Australian PM Scott Morrison says the country’s major political parties and parliament were hit by a “malicious intrusion” on their computer networks. The activity was carried out by a “sophisticated state actor”, he said. But he added there was “no evidence of any electoral interference”. The nation will hold an election within months. Mr Morrison’s comments follow an investigation into the hacking attempt, which was first thought to involve only the parliament’s servers.
Experts Comments below:
Sam Curry, Chief Security Officer at Cybereason:
“The Australian parliament and all governments globally are the traditional target for most of the named cyber groups. And this latest breach isn’t shocking. In fact, the Australian parliament can expect to continue to be a target. Beyond traditional nation on nation spying, government agencies make great targets because they are clearinghouses for significant amounts of sensitive data. Criminal cyber actors are typically trying to either pilfer databases with significant PII or to paralyse networks in an attempt to ransom them. This breach is yet another wake-up call for governments to prioritise IT modernisation projects and cybersecurity projects across the board. When IT/Security projects are line items on an agency’s overall budget they will, almost without exception, be deprioritised. If large scale attacks against governments have taught us anything over the past few years, it’s that Global 1000 enterprises are better prepared to turn back cyber adversaries. And until cyber threats are taken as seriously as physical security and prioritised as separate, earmarked appropriations, governments will never be capable or motivated to stop cyber attacks in a serious manner. “
David Emm, Principal Security Researcher at Kaspersky Lab:
“Cyber-attacks on political parties are almost becoming commonplace – especially in the run up to elections. In an atmosphere of increased suspicion of the cyber capabilities of different nations, the focus very often becomes intent on identifying the attacker. This is understandable. At the same time, however, it’s vital to ensure that defence and security remains top priority to protect against almost inevitable future attacks, whether political or criminal in nature.
“The news that all the main political parties in Australia were breached has shown that attackers will try to achieve their aims by compromising multiple routes – proving more than ever the importance of working together to ensure maximum protection from malicious actors, across geographical and political boundaries No matter what an organisation has already experienced in the case of breaches or hacks, they must regularly review their information security processes and educate staff on how to keep their own, and others’, information secure.”
Javvad Malik, Security Advocate at AlienVault:
“There is no such thing as a low priority system or data that is uninteresting to attackers. Whenever a system is online, or accessible in a digital form, it should be assumed that bad actors will try to compromise it to either steal information, make it unavailable, or to tamper with it. Government departments are no exception, and therefore security controls should be carefully considered – in particular having strong monitoring and threat detection capabilities so that any intrusion or potential intrusion can be quickly identified and responded to and limit the damage.”
Paul Edon, Senior Director at Tripwire:
“This attack is the latest demonstration of how the threats against nation-states have evolved in the last few years.
The value of the digital assets that a system holds influences the risk factor of that system, and given the national and international interests invested in a nation-states’ parliamentary networks, these kind of attacks are likely to be attempted again. Although it is impossible to predict whether the next attack will be successful, it is encouraging that Australia’s parliament has detected the threat promptly and has addressed the security issue immediately. Bipartisan forces should concentrate on keeping the election process free of international interference, and although it is tempting to speculate on whether – and which – nation-state backed the hacking operation, the focus should be on securing the networks as soon as possible.”
Chris Doman, Security Researcher at AlienVault:
“The Australian Government has released a tool to identify the attacker’s tools within networks. The tools they’ve identified are in use by a number of different attackers, though some analysts have noted they are particularly popular with Chinese attackers.”