Security Market Segment LS
Wednesday, 20 February 2019 09:09

Infosec pro questions PM's claims about 'sophisticated' attack Featured

Infosec pro questions PM's claims about 'sophisticated' attack Pixabay

An American security professional has questioned whether the attack on the Australian Parliament's network and the systems of the three main political parties were indeed a sophisticated attack sponsored by a nation state as claimed by Australian Prime Minister Scott Morrison.

Joseph Carson, chief security scientist and advisory chief information and security officer for Thycotic, a privileged account management solution provider, said in a statement that at the moment it was "really hard" to tell if there was nation state involvement in the attack due to the lack of public evidence or details.

“Any attack on the government is typically either political or hacktivism," Carson said.

"However the announcement that this was a nation state cyber attack leaves more questions than answers. Most nation state cyber attacks are typically stealthier than this one which was a very noisy one, using techniques such as phishing to target politicians’ email accounts.

"A nation state’s primary goal is to not be detected and this one did not appear to have that priority."

As iTWire  reported on Tuesday, the attackers appear to have used Web shells – scripts that can be uploaded to a Web server to enable remote administration of a machine.

Carson said the attack was clearly not a sophisticated one as suggested. "[Not] unless we are going to learn that they lead to another one being uncovered, lurking within the networks, which would be a more likely scenario," he added.

"We typically find, when investigating a cyber attack, that when you are focused on gathering evidence you might find more than one attacker on your network when you are really looking at it in more detail.

“One thing is absolutely clear, however. Cyber attacks are going to continue: both loud cyber attacks that bring down services and disrupt society, and stealth cyber attacks that remain hidden lurking within networks, stealing sensitive information or waiting for the right moment to bring down the network.”

Kevin Bocek, vice-president of Security Strategy and Threat Intelligence at certificate and key management specialist Venafi, said it was somewhat paradoxical that at a time when the government was looking to control the cyber security protections that businesses could use, it had been attacked itself.

"The government should instead be spending all its energy on protecting the public sector and assisting business, rather than placing restrictions and possible backdoors in the use of encryption and machine identities," he said.

“This follows research showing that 93% of IT security professionals, including those in Australia, expect more attacks on political infrastructure. The adversary wants to increase the level of chaos and distrust in government.

"The recent uncertainty of immigration votes and the new rules on use of encryption and machine identities are exactly what enemies want. And just as we saw with attacks on the German Bundestag, the adversary will leave us guessing about the next move while politicians and cyber security experts are deservedly concerned.

“Hopefully this attack will demonstrate to the government that hackers won’t abide by restrictions on encryption and machine identities, and the government must focus on defeating cyber adversaries and not limiting Australian business.“

Leroy Terrelonge, director of Intelligence and Operations at business risk intelligence company Flashpoint, said one question unanswered about the attack was whether data had been stolen.

He advocated the use of deep and dark web monitoring services by organisations, particularly after a breach, so they could be alerted when data on their clients, employees, suppliers, contractors, etc was found in criminal online communities.

“It is important to highlight that nation state actors typically have different motivations from the archetypal financially motivated actors that dominate the underground economy. Nation state actors are mostly interested in espionage and intelligence gathering. Consequently, information stolen by nation state actors is much less likely to show up in deep and dark web communities," Terrelonge said.

“However, credible reports have shown overlap between cyber criminals and intelligence services, most notably in Russia where in 2014 investigators observed a cyber criminal cooperating with Russian intelligence to steal classified information from Turkey, Ukraine, Georgia, and other countries that have had a tense relationship with Russia.

“Thus, while nation state actors are suspected of being behind the Australian attack, monitoring criminal communities for mentions of the impacted organisations and their people/assets is an important component of the response to this potential data theft.”

WEBINAR event: IT Alerting Best Practices 27 MAY 2PM AEST

LogicMonitor, the cloud-based IT infrastructure monitoring and intelligence platform, is hosting an online event on May 27th aimed at educating IT administrators, managers and leaders about IT and network alerts.

This free webinar will share best practices for setting network alerts, negating alert fatigue, optimising an alerting strategy and proactive monitoring.

The event will start at 2pm AEST. Topics will include:

- Setting alert routing and thresholds

- Avoiding alert and email overload

- Learning from missed alerts

- Managing downtime effectively

The webinar will run for approximately one hour. Recordings will be made available to anyone who registers but cannot make the live event.



Security requirements such as confidentiality, integrity and authentication have become mandatory in most industries.

Data encryption methods previously used only by military and intelligence services have become common practice in all data transfer networks across all platforms, in all industries where information is sensitive and vital (financial and government institutions, critical infrastructure, data centres, and service providers).

Get the full details on Layer-1 encryption solutions straight from PacketLight’s optical networks experts.

This white paper titled, “When 1% of the Light Equals 100% of the Information” is a must read for anyone within the fiber optics, cybersecurity or related industry sectors.

To access click Download here.


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.



Recent Comments