On 19 June 2020, Prime Minister Scott Morrison announced that all levels of Australian government were targeted by ‘sophisticated state-based cyber actors’. The attack has emphasised the need for Australian businesses to ensure they have the appropriate technical defences in place. This is even more important with the prevalence of persons working from home due to the COVID-19 pandemic, and the even greater importance of the security and reliability of digital networks and systems for Australian business.
On 19 June 2020, Prime Minister Scott Morrison announced that ‘sophisticated state-based cyber actors’ targeted a wide range of Australian political and private-sector organisations. According to the Federal Government’s cyber experts, the attack occurred over many months. It has been dubbed as Australia’s biggest cyber attack to date, causing businesses across the country to question the state of their cyber security systems.
Peter Jennings, executive director of the Australian Strategic Policy Institute (‘ASPI’), has attributed the attack to China with 95% certainty. Senior intelligence sources reveal the attacks are consistent with political interference and a bid to map Australia’s critical infrastructure to find vulnerabilities. Unlike Russia or North Korea, China is believed to have the requisite interest in State and Territory government or universities, as well as the sophistication and size of the intelligence establishment.[1] Chinese Foreign Ministry Zhao Lijian has vehemently denied these claims.
The global spread of COVID-19 has caused the workforce to migrate from offices to remote-working environments. However, as more persons work from home, business cyber security protections are reduced. As stated by the ACSC, ‘an increase in remote working significantly increases the opportunities for adversaries to gain unauthorised access to systems and may cause real world physical harm’.[2]
In the US, for example, a Washington State Agency has reported a phishing email campaign where cyber criminals impersonate the US Center for Disease Control and Prevention encouraging users to click a link which automatically downloads malware which has the potential to compromise both the device and associated workplace systems.[3]
Statistics show that 89% of technology professionals and leaders in Australia say that ‘the rapid transition to remote work has increased data protection and privacy risk’.[4] Further, only 40% of the respondents were ‘highly confident’ that ‘their cybersecurity teams were ready to detect and respond to the rising cybersecurity attacks occurring during COVID-19’.[5] Businesses should be acutely aware of the new risks arising from the surge in remote work, and take steps to mitigate them.
In response to the attacks, the Australian Cyber Security Centre (‘ACSC’) has published emergency security guidelines for businesses to implement to reduce risks.
The two ACSC recommended key mitigations are as follows.
ACSC has announced that ‘all exploits utilised by the actor in the course of this campaign were publicly known and had patches or mitigations available.’[6] They accordingly recommend that organisations ensure that security patches or mitigations are applied to internet facing infrastructure within 48 hours of those being made available. It is also recommended for organisations to use the latest version of software and operating systems available.
Multi-factor authentication should be applied to all internet accessible remote access services. In basic terms, multi-factor authentication is an authentication method in which a computer user is granted access only after presenting two or more pieces of evidence to an authentication mechanism.
The multi-factor authentication is recommended to be applied across web and cloud-based email, virtual private network connections (VPNs) and remote desktop services. In the current COVID-19 environment, with the growing prevalence and uptake of digital collaboration platforms such as Slack and Trello, businesses should also look at applying the authentication protocols when using these platforms.
Beyond the ACSC priority key mitigations above, the ACSC strongly recommends implementing the remainder of the ASD Essential Eight Controls as follows:
In light of the heightened dependence on digital systems and networks as a result of COVID-19, Australian businesses are more vulnerable than ever before to cyber attacks. Implementing the ACSC’s guidelines should help provide commercial and government organisations strong technical defence measures to prevent the potentially devastating consequences of being hacked.
If you have any questions on disruption to your digital business in a COVID-19 world, please do not hesitate to get in touch below.
[1] Geoff Chambers, Simon Benson & Joe Kelly, ‘Beijing behind full cyber attack on Australia’ The Australian (20 June 2020) <https://amp.theaustralian.com.au/nation/politics/nation-under-full-cyber-assault-from-china/news-story/cfe5b61ea317f613359638a9c7bd6193>.
[2] Australian Cyber Security Centre, ‘COVID-19 – Remote Access to Operational Technology Environments’ Australian Signals Directorate (22 May 2020) <https://www.cyber.gov.au/advice/covid-19-remote-access-to-operational-technology-environments>.
[3] Washington Tech Solutions, ‘Phishing attacks use coronavirus outbreak to trick victims’ WaTech <https://watech.wa.gov/Phishing-attacks-use-coronavirus-outbreak-trick-victims>.
[4] ISACA, ‘Media Alert: Australian Businesses Ill prepared for Cyber Attacks’ PR Wire (22 June 2020) <https://prwire.com.au/pr/90329/media-alert-australian-businesses-ill-prepared-for-cyber-attacks>.
[5] Ibid.
[6] Australian Cyber Security Centre ‘Advisory 2020-008: Copy-paste compromises – tactics, techniques and procedures used to target multiple Australian networks’ Australian Signals Directorate (18 June 2020) < https://www.cyber.gov.au/threats/advisory-2020-008-copy-paste-compromises-tactics-techniques-and-procedures-used-target-multiple-australian-networks>.