Comment from Australia-based cyber expert on attacks targeting Aus government
You’ll likely have seen the news this morning that Australia’s government and institutions are being targeted by ongoing sophisticated state-based cyber hacks. Nick Savvides, Director of Strategic Business at Forcepoint:
“The address by Australia’s Prime Minister and Defence Minister is a timely reminder that cyber-security is a serious issue and affects every aspect of Australian life. Everybody has a role to play in keeping us safe from cyber-security threats.
Sophisticated threat actors, state-based threat actors, have significant capabilities, and do not rest in their efforts to gain footholds into our systems, applications and data. It is important that governments, businesses and individuals take cyber-security remain vigilant and continue to improve their cyber-security practices.
We have entered a new era of business and government, where cyber-attacks pose an existential threat to business and can cripple the machinery of government.
The address acts also as a signal to the threat actors responsible that the government and some in the private sector are aware of the attacks, interestingly two specific controls, patching internet facing systems (protecting the edge of networks), enforcing multifactor authentication for users (protecting the users), were specifically called out by the Defence Minister. This indicates that attackers likely operated sophisticated targeted phishing campaigns to capture usernames and passwords from victims and were possibly in possession of 0-day vulnerabilities against systems or used older vulnerabilities on systems that are difficult to patch.
While Australia across has significant capabilities in cyber-security and an active cyber-security community, unfortunately not all organisations are at the same level, with many organisations simply not having right capabilities. We are also struggling with a skills shortage, with unfilled cyber-security roles in every sector, that means many of the skills end up in the top end of town and large departments, leaving small and medium business and government agencies exposed.”