• China denies claims of massive cyber attack on Australia
• All fingers point to China over cyber hit
• Parliament breach linked to latest cyber attack

Persistent and “sophisticated” online warfare may have already interrupted operations at transport, beverage and manufacturing firms in recent months, they say, and without urgent action it could impact everything from telecommunications to supermarket supplies.

The warning comes after Prime Minister Scott Morrison revealed the country was under sustained cyber attack from a “state-based actor with very significant capabilities,” and the Australian Cyber Security Centre warned all businesses to employ security patches to all “internet-facing infrastructure within 48 hours”.

UNSW Canberra Centre of Internet Safety director Nigel Phair said the announcement was a call to arms for Australian businesses, and an obvious indication cyber attacks against Australia had ramped up in recent weeks.

The announcement also followed damaging cyber intrusions at companies including logistics firm Toll, BlueScope Steel, and beverage giant Lion Australia, which was this week hit by a second attack on its IT systems.

Mr Phair said the efforts were an “adjacent form of war” and represented more danger to Australians than just “a bunch of criminals looking to make a Bitcoin or two”.

“You can have big battleships and guns or you can conduct a lot of cyber attacks and show your muscle and how you can disrupt an economy,” Mr Phair said.

“Toll couldn’t send parcels for some weeks and that affects the lives of a lot of people, many of whom are working from home.”

Mr Phair said new cyber attacks could target small and medium businesses which were not resilient enough to deal with sophisticated hacking attempts but played a vital role in the economy.

“They could target smaller companies who drive trucks for supermarkets, for example, or supply widgets to industries,” he said. “There’s a lot of interconnectedness and attacks could be disruptive.”

Check Point cyber security evangelist Ashwin Ram said the company’s response team had seen a massive jump in the number of attacks on Australian firms this month, in addition to government targets.

”In the last month, we have seen a three-fold increase in ransomware attacks against businesses in Australia,” Mr Ram said. “Attackers will continue to look for those weak links and companies can’t bring a knife to a gun fight — they need to have tools to block threats.”

Central Queensland University cyber security expert Dr Ritesh Chugh said additional security precautions should also extend to all internet users, who could become caught up in attacks against their employers or services they use.

“My advice to the public is just to be extra vigilant,” he said. “Every file that they open in the next couple of days, just be careful, even if they appear to come from a trusted source.

FOR INDIVIDUALS

— Patch your software: check for new updates for devices including laptops, smartphones, and tablets and install them immediately.

— Install security software: employ internet security software where possible to flag and prevent the installation of malicious programs.

— Enable multi-factor authentication: this option could require a text message as well as a password to gain access to your account.

— Scrutinise mail messages: don’t open an email attachment or click on a link you weren’t expecting, and carefully consider the source of any message that asks for action.

FOR BUSINESSES

— Know the risks: the Australian Cyber Security Centre sends security advice to companies registered as partners on its site.

— Patch all computer systems: many of the new attacks exploit known problems in software that could be fixed with recent updates. The ACSC advises companies patch software within 48 hours.

— Add multi-factor authentication: more than just a password should be used for email and remote desktop services.

— Educate users: ensure all users know they could be targeted by a cyber attack and should employ smart online behaviour.

— Double down on security: a quarterly lecture on cyber security policies for workers is no longer sufficient and even smaller businesses should have dedicated safety resources.

— Backup critical data: Having access to important files is crucial in the wake of an attack.