia believed their organisation’s cybersecurity teams were understaffed and 58 per cent said they currently had unfilled cybersecurity positions on their team.
26 per cent of respondents reported an increase in the number of attacks relative to this time in 2019, and 69 per cent of professionals believed that enterprises were failing to report cybercrimes, even in situations where they have a legal or contractual obligation to do so.
Former ISACA Board Director and Director of Information Security & IT Assurance at BRM Advisory, Jo Stewart-Rattray, said the attack announced on 19 June was “probably Australia’s biggest cyber attack”.
“ISACA’s research has found the risk has never been higher for a cyber attack, given the recent economic crises our country has endured,” Ms Stewart-Rattray said.
“As businesses and the Government prepares for the new normal, they must understand the risks and their cyber maturity in order to protect their data, assets and personal information.”