Defence and Home Affairs emails exposed to China threat
Australia’s most sensitive agencies are allowing their emails to be potentially hijacked by cyber hackers, failing to adopt their own mandated online security advice.
National
Don't miss out on the headlines from National. Followed categories will be added to My News.
Australia’s most sensitive agencies including Defence and Home Affairs are allowing their emails to be potentially hijacked by cyber hackers, failing to adopt their own mandated online security advice.
Last month the government’s Australian Cyber Security Centre (ACSC) revealed government agencies accounted for more than a third of cyber incidents in 2020, targeted by State actors and criminal syndicates.
Assistant Defence Minister Andrew Hastie at the time said malicious attacks were escalating, exploiting Covid-19 to target Australians for espionage, theft of funds and sensitive data.
The most alarming online assaults were coming from China, targeting critical infrastructure including defence, health and energy resources for theft and disruption.
But it can be revealed, six out of the 14 Commonwealth’s departments have failed to adopt their own advice and have no proactive protection against cybercriminals impersonating their official domain to send out phishing emails to the public.
The six include the departments with the most sensitive targeted data including Defence, the Department of Foreign Affairs and Trade, Home Affairs, Veterans Affairs and Department of Social Services.
The fail was first pointed out last year when departments had specifically, contrary to ACSC advice, failed to fully apply Domain-based Message Authentication, Reporting & Conformance (DMARC) staged protocols.
Cyber security firm Proofpoint said DMARC was critical to ensure domain owners don’t allow cybercriminals to impersonate their official sites to send phishing emails to clients and customers.
Proofpoint senior director Adrian Covich said it was not clear why these six departments had not fully implemented DMARC measures to proactively block domain spoofing emails but the situation was urgent.
“It is more pressing now that we are using email a lot more in business-to-business or consumer communications because many of us are not in offices anymore, then weigh that with the pandemic at the moment; the bad guys use things like the pandemic to try and pretend to be someone else, for scams or other nefarious activities.”
The ACSC, part of the Australian Signals Directorate, only last month warned businesses: “DMARC is critical – implement it now irrespective of your existing controls”.
An ASD spokeswoman said yesterday DMARC was important.
“DMARC is one of a variety of controls that, when used together, is a highly effective countermeasure for preventing phishing attacks where the attacker attempts to fully impersonate the sending email domain,” she said.
But she added: “Implementing DMARC is the responsibility of individual entities.”
A Defence Department spokeswoman said Defence’s approach to cyber security was risk-based and it had systems and processes in place to detect and respond to malicious activity.
“These are continually improved in line with the contemporary threat,” she said.
“Defence is progressing a staged implementation of DMARC, ensuring changes to security protocols address any potential impacts to business.”
Defence has been told for five years to adopt full protocols.
Originally published as Defence and Home Affairs emails exposed to China threat
The Killers new Aussie tour: How to get tickets
The Killers are coming to Australia again and have a very popular John Farnham song in their sights to sing in our stadiums. See how to get best tickets and watch the video.
New laws to stop Mafia and bikies’ dirty cash ops
Dodgy real estate agents, accountants and lawyers will be hit with tough new laws to stop them working with bikies, drug traffickers and the Mafia. See what’s afoot.
Why your superannuation doesn’t feel like your own money
Super fund balances are many people’s biggest asset, yet many still don’t see it as their own, research has found.
How Miley, Robbie could entertain Aussie GP fans after court loss
Australian Grand Prix boss Travis Auld has been told to “pick up the phone” if he wants to get A-list talent back after a $5m court battle loss.
Melissa Leong shares shocking fight injuries
TV host and foodie Melissa Leong has taken to social media to show off her intense bruising after she stepped into the ring for a gruelling fight.
State’s big move on cutting-edge vaccines
One Aussie state has revealed its next move on a major vaccine development project – which promises to change the way it responds to future health challenges.