State-sponsored cyber intrusions have become an increasing concern for the Australian government and organizations. Defence Minister Richard Marles previously warned that state actors were showing more interest in critical infrastructure. Nathan Wenzler, the chief security strategist at Tenable, a cybersecurity firm, emphasized that Australian organizations should take state-sponsored threat actors seriously to avoid significant risks during geopolitical conflicts. Wenzler also pointed out that the recent state-sponsored attack by the Russia-backed group Midnight Blizzard on Microsoft debunked the myth that large organizations are immune to such attacks. He stressed the need for organizations to have a comprehensive understanding of their environment and develop mature risk management strategies. The rise in state-sponsored cyber attacks in Australia is evident from the increase in total reports of cybercrime to the Australian Cyber Security Centre (ACSC). The ACSC attributes this rise, in part, to state-sponsored attacks targeting critical infrastructure. The ACSC report also links the increase in state-sponsored activity to the new AUKUS defense partnership formed by Australia, the UK, and the U.S., which focuses on advanced military capabilities. Industrial and critical infrastructure security firm Dragos has observed instances of adversaries directly targeting Australian critical infrastructure entities, including strategic cyber espionage operations. Hackers belonging to the Volt Typhoon hacking network, which has been linked to China, pose a threat to Australian geopolitical interests. This network targeted thousands of devices and critical infrastructure in the U.S. for the purpose of espionage and sabotage. Wenzler explained that state-sponsored attackers operate discreetly, infiltrating networks and spreading without raising alarms. Their ultimate goal is to cause harm during conflicts, such as shutting down critical infrastructure or disrupting military operations. Wenzler emphasized that Australian organizations should treat state-sponsored cyber attackers as seriously as they do financial criminals because of the significant potential damage they can cause. The recent Midnight Blizzard attack on Microsoft highlighted the importance of managing identities and credentials to prevent compromise. It also underscored the interconnected nature of security functions and the need for a holistic approach to security. To combat state-sponsored security threats, cyber teams should prioritize measures such as enabling multi-factor authentication, implementing least privilege principles, and adopting mature risk management approaches. It is essential for organizations to have a complete understanding of their interconnected environment and be ready to engage with law enforcement and government agencies for support in the event of a threat.
Menu
