Americas

  • United States

Asia

Oceania

David Braue
Editor at Large

The latest cyberattacks, including on Nine Network, once again show how unprepared Australia is

News Analysis
Apr 01, 20215 mins
CyberattacksRansomware

4 major cybersecurity breaches underscore that despite much money and talk, Australian organisations remain fairly easy targets for cybercriminals.

computer crime scene / hacked / infected / cybercrime / cyberattack
Credit: D-Keine / Getty Images

She may have spent years driving Australia’s science and technology agenda, but Karen Andrews’s escalation to Home Affairs minister will be a trial by fire as she inherits the investigation, cleanup, and attribution of four major cybersecurity breaches on her first days on the job.

National broadcaster Nine Network was hobbled by a major ransomware breach on Sunday, 28 March 2021, shutting down its production systems and forcing the company to revert to backup procedures as its Sydney studios went offline, preventing the broadcasting of a range of content.

The Nine Network cyberattack’s damage done

CEO Mike Sneesby told staff that the attack “was significant in scale with high potential to disrupt our business” as the major news and current-affairs producer investigated the breach with help from government authorities—including the Australian Cyber Security Centre (ACSC) that now falls under Andrews’s purview after a major Morrison government ministerial reshuffle.

The team was “confident our technology teams have isolated the attacker and the specific destructive activity that was initiated,” Nine’s chief information and technology officer Damian Cronan said, citing the success of a containment strategy that keeps each internal network separate from the others.

Key TV broadcast personalities were flown to Melbourne after the Sydney studios were brought offline, and staff were being pushed to work from home as the damage from the attack was unwound and fixed.

Several core systems remained offline as the company’s 9Technology division worked to restore full operations, with a cross-business working group established as the response progresses.

The attack “will challenge us and test our capabilities and creativity in problem solving,” Cronan said. “We will be carefully assessing how we bring back controlled levels of connectivity into the network with an emphasis on service restoration, and I want to be clear it will take time before all our systems are back up and running.”

As Nine stepped through their recovery efforts, industry figures were speculating about which cybercriminal gangs or nation-state actors might have been responsible for these latest attacks—with China once again a prime suspect given the ongoing deterioration of the Australia-China relationship.

Meanwhile, Nine Network was cited as singling out Russia or North Korea as possible instigators—providing exactly no clear conclusion about which country’s government, if it were a nation-state responsible, might have instigated the crippling attack.

The Nine cyberattack is just the latest in a series

The attack came around the same time as an effort to breach the email systems of the Australian Parliament House led to those systems being shut down as a precautionary measure—and yet another attack hit major wine producer Taylors Wines.

Earlier this month, a chain of major hospitals in Australia’s second city, Melbourne, were forced to postpone elective surgery and revert to pen-and-paper systems after a major cyberattack brought key systems offline and left staff unable to access patient files two weeks later.

The spate of high-profile attacks is a headache for the federal government, which has been redoubling its efforts around cybersecurity protections since prime minister Scott Morrison fronted the media in June 2020 with a warning that the country was being targeted by a “sophisticated” cyberattack.

Nine months later—despite the release of an updated Cyber Security Strategy and the commitment of $1.7 billion over the next decade to support it—the steady flow of ongoing, well-publicised breaches confirm that Australian businesses and government bodies still have a long way to go before they are as secure as they need to be.

Yet despite the recent spate of high-impact cyberattacks, Andrews—whose new portfolio maintains control of the federal government’s cybersecurity policies and capabilities—didn’t mention cybersecurity once in a statement released after her promotion was announced.

Australia’s cybersecurity remains inadequate

New figures from Check Point Research (the threat-intelligence arm of Check Point Software Technologies) flagged a 153% increase in mobile malware-based attacks against Australian targets, and a 38% increase in ransomware attacks—part of a 24% increase in cyberattacks against Australian targets in the first two months of 2021 against the previous four months.

The prevalence of such attacks reinforces the inadequacy of Australia’s collective cybersecurity protections, said Daniel Lai, chief executive at security firm ArchTIS, who said many companies were simply paying ransoms “because it’s cheaper than it is to have a backup system in place and the right level of security. Most people don’t know what the right level of security is.”

“Hackers are often opportunistic and go after the lowest-hanging fruit,” said Stas Protassov, technology president at backup firm Acronis, who questioned whether Australian interests were being targeted or were just unlucky. “I don’t think Australia is specifically targeted,” he said. “If we see more news about successful attacks, it could mean Australian networks are simply less protected. Which I find not hard to believe.”

As Nine Network recovers and the security industry tries to fill in the gaps in the limited available information, KnowBe4 security awareness advocate Jacqueline Jayne said it was critical for companies to change a mindset that had so far failed to improve Australia’s overall security capabilities.

Part of the problem, she said, “is that we are focussing on the ‘Now what do we do?’ or ‘How can we fix it?’ or ‘What does that mean?’ or ‘What new government summit can we call to discuss what we already know and throw billions of dollars to the same things again expecting a different result?’”.

“How about we take the time to look at how these attacks are occurring and educate our people?” she said. “Our job is to shrink the threat attack surface so that it is harder for the cybercriminals to succeed. There is no silver bullet. No solution. No fix. What we have here is a persistent threat to our online world, and the only way to minimise our risk is awareness.”