Security Market Segment LS
×

Message

Failed loading XML... Document is empty
Wednesday, 20 February 2019 09:09

Infosec pro questions PM's claims about 'sophisticated' attack Featured

By
Infosec pro questions PM's claims about 'sophisticated' attack Pixabay

An American security professional has questioned whether the attack on the Australian Parliament's network and the systems of the three main political parties were indeed a sophisticated attack sponsored by a nation state as claimed by Australian Prime Minister Scott Morrison.

Joseph Carson, chief security scientist and advisory chief information and security officer for Thycotic, a privileged account management solution provider, said in a statement that at the moment it was "really hard" to tell if there was nation state involvement in the attack due to the lack of public evidence or details.

“Any attack on the government is typically either political or hacktivism," Carson said.

"However the announcement that this was a nation state cyber attack leaves more questions than answers. Most nation state cyber attacks are typically stealthier than this one which was a very noisy one, using techniques such as phishing to target politicians’ email accounts.

"A nation state’s primary goal is to not be detected and this one did not appear to have that priority."

As iTWire  reported on Tuesday, the attackers appear to have used Web shells – scripts that can be uploaded to a Web server to enable remote administration of a machine.

Carson said the attack was clearly not a sophisticated one as suggested. "[Not] unless we are going to learn that they lead to another one being uncovered, lurking within the networks, which would be a more likely scenario," he added.

"We typically find, when investigating a cyber attack, that when you are focused on gathering evidence you might find more than one attacker on your network when you are really looking at it in more detail.

“One thing is absolutely clear, however. Cyber attacks are going to continue: both loud cyber attacks that bring down services and disrupt society, and stealth cyber attacks that remain hidden lurking within networks, stealing sensitive information or waiting for the right moment to bring down the network.”

Kevin Bocek, vice-president of Security Strategy and Threat Intelligence at certificate and key management specialist Venafi, said it was somewhat paradoxical that at a time when the government was looking to control the cyber security protections that businesses could use, it had been attacked itself.

"The government should instead be spending all its energy on protecting the public sector and assisting business, rather than placing restrictions and possible backdoors in the use of encryption and machine identities," he said.

“This follows research showing that 93% of IT security professionals, including those in Australia, expect more attacks on political infrastructure. The adversary wants to increase the level of chaos and distrust in government.

"The recent uncertainty of immigration votes and the new rules on use of encryption and machine identities are exactly what enemies want. And just as we saw with attacks on the German Bundestag, the adversary will leave us guessing about the next move while politicians and cyber security experts are deservedly concerned.

“Hopefully this attack will demonstrate to the government that hackers won’t abide by restrictions on encryption and machine identities, and the government must focus on defeating cyber adversaries and not limiting Australian business.“

Leroy Terrelonge, director of Intelligence and Operations at business risk intelligence company Flashpoint, said one question unanswered about the attack was whether data had been stolen.

He advocated the use of deep and dark web monitoring services by organisations, particularly after a breach, so they could be alerted when data on their clients, employees, suppliers, contractors, etc was found in criminal online communities.

“It is important to highlight that nation state actors typically have different motivations from the archetypal financially motivated actors that dominate the underground economy. Nation state actors are mostly interested in espionage and intelligence gathering. Consequently, information stolen by nation state actors is much less likely to show up in deep and dark web communities," Terrelonge said.

“However, credible reports have shown overlap between cyber criminals and intelligence services, most notably in Russia where in 2014 investigators observed a cyber criminal cooperating with Russian intelligence to steal classified information from Turkey, Ukraine, Georgia, and other countries that have had a tense relationship with Russia.

“Thus, while nation state actors are suspected of being behind the Australian attack, monitoring criminal communities for mentions of the impacted organisations and their people/assets is an important component of the response to this potential data theft.”

Read 3274 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here
BACK TO LATEST NEWS here




EXL AI IN ACTION VIRTUAL EVENT 20 MARCH 2025

Industry leaders are looking to transform their businesses and achieve measurable outcomes with AI.

As organisations across APAC navigate the complexities of AI adoption, this must-attend event brings together industry leaders, real-world demonstrations, and visionary panel discussions to bridge the gap between proof-of-concepts and enterprise-wide AI implementation.

Learn how to overcome common challenges in deploying AI at scale.​

Unlock cost savings, efficiency, and better customer experiences with AI.

Discover how industry expertise and data intelligence enable practical AI deployment.

Register for the event now!

REGISTER!

PROMOTE YOUR WEBINAR ON ITWIRE

It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.

MORE INFO HERE!

BACK TO HOME PAGE
Published in Security
Tagged under
Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Latest from Sam Varghese

Related items

More in this category: « Venafi offers grants to local developers Kaspersky 2018 global revenue grew despite US campaign »
Share News tips for the iTWire Journalists? Your tip will be anonymous
back to top

Subscribe to Newsletter

*  Enter the security code shown: img0

WEBINARS & EVENTS

CYBERSECURITY

PEOPLE MOVES

GUEST ARTICLES

Guest Opinion

ITWIRETV & INTERVIEWS

RESEARCH & CASE STUDIES

Channel News

Comments