Australia’s Cyberspace Is Under Attack: Scott Morrison

Asia Blockchain Review
July 26, 2020

According to reports, the Federal Government of Australia believes that China is the nation behind ongoing cyber attacks on Australian institutions, including hospitals and state-owned utilities. Prime Minister Scott Morrison, has been quoted that Australian organizations are currently being targeted by a sophisticated foreign “state-based” hacker.

Senior sources have confirmed that China is the source of the attacks, although the PM has declined to formally name the country publicly. “This activity is targeting Australian organizations across a range of sectors, including all levels of government, industry, political organizations, education, health, essential service providers and operators of other critical infrastructure,” Mr Morrison said.

The Sydney Morning Herald has opined that the cyber attack campaign has been going on for months. They believe the campaign started after the previous Turnbull government decided to protect Australia from Beijing’s intrusions. Firstly, there was an introduction of laws against foreign interference in Australian democratic systems and secondly, the ban on Chinese telecoms equipment supplier Huawei from the 5G mobile phone network. As both of these measures took effect in 2018, what we are seeing now is a result of these actions. In April, after the Morrison government decided to call for an inquiry into Covid-19, Beijing stepped up the attacks.

According to the publication, the nature of attack is quite unique. Its a ‘wide and shallow’ approach that probes government, corporate, research, institutional and political systems. They are not attempting to destroy or disabling them. Also, the attacks are not designed to steal intellectual property or industrial secrets. Simple techniques such as phishing emails and invitations to click on fake links are also used. Therefore, the federal government is considering it a “mapping effort”, as sources have told SMH.

These intrusions are looking for connections and networks, ascertaining relationships between individuals in the political realm, the fusion of companies and bureaucracies and how decisions are being made is all being factored in.

The Australian Government’s Signals Directorate recently released an advisory on this topic. It’s campaign summary said that the Australian Government is currently aware of, and responding to, a sustained targeting of Australian governments and companies by a sophisticated state-based actor.

It states that the actor has shown the capability to quickly leverage public exploit proof-of-concepts to target networks of interest and regularly conducts reconnaissance of target networks looking for vulnerable services, potentially maintaining a list of public-facing services to quickly target following future vulnerability releases.

When the exploitation of public-facing infrastructure did not succeed, the ACSC has identified the actor utilising various spear-phishing techniques. This spear-phishing has taken the form of:

  • links to credential harvesting websites
  • emails with links to malicious files, or with the malicious file directly attached
  • links prompting users to grant Office 365 OAuth tokens to the actor
  • use of email tracking services to identify the email opening and lure click-through events.

They are recommending that all institutions in Australia practice prompt patching of internet facing software, operating systems and devices. Multi-factor authentication across all remote access services is also essential. This includes:

  • web and cloud-based email
  • collaboration platforms
  • virtual private network connections
  • remote desktop services.

Perhaps most worryingly, is that the Global IT Professional Association, ISACA, recently stated that only 40% of technology professionals and leaders in Australia were highly confident that their cybersecurity teams were ready to detect and respond to the rising cybersecurity attacks occurring during COVID-19.

Sources: ABC Australia, Sydney Morning Herald, Australian Government and ISACA

Follow Asia Blockchain Review on:

    Related Article
    Defending Truth with Blockchain – Eliminating Fake News
    The business of journalism is under attack and Blockchain can help regain trust between the publishe...

    August 10, 2020

    Mainstreaming Of Cryptocurrency Investments? An Exploration
    While the security and the regulation is well chronicled. The big question that needs to be answered...

    August 10, 2020

    The 5G Pandora Box: An Ultimate Kingmaker
    Unlike WWII which had sheer military might as its focal point, digital technologies such as 5G would...

    August 9, 2020

    Cyber Attacks In India Surge In Post Border Face Off
    The clashes between Indian and Chinese troops at Galwan valley that took the lives of soldiers from ...

    August 8, 2020

    We provide information about Asia Blockchain Review latest activities as well as global blockchain news and research. Subscribe to our Newsletter now or Contact us