After Nine experienced a cyber-attack over the weekend, there have been questions about how vulnerable other Australian institutions might be to ransomware.
While Nine continues to deal with the ransomware attack, Parliament House also experienced a potential hacking attempt over the weekend.
The department of parliamentary services email network shut down due to an IT issue. According to Andrew Hussie, Assistant Defense Minister, “the government acted quickly, and we have the best minds in the world working to ensure Australia remains the most secure place to operate online.”
“Cybersecurity is a team effort and a shared responsibility.”
“It is vital that Australian businesses and organisations are alert to this threat and take the necessary steps to ensure our digital sovereignty.”
DPS is currently being supported by the Australian Cyber Security Centre.
Rick McElroy, Principal Cybersecurity Strategist for VMWare Security Business Unit, says that attacks like this are becoming more and more common.
“Not only are ransomware attacks getting increasingly sophisticated, the nature of ransomware attacks has also evolved to the point where organisations are experiencing the full brunt, damage, and impact first-hand.”
Mike Sneesby, Nine’s CEO and Damian Cronan, Nine’s Chief Information and Technology Officer sent a note to staff on Monday evening.
Sneesby commended the “countless cases of leadership, ingenuity and resilience [over the last 48 hours] as we pivoted quickly in key areas of our business.”
He said that “the cyber-attack we experienced over the weekend was significant in scale…A number of our core systems remain offline as we work to carefully return services.”
Cronan added, “our focus in the first 24 hours was on containment and we are confident our technology teams have isolated the attacker and the specific destructive activity that was initiated.”
One of the consequences of that strategy was the corporate network was disconnected from the internet, and internal networks separated from one another – for example Sydney is disconnected from Melbourne and Broadcast is seperated from Publishing.
“This has been an effective strategy however, it also means several services that are dependent on the corporate network are not available,” said Cronan.
Aaron Bugal, Global Solutions Engineer at Sophos believes that those in leadership across all industries have not taken cybersecurity seriously enough.
“They see cyber risk as more of an IT problem, rather than a responsibility that should sit with everyone in a business, starting with the top-down. This high profile attack on Nine serves as a timely warning to media outlets to evaluate their cyber security posture and their resiliency.”
According to Sophos’ recent report, ‘The Future of Cybersecurity in Asia Pacific and Japan’, more than half of Australian organisations suffered a data breach in 2020.
“Our research demonstrates that one of the top frustrations identified by Australian companies is that executives assume cybersecurity is easy, and that reported threats and issues are exaggerated. It’s a disturbing attitude in light of the number of high-profile attacks we’re seeing and considering that 62 per cent of Australian businesses agree that their company’s lack of cybersecurity remains a challenge,” he said.
Bugal also pointed out that cyber attacks had a range of potential consequences for the media industry.
“The on-air impact is detrimental as it halts operations and impacts the bottom line, while also preventing the public being informed of news and events that affect them.”
“Meanwhile the potential exposure of data can also bring not just financial, but also legal and reputational consequences too. The financial costs of these kinds of attacks involving downtime can translate into millions of dollars.”
VMWare’s Rick McElroy said that there are a number of strategies organisations can take to protect their cyber security, particularly workload security micro-segmentation, and identity and access solutions built into cloud stacks, rather than bolted on after the fact.
“The central vulnerability in supply chain compromise stems from networks granting administrative access to outside parties. The larger that window of time an outside user is granted access, the larger the opportunity for an attacker to get in.”
“So, while multi-factor authentication is important, continual authentication is the next evolution – ensuring that no one has perpetual administrative rights, and that they’re granted access for a purposeful window of time.”
Nine has not yet been offered a ransom for the breach. If they were to be offered one, Aaron Bugal believes they shouldn’t pay it.
“While paying the ransom seems to be the most simple and effective way of recovering data, but it is not an easy, nor inexpensive, path to recovery. In fact, the total cost of recovery can almost double when the ransom is paid.”
“Fortunately, more than half (56 per cent) of IT managers surveyed in Sophos’ The State of Ransomware 2020 report managed to recover their data from backups without paying the ransom.”
The source of the attack on Nine is still unconfirmed.
Featured Image: iStock/scyther5