Strengthening defences against imminent cyber attacks

Tuesday, 22 February 2022

As military tensions between Ukraine and Russia race toward breaking point, organisations the world over are turning their attention to another frontline threat: cybercrime.

Tensions have existed for years but now with Australia offering support for Ukraine it could place the country directly in the firing line. Although Russia has avoided claiming responsibility for waves of cyber attacks against its rivals in the past, government intelligence consistently points to the nation and its allies as the perpetrators.
 
Australia has now joined the United States and Britain in citing Russia as being responsible for a series of crippling cyber attacks waged against the neighbouring country it is threatening to invade. Last week in a joint statement, Foreign Minister Marise Payne, Home Affairs Minister Karen Andrews and Defence Minister Peter Dutton publicly condemned Moscow for an "ongoing unacceptable and disruptive pattern of malicious cyber activity."¹ But cybersecurity experts know full well that moves like this effectively put a target on our backs. The ministers blamed Russia for the recent spate of cyber attacks on Ukraine before adding that, along with our allies, Australia would “…hold Russia to account.”²
 
At the same time, Australia also announced sending cyber experts to help Ukraine fight cybercrime and strengthen its defences. Senator Payne has selected Australia’s critical technology ambassador Tobias Feakin to lead talks with Ukrainian officials on how best to deter attacks on the country’s critical systems.³
 
Such support may increase the vulnerability of every Australian organisation. All – from hospitals, banks and schools to major private and public institutions – should be racing to shore up their basic defence-in-depth mechanisms and instil rigorous employee education programs around recognising potential hacking attempts and cybercrime in general.
 
Consider the recent crippling cyber attacks that wreaked havoc across Ukraine: as troops descended on the border in ever-threatening numbers, debilitating waves of cyber breaches were unleashed and temporarily collapsed many of the country’s most critical internal systems.
 
In January, Ukraine suffered one of its biggest cyber attacks when the operating systems of more than 70 Ukrainian government organisations were disabled for several hours.⁴ While no-one claimed responsibility, observers pointed out that it was Russia’s news services that were first to report on the disruptions. The attack came in the form of a series of malware breaches against Ukraine’s government computer systems resulting in them being defaced with provocative and intimidating messages. Systems were down for up to four hours before order was restored, sending a strong message that chaos could be caused at any time.⁵
 
Just as severe were the round of attacks a few weeks later in February. This time, malicious cyber activity knocked out the websites of Ukraine’s defence ministry and two state-owned banks, PrivatBank and Oschadbank.⁶ Customers were prevented from making online payments and using banking apps – a clear tactic to create chaos within a community and elicit anarchy.
 
The main method used in these attacks was one of the most common and crippling – distributed denial of service (DDOS). It involves multiple sources sending an enormous number of small blocks of information to websites and servers, overloading them to the point they slow down or collapse.
The reality is that nothing is stopping this exact style of cyber attack from occurring here – at any time, to any organisation, government or corporate. Highly concerning is that Russia has been accused of wielding its cyber warfare against multiple organisations at once in a deliberate bid to render a rival country helpless. 
 
What’s more, it looks to have already started: Ukraine’s top diplomat in Canberra, Volodymyr Shalkivskyi, recently told the media he could not manage or modify the official site of the Ukrainian embassy in Canberra, even though the site remains online.⁷ That simple fact alone should send Australian organisations rushing to bolster their own cyber defences.
 
The problem is the scale of the cyber threat that stands before us. Cyber chaos can be created well beyond borders, organisations need to be vigilant. They need to realise that defending against widespread, high-level attacks, such as those in Ukraine, may take the kinds of skills and expertise that do not exist within their own workforces. IT departments are usually very good at running their own systems but are notorious for lacking the levels of cybersecurity expertise required to guard against the increasingly severe attacks we are seeing around the world today. Nor are the majority prepared to react quickly enough, if attacked.
 
We are not lacking ample warning either. Cyber interference within Australia goes way back, with ASIO recently revealing it had uncovered a “foreign interference plot” to influence an Australian election.⁸ ASIO Director-General of Security Mike Burgess went on to confirm espionage and foreign interference on democracy within Australia had “… supplanted terrorism our [nation’s] principal security concern.”⁹

In terms of cybersecurity, it is time for organisations to batten down the hatches. Educate employees to recognise potential phishing attempts, suspicious emails and attachments; catastrophic breaches are often unleashed in seconds or minutes, not days. IT staff must be upskilled now, not later. And, most importantly, seek out high levels of expertise and those who possess the latest knowledge around cyber defence capabilities and how to implement them.