Australia suffers ‘sophisticated’ cyber attack; PM urges better cyber security

Prime Minister Scott Morrison told the nation Friday that Australian organisations are currently suffering a ‘sophisticated’ cyber attack from another country, which he declined to name. The attack has been ongoing for several months, he said, targeting “Australian organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers, and operators of other critical infrastructure.”

Morrison also urged a significant defence against cyber attacks, two months after a 2016 Department of Homeland Security strategy lapsed in April 2020, with a replacement strategy effort that began in September 2019 remaining incomplete. He criticised the current home affairs minister, Peter Dutton, strongly for the lack of action, and praised the previous effort as forward-thinking but said that effort must be expanded and renewed.

The Australian Cyber Security Centre (ASCS) has published detailed about the attack methods, noting they rely on open source techniques. “The most prevalent being the exploitation of public-facing infrastructure—primarily through the use of remote code execution vulnerability in unpatched versions of Telerik UI,” it said. “Other vulnerabilities in public-facing infrastructure leveraged by the actor include exploitation of a deserialisation vulnerability in Microsoft Internet Information Services (IIS), a 2019 SharePoint vulnerability, and the 2019 Citrix vulnerability.”

The ACSC also said the attacker has used spearfish methods, such as linking to credential-harvesting websites, linking to malicious files, attaching malicious files to emails, and using spoofed links that prompt users to grant Microsoft Office 365 OAuth tokens to the attacker. 

Some security experts said the cyber attacks are not as sophisticated as Morrison claimed, but still serve as a warning to Australian organisations—and perhaps gave Morrison an opportunity to warn the attacking country that its efforts are known and to stand down.

Speculation as to which country is behind the attacks centres on China, which has been alleged to be behind many such attacks across many countries over many years, largely for espionage. Reports recently claimed that China reactivated one cyber attack group last year targeting multiple countries and that China had stolen attack methods from the US National Security Agency. China denied involvement in the current attacks.

As for Australia, “there has been a lot of sword rattling against Australia recently given pressure around a COVID-19 investigation [on China’s alleged withholding of crucial inforrmation early in the pandemic]. China recently described Australia as ‘gum on its shoe’ so it’s not a far stretch” to suspect China in the recent attacks, notes CSO Australia contributor David Braue.