China is the prime suspect of a huge cyber attack targeting Australian universities, hospitals, industry and governments. 

Prime Minister Scott Morrison today said a ‘sophisticated state-based actor’ was behind ongoing attacks which have been happening for ‘many months’ but have increased recently.

He did not name any suspects but senior sources have told the ABC that government agencies believe China is behind the campaign. 

Cyber expert Nick Savvides, director of strategic business at Forcepoint, told Daily Mail Australia the motivation for the attack could be to gain a foothold in Australia’s systems to shut down schools, hospitals and key industries in the event of war. 

Another aim could be to access classified government or commercial information. 

A huge cyber attack has been aimed at the Australian government. Pictured: PM Scott Morrison

A huge cyber attack has been aimed at the Australian government. Pictured: PM Scott Morrison

Australian Strategic Policy Institute executive director Peter Jennings said he is 95 per cent sure the attacker is China. 

‘The Russians could do it. The North Koreans could do it, but neither of them have an interest on the scale of this. They have no interest in state and territory government or universities,’ he told The Australian.  

‘The only country that has got the interest to go as broad and as deep as this and the only country with the sophistication and the size of the intelligence establishment to do it, is China.’ 

The Prime Minster said investigations by the Australian Cyber Security Centre so far have not found any personal data has been leaked. 

He said ‘many’ entities have been targeted but the success of the attacks has been ‘less significant’. 

We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting and the trade craft used 

Prime Minister Scott Morrison 

‘Australian organisations are currently being targeted by a sophisticated state-based cyber actor,’ he said today after calling a press conference at short notice.

‘This activity is targeting Australian organisations across a range of sectors, including all levels of Government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure. 

‘We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting and the trade craft used,’ he said.   

‘Regrettably, this activity is not new. Frequency has been increasing.’

Mr Morrison said he would not name the enemy government because the threshold for attributing a cyber attack is very high. 

He said he has spoken to allies including UK Prime Minister Boris Johnson last night – and also informed leader of the Opposition Anthony Albanese and state and territory leaders.

Who was behind attack and why? 

Senior sources have told the ABC that government agencies believe China is behind the campaign. 

Cyber expert Nick Savvides, director of strategic business at Forcepoint, told Daily Mail Australia there are ten to 15 states that could be behind the attack including Russia, China, Iran and North Korea.

He said motivation for a state-sponsored cyber attack can be to gain a foothold in an enemy’s systems to shut down schools, hospitals and key industries in the event of war.  

‘Attribution is really hard because you can be anyone you want to be in cyber space,’ Mr Savvides said.

‘Hackers can make operations look like they come from another state by mimicking another state actor. 

‘To some it may sound like Scott Morrison is trying to get out of naming a suspect but I sympathise with him.

‘We’re in a heightened geopolitical climate so you would want to be absolutely sure and have evidence you can publicly state before you name some-one.’

Mr Savvides said the Prime Minister had used ‘very powerful language’ by declaring the attack was by a state. 

He said current trade tensions with China may lead people to believe the attack was ordered by Beijing – but another state could be capitalising on this to get away with it.  

Mr Savvides said he believed Mr Morrison gave the press conference today to tell the attackers ‘we’re on to you and we know what you’re up to’. 

Australian Strategic Policy Institute executive director Peter Jennings said he is 95 per cent sure it was China. 

‘The Russians could do it. The North Koreans could do it, but neither of them have an interest on the scale of this. They have no interest in state and territory government or universities,’ he told The Australian.  

‘The only country that has got the interest to go as broad and as deep as this and the only country with the sophistication and the size of the intelligence establishment to do it, is China.’  

Lion, which has a portfolio including Little Creatures, XXXX, Tooheys and James Squire, was hit with a cyber attack on June 8

Lion, which has a portfolio including Little Creatures, XXXX, Tooheys and James Squire, was hit with a cyber attack on June 8

Defence Minister Linda Reynolds said: ‘There is no doubt that malicious cyber activity is increasing in frequency, scale, in sophistication and in its impact.’ 

She urged businesses to check their cyber security and take extra steps such as ensuring employees use multi-factor identification before logging in to devices. 

Food and drink company Lion was forced to shut down production for eight days on 8 June.

Mr Morrison said that attack was not related to the state attack announced today.  

Lion, which produces Little Creatures, XXXX, Tooheys and James Squire, shut down its Little Creatures brewery in Geelong. 

How are the attacks carried out? 

The Australian Cyber Security Centre has identified the actor utilising various spearphishing techniques. 

This spearphishing has taken the form of: 

Links to credential harvesting websites 

Emails with links to malicious files, or with the malicious file directly attached 

Links prompting users to grant Office 365 OAuth tokens to the actor 

Use of email tracking services to identify the email opening and lure click-through events

Source: Australia Cyber Security Centre 

The education sector has been targeted by the cyber attacks which have been happening for months

The education sector has been targeted by the cyber attacks which have been happening for months 

Prime Minister Scott Morrison said the government has been targeted. Pictured: Parliament House in Canberra

Prime Minister Scott Morrison said the government has been targeted. Pictured: Parliament House in Canberra

The cyber attack has resulted in temporary shortages or out-of-stock products in kegs, bottles and cans. 

An attack on the federal parliament and three largest political parties before the general election last year was earlier this year attributed to China by security agencies.

Matt Warren, from RMIT University Centre for Cyber Security Research and Innovation, said cyber attacks were ‘the new normal’.

‘It’s not that there’s an increase in cyber-attacks, but we’re seeing these attacks be more successful because what they’re focusing on is the human aspect,’ he told the Geelong Advertiser.

‘It also highlights that organisations aren’t prepared for it.

Steps to improve cyber security 

Defence Minister Linda Reynolds urged businesses to check their cyber security and take extra steps such as ensuring employees use multi-factor identification to use devices. 

She said: ‘Firstly, patch your Internet facing devices promptly, ensuring that any web or email servers are fully updated with the latest software. 

‘Secondly, ensure you always use multifactor authentication to secure your Internet access, infrastructure and also your CLOUD-based platforms. 

‘Thirdly, it’s important to become an ACSC partner to ensure you get the latest cyber threat advice to protect your organisation online.’ 

‘It’s actually a relatively easy cyber attack to recover from, but the problem is because organisations have now become complex, they haven’t kept up their backup resilience strategy to reflect their operations.’     

Earlier this week Australia launched six warships into the Indo-Pacific for training operations ahead of huge show of force in the region with the US Navy.

HMA Ships Canberra, Hobart, Stuart, Anzac, Ballarat and Arunta all left their base in Sydney Harbour on Monday.  

They will conduct ‘task group training’ before taking part in a warfare training exercise with the US and other allies known as the Rim of the Pacific in August.

Australia has launched six warships into the Indo-Pacific for training operations ahead of huge show of force in the region with the US Navy. Pictured: HMA Ships Stuart (foreground), Hobart and Canberra (background) depart Fleet Base East in Sydney

Australia has launched six warships into the Indo-Pacific for training operations ahead of huge show of force in the region with the US Navy. Pictured: HMA Ships Stuart (foreground), Hobart and Canberra (background) depart Fleet Base East in Sydney

Left to right: HMA Ships Stuart, Hobart and Canberra depart Fleet Base East in Sydney for Force Integrated Training

Left to right: HMA Ships Stuart, Hobart and Canberra depart Fleet Base East in Sydney for Force Integrated Training

The exercise is the world’s largest international maritime warfare training mission, held every two years from Honolulu, Hawaii. 

A defence spokesman said the ships are ‘currently conducting maritime task group training under strict COVID-19 preventive measures’.

It comes amid trade tensions with China after Australia angered Beijing by calling for an inquiry into the origins of coronavirus which erupted in Wuhan.

In recent months China has increased training exercises in the Pacific and started trailing its first homemade aircraft carrier. Prime Minster Scott Morrison said China should not be shocked by the show of force. 

‘These are our routine partnerships and exercises that we do. There’s nothing extraordinary about that,’ he told Sydney radio 2GB. 

‘I don’t think it would cause anyone any surprise who are looking in from elsewhere.’

HMAS Sirius departs Fleet Base West for taskgroup force integrated training

HMAS Sirius departs Fleet Base West for taskgroup force integrated training

Left to right: HMA Ships Canberra, Hobart and Stuart depart Sydney Harbour on Monday

Left to right: HMA Ships Canberra, Hobart and Stuart depart Sydney Harbour on Monday



Source link

Write a comment:
*

Your email address will not be published.