Friday, 19 June 2020

Cyber-attack Australia: sophisticated attacks from ‘state-based actor’, PM says


Morrison reveals malicious 

'state-based' cyber attack on 

governments, industry


SMH,
19 June, 2020

Australian governments and industry are being targeted by major cyber attacks that could put pressure on critical infrastructure and public services, with China understood to be a likely source of the threat.

Prime Minister Scott Morrison revealed the "malicious" attacks on Friday morning after briefing state premiers as well as Labor leader Anthony Albanese on Thursday night, saying the threat showed a level of sophistication that could only come from a state-based actor.

"Based on advice provided to me by our cyber experts, Australian organisations are currently being targeted by a sophisticated state-based cyber actor," Mr Morrison said.

"This act is targeting Australian organisations across a range of sectors including all levels of government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure."

Asked whether the attack came from China, Mr Morrison did not name the foreign state but emphasised the level of sophistication of the intrusion

"What I can confirm, with confidence, based on the advice, the technical advice that we have received, is that this is the action of a state-based actor with significant capabilities," he said.

"There aren't too many state-based actors who have those capabilities."

Mr Morrison raised the attacks with United Kingdom Prime Minister Boris Johnson on Thursday night and also sought co-operation from Australia's Five Eyes intelligence partners, the United States, Canada, New Zealand as well as the UK.

Others who were aware of the attacks named China as a likely source. Government sources say the attack bore many similarities to a cyber attack on Parliament House's computer system in February 2019, which security agencies attributed to China.

While Mr Morrison called the Friday morning press conference to warn about the problem, his office later said there was no specific incident this week and that the concerns were about a growing trend over recent months.

Mr Morrison used a prepared statement to say that Australian governments and businesses were "currently being targeted" but this was a reference to the broader trend.

The Australian Signals Directorate said it was aware of the "sustained targeting of Australian governments and companies by a sophisticated state-based actor".

It said links to fake websites designed to steal users' details, links to malicious files, and use of email tracking services to identify when users were opening emails were being used by the sophisticated actor.

"The actor has been identified leveraging a number of initial access vectors, with the most prevalent being the exploitation of public-facing infrastructure," the intelligence organisation said.
The Australian Cyber Security Centre was working with the organisations subject to the malicious cyber attack.

The ACSC named "copy-paste compromises" as part of the state-based actor's "heavy use of proof-of-concept exploit code, web shells and other tools" to enable the attacks.

Defence Minister Linda Reynolds said companies should "patch" their internet-facing devices promptly to make sure any web or email servers are fully updated with the latest software and ensure they used multi-factor authentication to secure any internet access.

The government has seen an increase in threat activity in recent months in a trend that has overlapped with Australia's tensions with the Chinese government over an investigation into the source of the COVID-19 virus in the Chinese city of Wuhan.

Former National Cyber Security Adviser Alastair MacGibbon said the threat was "likely a campaign by a sophisticated state-based actor" and part of a wider trend.
"It is an affront to our national interest and sovereignty that such events occur," said Mr MacGibbon, who is now chief strategy officer at CyberCX after a long career in public policy including as head of the ACSC.

"And that's why the Prime Minister has stood up to make a statement."

The US Department of Homeland Security and the FBI warned last month that hackers based in China were using cyber attacks and "cyberthefts" to steal intellectual property in the field of vaccines and healthcare.

INFORMATION SECURITY

'Cyber crisis' deepens at Lion as second attack bites beer giant
The US warning was followed by an Australian alert from the ACSC within days telling critical infrastructure providers to do more to protect themselves from cyber attack when key staff were working remotely during the COVID-19 pandemic.

Federal Parliament revealed in February last year that malware had made its way into the parliamentary computer network via several politicians' computers.

Sources last year said Chinese spies were the prime suspects in the unprecedented hack that may have exposed information about voters and private data of MPs ahead of the federal election.

Mr Morrison said the recent cyber attacks on Australia-based beverage giant Lion were not related to the malicious activity announced on Friday morning.


ABC coverage



No comments:

Post a Comment

Note: only a member of this blog may post a comment.