Australia under cyberattack: is the world facing a cyber pandemic?
Australia is once again under attack. This time, it has nothing to do with COVID-19. This time it is to do with a different type of malicious pandemic: a cyber pandemic.
Just a couple of weeks ago, Dan Lohrmann wrote for US magazine, Government Technology, “While the majority of people were focused this past week on peaceful protests against police brutality and the death of George Floyd, or rioting in some cities, or the surprisingly positive jobs numbers and stock market performance (not in Australia – ed), several well-respected leaders and groups are now predicting that a “cyber pandemic” is coming soon.”
The Australian government has reason to agree with that assumption. On Friday 19 June, Prime Minister Scott Morrison revealed all levels of Australian government, critical infrastructure and the private sector are being targeted in a "sophisticated state-based" cyberattack.
The attack is being carried out by a "a sophisticated state-based cyber actor".
Large scale attacks have been carried out and are increasing in frequency.
"This activity is targeting Australian organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers, and operators of other critical infrastructure," Mr Morrison said.
"What I simply can confirm is there are not a large number of state-based actors that can engage in this type of activity, and it is clear based on the advice that we have received that this has been done by a state-based actor," Mr Morrison said.
"With very, very significant capabilities."
Given Australia’s strained relations with China, many are assuming China to be the state-based actor although Mr Morrison is refusing to point the finger.
"I can't control what speculation others might engage in on this issue or, frankly, any other. I have simply laid out the facts as we know them and as we have disclosed today."
However, he did say "There aren't too many state-based actors who have those capabilities."
So far, the motivations behind the attack are unclear, but the government’s priority in this instance is to keep Australia’s infrastructure and businesses safe.
The government has already thwarted several cyberattacks, with Morrison saying that Australia is working with the best agencies in the world to negate these attacks.
"I can confirm that they have thwarted many, but this is a very complex area and it requires constant persistence and application and that's what they're doing.
"We know what is going on. We're on it but it is a day-to-day task that we're applied to and we will continue to do that to keep Australians safe."
China, Russia and Iran are the usual suspects when it comes to states being suspected of sponsoring cyber operations.
The deterioration of relations between China and Australia following Australia’s call for an inquest into the origins of coronavirus do point to China, but this is mere speculation.
No matter who is responsible, the attack is a wake-up call for all Australians, particularly organisations, to up their cybersecurity game. You may also seek out a cybersecurity product provider and advisory service such as WhiteHawk (ASX:WHK), which provides an online security exchange and works with government departments such as the US Department of Homeland Security as well as small businesses.
Defence Minister Linda Reynolds has urged all Australian organisations to be prepared.
“There is no doubt that malicious cyber activity is increasing in frequency, scale, in sophistication and in its impact,” she said.
“This activity harms Australia’s national security and also our economic interests.”
Reynolds outlined three steps all Australians should take to protect themselves and their businesses.
- Patch your internet facing devices promptly to ensure any web or email server is fully updated with the latest software.
- Use multi-factor authentication to secure your internet access infrastructure and your cloud-based platforms.
- Become an Australia Cyber Security Centre (ACSC) partner to ensure you get the latest cyber threat advice, to protect your organisation online.
On Friday, the Australian Cyber Security Centre and the Department of Home Affairs updated its technical advice, which outlines the steps to detect and mitigate such threats. It is available at cyber.gov.au.