Cyber war puts businesses at risk of costly attack

Australian businesses are at high risk amid a wave of cyber attacks, Assistant Defence Minister Andrew Hastie warns.

Geoff ChambersCHIEF POLITICAL CORRESPONDENT

3 min read

9:03PMMarch 24, 2021.

Updated 7:54AMMarch 25, 2021

Andrew Hastie has urged businesses not to leave the ‘door open for criminals to exploit their computer systems’. Picture: Tony McDonough

Assistant Defence Minister Andrew Hastie has warned “many Australian businesses” are at high risk of having their operations disrupted and data stolen amid a wave of malicious state-sponsored and criminal cyber attacks targeting hospitals, parliaments and companies.

Mr Hastie, who has responsibility for cyber security under the Defence portfolio, has urged businesses not to leave the “door open for criminals to exploit their computer systems”.

Ransomware attacks in Australia, many of which have been linked to Chinese state-sponsored actors, have in recent weeks targeted the West Australian parliament and one of Victoria’s largest hospital operators.

The Australian understands that cyber attacks using the Microsoft Exchange vulnerability have increased in recent days, with the Australian Cyber Security Centre now listing the threat as “high”.

The government is concerned Australian businesses and individuals are vulnerable to being exploited or held to ransom because they have not updated their systems. Small businesses that cannot afford to have dedicated IT support have been identified as being most at risk.

The notorious REvil ransomware gang this week demanded a record $50m ransom after attacking the Microsoft Exchange server of Taiwanese computer manufacturer Acer. Hackers are also targeting Microsoft Exchange servers by deploying DearCry ransomware on victims’ systems, encrypting their computers and holding data for ransom.

Mr Hastie, a former chair of the parliamentary joint committee on intelligence and security, said it was critical for all businesses using Microsoft Exchange to install security patches and “move fast to shut this potential threat down”.

“There are many Australian businesses now at risk of having their business disrupted and their data stolen and ransomed by cyber criminals,” he told The Australian.

“My first priority is to keep Australians safe in both the physical world and online, and to do this I need everyone to listen to these warnings and follow the advice of the ACSC and strengthen our cyber defences.”

Mr Hastie said exploitation of vulnerable businesses could be “enormous for them and for the Australian economy”.

Microsoft’s Threat Intelligence Centre earlier this month attributed the attacks on its software to HAFNIUM, a “group assessed to be state-sponsored and operating out of China”.

The WA parliament incident, where its email network was hit by hackers in the middle of the state election campaign, has also been linked to Chinese actors. And Melbourne-based Eastern Health on Monday confirmed a number of its IT systems remained offline following a significant ransomware incident last week, which forced elective surgeries to be postponed at its Box Hill, Maroondah, Healesville and Angliss hospitals.

A Morrison government spokeswoman said it was aware of Microsoft’s attribution and that was “their call to make”.

“Cyber security is nation agnostic, and Australians and businesses should be alert to vulnerabilities. Our focus is on the businesses that may now be at risk of financial blackmail from malicious cyber actors,” the spokeswoman said.

Cyber Security Co-operative Research Centre chief executive Rachael Falk, who sits on the Cyber Security Industry Advisory Committee established by Home Affairs Minister Peter Dutton, said ransomware was evolving and becoming more sinister.

“We’re no longer just talking about ransom — we’re talking about extortion. These criminals can sit in networks for months undetected, all the while stealing data. Then, when systems are locked up, they use this exfiltrated data as a bargaining chip,” Ms Falk said.

She said ransomware was a key threat because of the minimal technical expertise needed to carry out attacks.

“This is cyber crime as a commodity. Ransomware can now be bought off the dark web and gangs are selling their services.

“It is a business — and a very lucrative one,” she said.

The ACSC, which falls under the Australian Signals Directorate, has identified “extensive targeting” by malicious actors exploiting vulnerabilities via compromised Microsoft Exchange servers. It has listed the threat as “high” and warned a large number of organisations had not patched their vulnerable versions of the Microsoft Exchange servers.

Australian Security Intelligence Organisation director-general Mike Burgess last week told The Weekend Australian the threat of nation-state espionage and foreign interference due to escalating regional tensions was on track to supplant terrorism as the greatest domestic security threat by 2025.

Mr Burgess warned that an emerging threat to Australia was the pre-planting of undetected malicious software into critical infrastructure that could be activated at a later date to cripple power grids, phone networks, water supplies and vital defence assets.