- Exclusive
- Politics
- Federal
- Cyber security
This was published 3 years ago
China responsible for two thirds of state-sponsored cyber attacks
China is responsible for more than two-thirds of state-sponsored cyber attacks around the world, according to new research, as foreign governments are increasingly blending their capabilities with criminal networks to hide their identity.
Foreign governments and criminal groups – which are increasingly targeting Australia’s critical infrastructure and essential services such as hospitals, food distribution and electricity systems – are making themselves harder to detect by blurring their “tradecraft”.
In a report on the threat landscape over the past year, global cyber security firm Crowdstrike found China was behind 67 per cent of state-sponsored attacks. Iran was responsible for 7 per cent, North Korea 5 per cent, Russia 1 per cent, while another 20 per cent were suspected state-sponsored attacks, but their source was unknown.
The new findings follow the Australian government’s release of its second annual cyber threat assessment, which revealed reports of cybercrime have jumped by more than 13 per cent – or one incident every 7.8 minutes – over the past year.
Thousands of Australian businesses were this year hit by a major cyber attack on Microsoft Exchange servers that Australia, the United States and others believe was sponsored by China’s Ministry of State Security. It has been alleged the Chinese government agency paid criminal groups to conduct ransomware attacks to extort millions of dollars from companies.
Crowdstrike’s chief technology officer Mike Sentonas said the activities of “e-crime” groups and foreign states were now starting to merge.
“The e-crime actors are leveraging a lot of the tradecraft from the nation states, but we’re actually starting to see the nation states use the tradecraft of e-crime actors,” he said. “And a big part of that is to make it harder to detect them.”
Over the past year, cyber attacks against telecommunications and retail more than doubled, professional services saw a more than 90 per cent increase in hacks, while the government and academic sectors experienced an 80 per cent rise.
Both state actors and criminal networks are increasingly exploiting existing vulnerabilities on servers and networks – rather than infecting a system with malware – which makes them harder to detect. The Microsoft Exchange hacks were the most notable example of hackers exploiting a major vulnerability.
“In the last three months, we found that of all the attempted breaches that we analysed, 68 per cent did not use any malicious software,” Mr Sentonas said.
“These adversaries are starting to get a lot smarter in terms of how they exploit a victim. Instead of using traditional malware, a malicious application, they’re now starting to use the tools that come with an operating system. The reason why you do that is it pretty much guarantees you’re not going to be caught.”
The Australian Cyber Security Centre received 67,500 reports last financial year, up 13 per cent on the previous 12 months. The report showed 20 per cent of cyber incident reports coming from the Commonwealth government and 15 per cent from state and territories - but it is believed there is a massive underreporting from Australian businesses.
On average, 1500 reports a month related to the pandemic and the health sector was a major target.
The Australian Strategic Policy Institute’s cyber policy director, Fergus Hanson, said cyber attackers were increasingly targeting health services because they would be desperate to pay a ransom because it was a “matter of life and death”.
“What we will see, particularly as people harden defences, is the healthcare sector and those types of sectors that supply essential services will be targeted more because they will be more desperate to pay quicker,” he said.
The Morning Edition newsletter is our guide to the day’s most important and interesting stories, analysis and insights. Sign up here.