Security Market Segment LS
Wednesday, 20 February 2019 09:09

Infosec pro questions PM's claims about 'sophisticated' attack Featured

By
Infosec pro questions PM's claims about 'sophisticated' attack Pixabay

An American security professional has questioned whether the attack on the Australian Parliament's network and the systems of the three main political parties were indeed a sophisticated attack sponsored by a nation state as claimed by Australian Prime Minister Scott Morrison.

Joseph Carson, chief security scientist and advisory chief information and security officer for Thycotic, a privileged account management solution provider, said in a statement that at the moment it was "really hard" to tell if there was nation state involvement in the attack due to the lack of public evidence or details.

“Any attack on the government is typically either political or hacktivism," Carson said.

"However the announcement that this was a nation state cyber attack leaves more questions than answers. Most nation state cyber attacks are typically stealthier than this one which was a very noisy one, using techniques such as phishing to target politicians’ email accounts.

"A nation state’s primary goal is to not be detected and this one did not appear to have that priority."

As iTWire  reported on Tuesday, the attackers appear to have used Web shells – scripts that can be uploaded to a Web server to enable remote administration of a machine.

Carson said the attack was clearly not a sophisticated one as suggested. "[Not] unless we are going to learn that they lead to another one being uncovered, lurking within the networks, which would be a more likely scenario," he added.

"We typically find, when investigating a cyber attack, that when you are focused on gathering evidence you might find more than one attacker on your network when you are really looking at it in more detail.

“One thing is absolutely clear, however. Cyber attacks are going to continue: both loud cyber attacks that bring down services and disrupt society, and stealth cyber attacks that remain hidden lurking within networks, stealing sensitive information or waiting for the right moment to bring down the network.”

Kevin Bocek, vice-president of Security Strategy and Threat Intelligence at certificate and key management specialist Venafi, said it was somewhat paradoxical that at a time when the government was looking to control the cyber security protections that businesses could use, it had been attacked itself.

"The government should instead be spending all its energy on protecting the public sector and assisting business, rather than placing restrictions and possible backdoors in the use of encryption and machine identities," he said.

“This follows research showing that 93% of IT security professionals, including those in Australia, expect more attacks on political infrastructure. The adversary wants to increase the level of chaos and distrust in government.

"The recent uncertainty of immigration votes and the new rules on use of encryption and machine identities are exactly what enemies want. And just as we saw with attacks on the German Bundestag, the adversary will leave us guessing about the next move while politicians and cyber security experts are deservedly concerned.

“Hopefully this attack will demonstrate to the government that hackers won’t abide by restrictions on encryption and machine identities, and the government must focus on defeating cyber adversaries and not limiting Australian business.“

Leroy Terrelonge, director of Intelligence and Operations at business risk intelligence company Flashpoint, said one question unanswered about the attack was whether data had been stolen.

He advocated the use of deep and dark web monitoring services by organisations, particularly after a breach, so they could be alerted when data on their clients, employees, suppliers, contractors, etc was found in criminal online communities.

“It is important to highlight that nation state actors typically have different motivations from the archetypal financially motivated actors that dominate the underground economy. Nation state actors are mostly interested in espionage and intelligence gathering. Consequently, information stolen by nation state actors is much less likely to show up in deep and dark web communities," Terrelonge said.

“However, credible reports have shown overlap between cyber criminals and intelligence services, most notably in Russia where in 2014 investigators observed a cyber criminal cooperating with Russian intelligence to steal classified information from Turkey, Ukraine, Georgia, and other countries that have had a tense relationship with Russia.

“Thus, while nation state actors are suspected of being behind the Australian attack, monitoring criminal communities for mentions of the impacted organisations and their people/assets is an important component of the response to this potential data theft.”

BUSINESS WORKS BETTER WITH WINDOWS 1O. MAKE THE SHIFT

You cannot afford to miss this Dell Webinar.

With Windows 7 support ending 14th January 2020, its time to start looking at your options.

This can have significant impacts on your organisation but also presents organisations with an opportunity to fundamentally rethink the way users work.

The Details

When: Thursday, September 26, 2019
Presenter: Dell Technologies
Location: Your Computer

Timezones

QLD, VIC, NSW, ACT & TAS: 11:00 am
SA, NT: 10:30 am
WA: 9:00 am NZ: 1:00 pm

Register and find out all the details you need to know below.

REGISTER!

ADVERTISE ON ITWIRE NEWS SITE & NEWSLETTER

iTWire can help you promote your company, services, and products.

Get more LEADS & MORE SALES

Advertise on the iTWire News Site / Website

Advertise in the iTWire UPDATE / Newsletter

Promote your message via iTWire Sponsored Content/News

Guest Opinion for Home Page exposure

Contact Andrew on 0412 390 000 or email [email protected]

OR CLICK HERE!

Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

VENDOR NEWS & EVENTS

REVIEWS

Recent Comments