26 Jun Australia’s Cyber Threat Landscape
Background information / Scenario
Last week, Scott Morrison, Prime Minister of Australia, stood beside Minister for Defence, Senator the Hon Linda Reynolds CSC and announced that all levels of the Australian government, critical infrastructure and the private sector were being targeted by a sophisticated state-based hacker.[1]
Mr Morrison said that while it did not appear there had been any large-scale breaches of personal information, the attacks were malicious.
Former National Cyber Security adviser, Alistair MacGibbon, said the purpose of the attacks was more than likely for strategy purposes and to steal Australia’s intellectual property[2].
Organisations, particularly those in the health, critical infrastructure and essential services have been asked to take expert advice and implement technical defences to thwart the malicious cyber activity.
Main issues
A state-based actor refers to a person or group acting on behalf of a government or government body. How can organisations respond against the disproportional scale of a state adversary?
Understanding why you are under attack is an important starting point – what are the means, motive and opportunity driving the adversary to your organisation? Perhaps you have valuable intellectual property, or a wealth of confidential and personal information? Perhaps you have an old operating system or unpatched applications?
The Australian National University (ANU) attack[3] in late 2018, “came down to a single email”. Without anyone clicking on a link, a massive cyber attack of unprecedented sophistication gained access to private information of potentially high-ranking officials across the globe. For weeks, hackers trawled through the ANU computers and it was months before ANU were aware of the intrusion.
Whatever your assets or the motive of the attacker, law and business imperatives require that you protect and handle information and information systems, including hardware, software and networks appropriately. Aside from legal compliance and risk in relation to the industry sector in which you operate, director duties apply in terms of which you may be held personally responsible for a failure in diligence and care.
Since the release of the 2016 Cyber Security Strategy,[4] the cyber threat landscape has shifted and evolved dramatically. The magnitude of the threats faced by Australian businesses and families has increased. They will become more acute as our society and economy become increasingly connected. As the threat evolves, so too must our response.[5]
The starting point is to become aware of the threat and follow the advice provided by the government.
In support of this undertaking, the Australian Signals Directorate yesterday launched its new website www.cyber.gov.au, which has been enhanced to help Australians access essential cyber security information and advice quickly and easily.
Begin with the most recent advisory: Advisory 2020-008: Copy-Paste Compromises – tactics, techniques and procedures used to target multiple Australian networks Version: W1, Last Updated: 18 June 2020.
This advisory, details the tactics, techniques and procedures (TTPs) identified during the Australian Cyber Security Centre’s (ACSC) investigation of a cyber campaign targeting Australian networks. These TTPs are captured in the frame of tactics and techniques outlined in the MITRE ATT&CK®[6] framework, a globally-accessible knowledge base of adversary tactics and techniques based on real-world observations.
Practical actions/implications
Government action, while laudable, is not enough. Cyber security is a shared responsibility and it’s vital we work together to protect Australia’s national security, economic and shareholder interests. We must be alert to threats and take steps to protect our own networks.
There are simple steps you can take without investing hundreds of thousands of dollars on security.
Firstly, know your obligations. Understand the laws that apply as many are prescriptive on how to handle information.
Fear of change is no excuse. Even if you are not among the recent target sectors, begin by reviewing the PRE-ATT&CK Tactics and the PRE-ATT&CK Techniques against your information, assets and business processes to prepare for tomorrow. Run Playbook scenarios to identify areas needing attention and get expert technical and legal advice to implement defences and improve resilience.
As the Prime Minister emphasised: the attacks haven’t just started, they are ongoing and a constant threat to Australia.
Author: Helaine Leggat Attorney at Law, CISSP, CISM, CIPP, CIPT, FIP, GAICD
[1] https://www.abc.net.au/news/2020-06-19/foreign-cyber-hack-targets-australian-government-and-business/12372470
[2] https://www.canberratimes.com.au/story/6800417/former-cyber-boss-hits-out-at-attacker/?cs=14350#gsc.tab=0
[3] https://www.abc.net.au/news/2019-10-02/the-sophisticated-anu-hack-that-compromised-private-details/11566540
[4] https://www.homeaffairs.gov.au/reports-and-publications/submissions-and-discussion-papers/cyber-security-strategy-2020
[5] https://www.cyber.gov.au/acsc/large-organisations-and-infrastructure/critical-infrastructure
