China is the prime suspect of a huge cyber attack targeting Australian universities, hospitals, industry and governments.
Prime Minister Scott Morrison today said a ‘sophisticated state-based actor’ was behind ongoing attacks which have been happening for ‘many months’ but have increased recently.
He did not name any suspects but senior sources have told the ABC that government agencies believe China is behind the campaign.
Cyber expert Nick Savvides, director of strategic business at Forcepoint, told Daily Mail Australia you can find ten to 15 states that could be behind the attack including China, Russia, Iran and North Korea.
He said the motivation is to gain a foothold in Australia’s systems to shut down schools, hospitals and key industries in the event of war.
Another aim could be to access classified government or commercial information.
A huge cyber attack has been aimed at the Australian government. Pictured: PM Scott Morrison
Australian Strategic Policy Institute executive director Peter Jennings said he is 95 per cent sure the attacker is China.
‘The Russians could take action. The North Koreans could do it, but neither of them are interested on the scale of the. They haven’t any interest in state and territory government or universities,’ he told The Australian.
‘The only country which has got the interest to go as broad so that as deep as this and the only country with the sophistication and the size of the intelligence establishment to do it, is China.’
The Prime Minster said investigations by the Australian Cyber Security Centre so far haven’t found any personal data has been leaked.
He said ‘many’ entities have been targeted but the success of the attacks has been ‘less significant’.
We know it’s a sophisticated state-based cyber actor because of the scale and nature of the targeting and the trade craft used
Prime Minister Scott Morrison
‘Australian organisations are being targeted by a sophisticated state-based cyber actor,’ he said today after calling a press conference at short notice.
‘This activity is targeting Australian organisations across a variety of sectors, including all degrees of Government, industry, political organisations, education, health, essential companies and operators of other critical infrastructure.
‘We know it’s a sophisticated state-based cyber actor because of the scale and nature of the targeting and the trade craft used,’ that he said.
‘Regrettably, this activity isn’t new. Frequency has been increasing.’
Mr Morrison said he’d not name the enemy government since the threshold for attributing a cyber attack is very high.
He said he’s spoken to allies including UK Prime Minister Boris Johnson yesterday evening – and in addition informed leader of the Opposition Anthony Albanese and state and territory leaders.
Who was behind attack and why?
Cyber expert Nick Savvides, director of strategic business at Forcepoint, told Daily Mail Australia you can find ten to 15 states that could be behind the attack including Russia, China, Iran and North Korea.
He said motivation for a state-sponsored cyber attack may be to gain a foothold in an enemy’s systems to shut down schools, hospitals and key industries in the event of war.
‘Attribution is really hard because you can be anyone you wish to be in cyber space,’ Mr Savvides said.
‘Hackers could make operations seem like they result from another state by mimicking another state actor.
‘To some it may appear to be Scott Morrison is trying to have out of naming a suspect but I sympathise with him.
‘We’re in a greater geopolitical climate so you may wish to be certain and have evidence you can publicly state before you name some-one.’
Mr Savvides said the Prime Minister had used ‘very powerful language’ by declaring the attack was by a state.
He said current trade tensions with China may lead people to believe the attack was ordered by Beijing – but another state could be capitalising on this to have away with it.
Mr Savvides said that he believed Mr Morrison gave the press conference today to tell the attackers ‘we’re on to you and we realize what you’re up to’.
Australian Strategic Policy Institute executive director Peter Jennings said he is 95 per cent sure it was China.
‘The Russians could take action. The North Koreans could do it, but neither of these have an interest on the scale of this. They have no curiosity about state and territory government or universities,’ that he told The Australian.
‘The only country that has got the interest to go as broad and as deep as this and the only real country with the sophistication and how big is the intelligence establishment to accomplish it, is China.’
Lion, which has a portfolio including Little Creatures, XXXX, Tooheys and James Squire, was hit with a cyber attack on June 8
Defence Minister Linda Reynolds said: ‘There is no doubt that malicious cyber activity is increasing in frequency, scale, in sophistication and in its impact.’
She urged businesses to test their cyber security and take extra steps such as for example ensuring employees use multi-factor identification before logging directly into devices.
Food and drink company Lion was forced to power down production for eight days on 8 June.
Mr Morrison said that attack was not associated with the state attack announced today.
Lion, which produces Little Creatures, XXXX, Tooheys and James Squire, power down its Little Creatures brewery in Geelong.
How would be the attacks completed?
The Australian Cyber Security Centre has identified the actor utilising various spearphishing techniques.
This spearphishing has taken the shape of:
Links to credential harvesting websites
Emails with links to malicious files, or with the malicious file directly attached
Links prompting users to grant Office 365 OAuth tokens to the actor
Use of email tracking services to recognize the email opening and lure click-through events
Source: Australia Cyber Security Centre
The education sector has been targeted by the cyber attacks that have been happening for months
Prime Minister Scott Morrison said the government has been targeted. Pictured: Parliament House in Canberra
The cyber attack has resulted in temporary shortages or out-of-stock services and products in kegs, bottles and cans.
An attack on the federal parliament and three largest political parties ahead of the general election last year was earlier this season attributed to China by security agencies.
Matt Warren, from RMIT University Centre for Cyber Security Research and Innovation, said cyber attacks were ‘the new normal’.
‘It’s maybe not that there’s a rise in cyber-attacks, but we’re seeing these attacks become more successful because what they truly are focusing on may be the human aspect,’ that he told the Geelong Advertiser.
‘It also highlights that organisations are not prepared for this.
Steps to boost cyber security
Defence Minister Linda Reynolds urged businesses to test their cyber security and take extra steps such as for example ensuring employees use multi-factor identification to utilize devices.
She said: ‘Firstly, patch your Internet facing devices promptly, making sure any web or email servers are fully updated with the newest software.
‘Secondly, make certain you always use multifactor authentication to secure your Internet access, infrastructure and in addition your CLOUD-based platforms.
‘Thirdly, it is important to become an ACSC partner to ensure you receive the latest cyber threat advice to protect your organisation on line.’
‘It’s actually a comparatively easy cyber attack to recuperate from, nevertheless the problem is really because organisations have become complex, they have not kept up their backup resilience technique to reflect their operations.’
Earlier this week Australia launched six warships into the Indo-Pacific for training operations before huge show of force in the region with the US Navy.
HMA Ships Canberra, Hobart, Stuart, Anzac, Ballarat and Arunta all left their base in Sydney Harbour on Monday.
They will conduct ‘task group training’ before taking part in a warfare training exercise with the US as well as other allies known as the Rim of the Pacific in August.
Australia has launched six warships into the Indo-Pacific for training operations before huge show of force in the region with the US Navy. Pictured: HMA Ships Stuart (foreground), Hobart and Canberra (background) depart Fleet Base East in Sydney
Left to right: HMA Ships Stuart, Hobart and Canberra depart Fleet Base East in Sydney for Force Integrated Training
The exercise may be the world’s largest international maritime warfare training mission, held every couple of years from Honolulu, Hawaii.
A defence spokesman said the ships are ‘currently conducting maritime task group training under strict COVID-19 preventive measures’.
It comes amid trade tensions with China after Australia angered Beijing by calling for an inquiry to the origins of coronavirus which erupted in Wuhan.
In recent months China has increased training exercises in the Pacific and started trailing its first homemade aircraft carrier. Prime Minster Scott Morrison said China really should not be shocked by the show of force.
‘These are our routine partnerships and exercises that we do. There’s nothing extraordinary about this,’ he told Sydney radio 2GB.
‘I do not think it would cause anyone any surprise that are looking in from elsewhere.’
HMAS Sirius departs Fleet Base West for taskgroup force integrated training
Left to right: HMA Ships Canberra, Hobart and Stuart depart Sydney Harbour on Monday