Surge in
cyber attacks amid China tensions
Jun 19, 2020 – 6.45pm
Venture capital firms and defence
contractors are among the hardest hit as growing tensions with China have
contributed to a 330 per cent increase in cyber attacks on Australia since the
start of the year.
Prime Minister Scott Morrison revealed a "sophisticated
state-based actor" was behind a "malicious" wave of attacks targeting
all levels of government, industry, critical industry, education, health and
essential services providers.
Prime Minister Scott Morrison said
Australia had was increasingly suffering cyber attacks from a foreign
nation. Alex Ellinghausen
Investigations had so far not found any evidence personal
data had been stolen, Mr Morrison said, although sources believe cyber theft,
including that of intellectual property, has been one of the main motivations.
The head of the Australian Strategic Policy Institute's
International Cyber Policy Centre, Fergus Hanson, said given the recent strains with Beijing triggered by Australia's advocacy of a coronavirus
inquiry, as well as past form, it was pretty clear China had been
behind the attacks.
"This is just a carpet-bomb attack, not a surgical
strike," he said.
Advertisement
Mr Morrison said the attacks had
been going on for many months but the frequency had increased recently,
although agencies such as the Australian Cyber Security Centre had thwarted
many of them.
But the tipping point was reached on Thursday, with
Cabinet's national security committee agreeing with security agencies it was
time to go public.
"We know it's a sophisticated state-based cyber actor
because of the scale and nature of the targeting and the tradecraft used,"
Mr Morrison said.
"I raised this not to raise the concerns of
Australians, but in many ways to reassure Australians that we understand what's
going on here and we're addressing it to the best of our capabilities and we're
in a position to do that better than most countries in the world. We know it's
going on."
Mr Morrison's public statement had twin purposes: telling
the perpetrator to back off, as well as a call to action to business leaders
and the community that Australia was increasingly being dragged into cyber warfare
and they needed to bolster defences.
The Opposition and state premiers and chief ministers were
briefed on the cyber attack, while Australia has also begun to consult global
allies. Mr Morrison spoke to United Kingdom Prime Minister Boris Johnson on
Thursday evening, while Australian officials have spoken to counterparts in
fellow Five Eyes nations and other trusted countries.
Government officials pointed to the rising number of cyber
warnings from the Australian Cyber Security Centre, which escalated after the FBI went public on Chinese
attempts to obtain COVID-19 research.
Confirming the breadth of the incidents, the ACSC released
109 different attack approaches that had been used as part of the campaign.
Telstra chief executive Andy Penn said the increase in
people working and studying from home, away from traditional cyber security
measures, had increased their vulnerability.
"We have seen a significant increase in cyber-attack
activity in recent weeks and we are on heightened alert for ourselves and for
our customers and we are actively managing the risk," he said.
While not attributing the incidents to China, government
cyber experts said the basic low-level tactics being used suggested they were
being driven by junior contractors, most likely acting under the Chinese
Ministry of State Security's encouragement.
Mr Morrison defended the decision not to name the attacker,
saying the threshold for public attribution on a technical level was extremely
high.
"And so Australia doesn't judge lightly in public attributions
and when and if we choose to do so, it is always done in the context of what we
believe to be in our strategic national interest," he said.
Mike Sentonas, the chief technology officer of Silicon
Valley firm CrowdStrike, said there had been a sustained focus on Australia by
sophisticated e-crime and nation-state actors.
The lines between these previously separate players were
becoming increasingly blurred.
CrowdStrike, which is listed on the Nasdaq, has recorded a
330 per cent increase in attacks this year, compared to the same period in
2019.
"The number of attacks right now is staggering, it's
unprecedented really," Mr Sentonas said.
"We have an escalating trade war with China so it's not
surprising we have become a bigger target."
But he also cautioned hackers from Iran, North Korea and
Russia were very active.
Federal government briefings indicate Services NSW, which
holds data on millions of people, was among those hit in the cyber attack.
An investigation is still under way into the severity of the
attack, although the agency said it appeared only customer information in 47
team members' email accounts was affected and individual account data had not
been compromised.
A cyber security source said state actors had been
particularly targeting venture capital firms, defence contractors, the space
industry, think tanks and others that hold valuable intellectual property.
While the future submarines and frigates, being designed by
Naval Group and BAE Systems respectively, are high-value targets, several
sources said all major contractors were being subjected to sustained cyber
intrusions.
"It's been pretty active through COVID and everyone has
copped it," one defence industry executive said.
Increased since the onset of
COVID-19
Australian Industry and Defence Network chief executive
Brent Clark said the real concern was with second-tier companies that had
access to sensitive data but their systems were not robust enough.
BlueScope Steel, transport group Toll Holdings and beer maker
Lion Australia have fallen prey to highly publicised e-crime attacks in recent
months.
One person briefed on the issues said the campaign called
out by the Prime Minister began in August 2018, around the time Australia
blocked Chinese firm Huawei from bidding on 5G telecommunications contracts.
The severity of the attacks and their frequency had
increased since the onset of the COVID-19 pandemic.
"As we went further up the Chinese shit list the amount
of activity increased," said the person.
"It is almost certainly the Ministry of State Security
[MSS] or one of their contractors behind it."
The source, who works in cyber security, said the techniques
used were not overly sophisticated and related to "known
vulnerabilities", which could be fixed with the manual patching of
servers.
No comments:
Post a Comment