Prime Minster of Australia, Scott Morrison has announced that the country is being targeted by ongoing and sophisticated cyber attacks.
The attacks have taken place over many months and are increasing, said Mr Morrison. They have impacted “all levels of government” as well as essential services and businesses.
Due to the scale and nature of the targeting and the trade craft used, Mr Morrison stated that officials believe it is a state-sponsored attack. However, the Prime Minister of Australia refused to identify a perpetrator when asked to do so.
This is not the first time Australian institutions have been targeted by cyber attacks. Last year, the Australian National University said it had been hacked by a sophisticated operation which had accessed staff and student details.
Australia’s main political parties and parliament were hit by a “malicious intrusion” earlier in 2019, also attributed to a “sophisticated state actor”.
Mr Morrison said that the announcement was being made at this time to raise awareness amongst Australian businesses to ensure that their cyber defences are as secure as possible.
Speaking exclusively to International Security Journal, Andy Watkin-Child CSyP, a Chartered Cybersecurity Professional and Global CISO commented: “The Australian Prime Minister is putting the country on notice that they are under cyber attack from a state level attacker. Increasing awareness and informing people across the country that they should improve their cyber defences and be prepared for disruption. State level cyber attacks are not uncommon, US Federal agencies and municipalities have been under attack for years. Houston and Baltimore suffered from major Ransomware attacks in the past year taking local government services offline, from house sales through to police dispatch. Redcar and Cleveland Council in the UK suffered a similar fate in May this year.”
Andy concluded: “In my view, Government institutions specifically local government agencies are more vulnerable to cyber attack than say the Department of Defence. Cyber is a fast moving field and awareness and preparation of cyber attack is not a high priority for them. When money is tight and you have to prioritise between care in the community, mental health, waste management and schools, cyber won’t necessarily be high up the agenda. Especially given the cost involved. The unfortunate dichotomy though is that these critical services are digitally enabled and at a high risk of disruption in the event of a cyber attack.”