Nation State
Governments will be a Key Cybersecurity Target in 2019
An attempted cyberattack on the Australian government at the start of February caught the headlines, not least because the country pointed the finger of blame at an unnamed nation state. But it is unlikely to be an unusual feature this year, as Lucy Ingham finds out
The cyberattack on the Australian government, which saw the country’s parliament as well as the three biggest political parties targeted, is likely to be the first of many attacks targeting governments this year, according to cybersecurity experts.
The attack, which the Australian government has attributed to an unnamed hostile nation state, occurred on 8 February.
It saw hackers attempt to access parliamentary and party computer systems, and is the latest in a growing number of attempts targeting the Australian government.
Nation state attacks on government on the rise
For cybersecurity experts, it is a sign of the escalating nature of nation-state cyberattacks, with many predicting that attacks against governments by hackers acting on behalf of hostile nations will continue in the coming year.
“It is very likely that we will continue to see more of these attacks in 2019. Nation-state attackers will combine existing, unsophisticated, yet proven, tactics with new techniques to exfiltrate IP, as opposed to just targeting PII or other sensitive data,” said David Higgins, EMEA technical director at CyberArk.
“Cyberattacks are going to continue: both loud cyberattacks that bring down services and disrupt society and stealth cyberattacks that remain hidden, lurking within the networks stealing sensitive information or waiting for the right moment to bring down the network,” added Joseph Carson, chief security scientist & advisory CISO at Thycotic.
For others, governments are likely to find themselves to be increasingly popular targets for all types of threat actors – whether backed by nation states or not.
“Cyberattacks are going to continue: both loud cyberattacks that bring down services and disrupt society and stealth cyberattacks that remain hidden, lurking within the networks.”
“The Australian parliament and all governments globally are the traditional target for most of the named cyber groups. And this latest breach isn’t shocking. In fact, the Australian parliament can expect to continue to be a target,” explained Sam Curry, chief security officer at Cybereason.
“This attack is the latest demonstration of how the threats against nation states have evolved in the last few years,” added Paul Edon, senior director at Tripwire.
“The value of the digital assets that a system holds influences the risk factor of that system, and given the national and international interests invested in a nation-states’ parliamentary networks, these kind of attacks are likely to be attempted again.
“Although it is impossible to predict whether the next attack will be successful, it is encouraging that Australia’s parliament has detected the threat promptly and has addressed the security issue immediately.”
Is a nation state behind the Australian government cyberattack?
While the Australian Prime Minister Scott Morrison has expressed confidence that the Australian government cyberattack is the work of a nation state-backed threat actor, others are less certain about how sure the country can be about this fact.
“The announcement that this was a nation state cyberattack leaves more questions than answers,” explained Carson.
“Most nation state cyberattacks are typically stealthier than this one, which was a very noisy cyberattack using techniques such as phishing to target politicians’ email accounts.
“Nation states primary goal is to not be detected and this one did not appear to have that priority. This was clearly not a sophisticated cyberattack as suggested, unless we are going to learn that the recent cyberattacks lead to another one being uncovered, lurking within the networks, which would be a more likely scenario.
“We typically find when investigating a cyberattack that when you are focused on gathering evidence you might find more than one cyber attacker on your network when you are really looking at it in more detail.”
“Beyond traditional nation-on-nation spying, government agencies make great targets because they are clearinghouses for significant amounts of sensitive data.”
Why was the Australian government targeted?
While the motives of the attackers are unknown, there are many reasons why the Australian government may have been selected as a target.
“The motive is often gaining competitive market advantage – government policies that could be seen as likely to provoke ‘trade wars’ are very likely to trigger a new round of nation state attacks designed to steal intellectual property and other trade secrets,” said Higgins.
“But this is just one of many potential reasons. Destabilisation, experimentation, information wars, policy influence and myriad other possibilities also exist.”
“Beyond traditional nation-on-nation spying, government agencies make great targets because they are clearinghouses for significant amounts of sensitive data,” added Curry.
No matter what the reason, it is a reminder to governments of the importance of rigorous cybersecurity measures.
“The news that all the main political parties in Australia were breached has shown that attackers will try to achieve their aims by compromising multiple routes – proving more than ever the importance of working together to ensure maximum protection from malicious actors, across geographical and political boundaries,” says David Emm, Principal Security Researcher at Kaspersky Lab.
“No matter what an organisation has already experienced in the case of breaches or hacks, they must regularly review their information security processes and educate staff on how to keep their own, and others’, information secure.”