Australian organisations are being targeted by a ‘sophisticated state-based cyber actor’, the Australian Prime Minister Scott Morrison has said. In a statement today he said: “This activity is targeting Australian organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers, and operators of other critical infrastructure. We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting and the tradecraft used.”
It’s not new, he added, ‘but the frequency has been increasing’, and he spoke of the need for ‘constant persistence and application’ to counter such attacks.
Visit www.cyber.gov.au. The Australian Cyber Security Centre (ACSC) and the Department of Home Affairs has published a more detailed technical advisory with advice for Australian businesses.
While neither the PM nor the advisory has suggested where the attacks are coming from, the advisory does ask computer users to do two things to protect themselves: ‘prompt patching of internet-facing software, operating systems and devices’, and ‘use of multi-factor authentication across all remote access services’. The PM in replying to questions did stress that ‘the Australian Government is not making any public attribution’ but did narrow attribution down to ‘there are not a large number of state-based actors that can engage in this type of activity’.
More details of the official statement in Canberra at the pm.gov.au website.
As Scott Morrison said in a press conference, there has been ‘similar activity across a broad base in many other jurisdictions around the world’. In the UK the official National Cyber Security Centre (NCSC), part of GCHQ, in May for example warned of targeting of organisations involved in national and international COVID-19 responses: visit www.ncsc.gov.uk.
Comments
Tim Wellsmore, Mandiant Government Solutions, Asia Pacific, said: “The Australian Prime Minister and Minister for Defence do not undertake these sort of briefings lightly, and the consistent message from them was that this was state sponsored activity which raises the national security focus of the announcement.”
Sam Curry, chief security officer at Cybereason, said: “Foreign actors are regularly testing the resiliency of networks in both the public and private sector and this is nothing new to Australia. How they respond is important and they are likely prepared. Australia, the United States and other democratic nations may not be facing a traditional enemy with guns and tanks on the battlefield, but they are constantly fighting a host of adversaries in the digital space. Unless we work with our international allies and devise a better strategy to confront this threat, it is far from certain that we will emerge victorious.”
And Scott McKinnel, Country Manager Australia and New Zealand, Tenable said that as a first step, organisations need to practice cyber hygiene: “Many breaches and attacks are accomplished by failing to do the basics – regardless of who the attacker is. The vast majority of breaches and attacks today are the result of known but unpatched vulnerabilities. Threat actors don’t need to develop or pay for zero-day flaws in software. They can simply leverage publicly available exploit code for vulnerabilities that have patches available, honing in on a window of opportunity where organisations have yet to apply these patches. “Now more than ever, organisations need to have a strong understanding of their systems and determine where they’re vulnerable.”
