Some major cyber threat news from the land down under.
And some hard questions about China's possible role.
Cyberattacks hitting Australian organizations
Australia recently made an official statement that the country is facing a massive, sophisticated cyberattack from a state-based cyber actor.
Says the Australian Cyber Security Centre (ACSC):
"This activity is targeting Australian organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers, and operators of other critical infrastructure."
When the scope of a cyberattack is this wide, you know the threat is serious.
And Australia seems to know. The country explained what it is doing to take action against this hack:
"The ACSC has already published a range of technical advisory notices in recent times, to alert potential targets and has been briefing States and Territories on risks and mitigations."
It also provided more information on specific governmental strategies to safeguard cybersecurity:
"The Government’s 2016 Cyber Security Strategy—backed by a $230 million investment over four years—has strengthened Australia's cyber security foundations, stimulated private sector investment in cyber security and positioned Australia as a regional cyber security leader. The Government will release a new Cyber Security Strategy in the coming months, which will include significant further investments.
The Government also invested a further $156 million to build cyber resilience and expand the cyber workforce as one of our election commitments and we invested additional funding for a whole-of-government cyber uplift program."
And Australia provided three specific recommendations for organizations concerned about their own security amid this threat:
- Patch your internet facing devices promptly—ensuring any web or email servers are fully updated with the latest software.
- Ensure you use multifactor authentication [MFA] to secure your internet accessible infrastructure and cloud-based platforms.
- Become an ACSC partner to ensure you get the latest cyber threat advice so you can take the earliest possible action to protect yourself online.
Australia cyberattack: Is China to blame?
When the victim is an entire country, finding the perpetrator of a state-based cyber attack is even more critical.
And some Australian leaders have been vocal about their beliefs, pointing toward China as a suspect. This opinion comes after Australia's cyber intelligence agency confirmed that China's Ministry of State security was responsible for a major attack on the Australian Parliament and political parties in the lead up to the 2019 election.
Meanwhile, Prime Minister Scott Morrison has been cautious about assigning blame, according to News.com:
"The Australian Government is not making any public attribution about these matters.
We are very confident that this is the actions of a state-based actor. We have not gone any further than that. I can't control what speculation others might engage in on this issue or, frankly, any other. I have simply laid out the facts as we know them and as we have disclosed today."
But that didn't stop China from responding to accusations from other officials. Here's how Chinese Foreign Ministry spokesman Geng Shuang fired back:
"China is a staunch upholder of cyberspace security and we have been the biggest victim of cyber attacks. We have been firmly opposing and combating all forms of cyber attacks. Our position is clear and consistent."