Cyber attacks a "call to arms"
Cybersecurity experts have reacted strongly to Prime Minister Scott Morrison’s revelation that Australia is facing a sustained cyber attack campaign from a malicious state-based actor.
LogMeIn’s VP for APAC and Japan, Lindsay Brown, said the key takeaway from the announcement is that cyber attacks from sophisticated state-based cyber actors are not a new development.
“Despite no announcement of major cyber attacks, the fact that malicious activities continue to warrant national leadership scrutiny is evidence that Australian organisations and individuals need to remain vigilant about their digital safety,” he said.
“Phishing remains a key culprit in these attacks, with spearfishing evolving to become almost undetectable to the untrained eye. Australians must rethink how they generate and store their passwords, and the most effective way to prevent stolen credentials is using a password manager like LastPass, which has several safety protocols built into its DNA.”
But SecureAuth’s Head of Growth for APJ, Michael Warnock, added that while the sheer scale of the current attack is not a surprise, it should serve as a “cybersecurity call to arms”, indicating that cyber warfare will be the next level of threat for both countries and businesses.
“There is industry angst that the federal government has yet to give cybersecurity the priority it has needed, particularly regarding the ongoing pressures placed across industries due to the COVID-19 pandemic,” he said.
“At a basic level, this attack reinforces the need for government and industry to continue to educate and enforce security protection including multifactor authentication and not see this as a simply set-and-forget measure.”
According to Macquarie Government’s Managing Director, Aidan Tudehope, the attack meanwhile shows the importance of all levels of government — as well as companies in all industries — adhering to the Australian Signals Directorate’s Essential Eight threat mitigation strategies.
“The Prime Minister’s warning paints a vivid picture of the constant and evolving threats to Australia’s cybersecurity from malicious state-based actor groups,” he said.
“Our economy has never been more dependent on cloud services and virtual communication and collaboration to live and to work, with many people working from home and accessing business systems remotely. At the same time, the economy has perhaps never been more vulnerable. With such economic uncertainty at the moment, businesses need to be acutely aware of the very real and increasing economic, reputational and relationship damage a cyber breach causes.”
Thycotic’s Chief Security Scientist and Advisory CISO, Joseph Carson, added that the government should consider establishing a Cyber Defence League modelled after the one Estonia implemented following a major attack in 2007.
But he also criticised the government for not releasing sufficient information about the attack.
“Using words such as ‘sophisticated’ without sufficient context, or ‘nation-state actors’ without evidence of attribution, reduces the confidence of the statements,” he said.
“It is critical to be clear on the cyber attacks: on what stage they are at and what companies should know in order to detect and protect against such attacks. If the attacks are indeed targeting both government and industry then we need to know more about what techniques are being used so we can all work together to respond effectively.”
Finally, Palo Alto Networks’ VP and Regional CSO, Sean Duca, said his company’s analysis suggests that the attacks show similarity in the code used to target Parliament House in February last year.
“The state-based cyber attack we have seen today is another example of a sophisticated attack that we have witnessed targeting organisations around the world,” he said.
Telstra is working with the Australian Cyber Security Centre and Services Australia on a pilot...
Service NSW has fallen victim to an email compromise attack, resulting in the theft of 738 GB of...
Councils must formulate a policy on the use of video analytics early on to ensure that compliance...