Wednesday, June 24, 2020

I Wonder Why The Government Commentary On The Cyber Attack Is So Vague And General.

We were all a little startled last Friday when the PM had a mid-morning press conference to tell us we were all under cyber attack…

'Malicious' cyber attacks target Australian firms, infrastructure

Andrew Tillett Political correspondent

Jun 19, 2020 – 10.35am

A foreign government has escalated "malicious" cyber attacks against Australian businesses and government agencies including critical infrastructure, Prime Minister Scott Morrison has revealed.

Mr Morrison said investigations so far had found there had been no large scale breaches of personal data.

Prime Minister Scott Morrison has spoken about a major cyber attack that hit the government and private sector.

The cloud of suspicion has immediately fallen on China given recent bilateral tensions between Canberra and Beijing and past form after the PM said the attacks had the hallmarks of a sophisticated state-based actor.

Russia is the other country that has the means and form to target western nations.

Mr Morrison said he could not stop speculation but at this point the government was not prepared to name a potential perpetrator.

"We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting and the trade craft used," he said.

"The threshold for public attribution on a technical level is extremely high. Australia doesn't engage lightly in public attributions and when and if we choose to do so is always done in the context of what we believe to be in our strategic national interests.

"What I can confirm is there are not a large number of state-based actors that can engage in this type of activity and it is clear, based on the advice that we have received, that this has been done by a state-based actor, with very significant capabilities."

More here:

https://www.afr.com/politics/federal/malicious-cyber-attacks-target-australian-firms-infrastructure-20200619-p5546t

What was interesting was that neither the perpetrator or victim(s) were named. (thinking of Toll Holdings and Lion as two very recent victims who could have been mentioned)

Others noted the lack of specificity.

Scott Morrison cries 'Cyber wolf!' to deniably blame China

Australia's prime minister didn't name China as the source of recent 'sophisticated' cyber attacks in Friday's press conference. He didn't have to.

By Stilgherrian for The Full Tilt | June 19, 2020 -- 04:05 GMT (14:05 AEST) | Topic: Security

"Senior sources" in federal government agencies have reportedly confirmed that China is believed to be behind recent cyber attacks targeting all levels of government in Australia, as well as the private sector.

Prime Minister Scott Morrison had avoided blaming China at his press conference on Friday morning.

"I'd simply say this, and that is, the threshold for public attribution on a technical level is extremely high," he said.

"Australia doesn't judge lightly in public attributions, and when and if we choose to do so, it is always done in the context of what we believe to be in our strategic national interest."

It doesn't take a genius to figure out that China was the likely culprit, however.

Having unnamed sources leak a confirmation means that China has been named, but Morrison has plausible deniability.

"Of course it is China," tweeted Tom Uren, senior analyst in cybersecurity at the Australian Strategic Policy Institute's International Cyber Policy Centre.

"There are a few countries that have the capability: Russia, China, US, UK, and perhaps Iran and NK [North Korea], although they may not have the scale." Uren said.

"Only China in this list will have the appetite for such a broad approach."

According to Uren, Morrison was sending signals to two audiences, one internal and one external.

"For domestic audiences: Cue the sound of a thousand CISOs knocking to ask for more resources as 'the PM just said this is important'," Uren said.

"For the Chinese: We are getting tired of this and it's escalated to the highest levels. Final warning or we'll be much more public. MinDef [the Minister for Defence, Linda Reynolds] appearing was interesting and is designed to reinforce seriousness."

This diplomatic angle also explains why Morrison called a press conference to ring such a loud but content-free cyber warning bell.

Morrison put on his serious voice to tell us they were sophisticated state-based attacks -- they're always sophisticated -- and that they've been happening "over many months" and "the frequency has been increasing".

Which is to say, it's a day with a Y in it.

Reynolds said we need to ensure that "any web or email servers are fully updated with the latest software" and "always use multifactor authentication".

We should also floss our teeth once a day and visit the dentist twice a year.

Morrison couldn't help but throw in some political boasting, of course.

He reminded us of his AU$156 million election commitment to build cyber resilience, and that the long-overdue 2020 Cyber Security Strategy will be released "in the coming months".

But the only concrete announceable was the Australian Cyber Security Centre's Advisory 2020-008

It's just another routine warning about the tactics, techniques, and procedures of this particular adversary, and what organisations should do to protect themselves. It's hardly worth bothering the prime minister for that.

More here:

https://www.zdnet.com/article/scott-morrison-cries-cyber-wolf-to-deniably-blame-china/

China also got a clear run here:

Surge in cyber attacks amid China tensions

Andrew Tillett, Angus Grigg and Tom Burton

Jun 19, 2020 – 6.45pm

Venture capital firms and defence contractors are among the hardest hit as growing tensions with China have contributed to a 330 per cent increase in cyber attacks on Australia since the start of the year.

Prime Minister Scott Morrison revealed a "sophisticated state-based actor" was behind a "malicious" wave of attacks targeting all levels of government, industry, critical industry, education, health and essential services providers.

Investigations had so far not found any evidence personal data had been stolen, Mr Morrison said, although sources believe cyber theft, including that of intellectual property, has been one of the main motivations.

The head of the Australian Strategic Policy Institute's International Cyber Policy Centre, Fergus Hanson, said given the recent strains with Beijing triggered by Australia's advocacy of a coronavirus inquiry, as well as past form, it was pretty clear China had been behind the attacks.

"This is just a carpet-bomb attack, not a surgical strike," he said.

Mr Morrison said the attacks had been going on for many months but the frequency had increased recently, although agencies such as the Australian Cyber Security Centre had thwarted many of them.

But the tipping point was reached on Thursday, with Cabinet's national security committee agreeing with security agencies it was time to go public.

"We know it's a sophisticated state-based cyber actor because of the scale and nature of the targeting and the tradecraft used," Mr Morrison said.

"I raised this not to raise the concerns of Australians, but in many ways to reassure Australians that we understand what's going on here and we're addressing it to the best of our capabilities and we're in a position to do that better than most countries in the world. We know it's going on."

Mr Morrison's public statement had twin purposes: telling the perpetrator to back off, as well as a call to action to business leaders and the community that Australia was increasingly being dragged into cyber warfare and they needed to bolster defences.

Lots more here:

https://www.afr.com/politics/federal/surge-in-cyber-attacks-amid-china-tensions-20200619-p554av

It seems what is actually going on here is that the PM is signalling to China:

1. We know what your are doing.

2. We have pretty good capabilities to handle the attack so:

3 Just stop it – before you go blind <grin>

In the meantime there is a risk a variety of infrastructure and companies – as well as Government entities – may be intruded upon and damaged.

I had not realised that Aust. Signals Directorate had mentioned the health sector to be at risk about six weeks ago with a pretty detailed advisory being provided.

See here:

APT activity targeting Australian health sector

Advanced Persistent Threat (APT) actors are actively targeting health sector organisations and medical research facilities in Australia.

The Australian Cyber Security Centre (ACSC), which is part of the Australian Signals Directorate (ASD), issued Advisory 2020-009: Advanced Persistent Threat (APT) actors targeting Australian health sector organisations and COVID-19 essential services on 8 May 2020 with recommendations for the health sector to implement as part of their mitigation strategies.

Date

May 8th, 2020

Here is the link:

https://www.cyber.gov.au/news/apt-activity-targeting-australian-health-sector

So digital health is in the front line! You have been warned!

David.

No comments:

Post a Comment