[Heads Up] Australian Government and businesses hit by massive cyber attack from ‘sophisticated, state-based actor’

Scott-MorrisonNews.com.au reported that Australian Prime Minister Scott Morrison has "announced in an urgent press conference called this morning in Canberra, Mr Morrison said the ongoing, "large-scale" hack was being executed by a “sophisticated, state-based cyber actor”.

“This activity is targeting Australian organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure,” Mr Morrison told reporters.

“We know it is a sophisticated, state-based cyber actor because of the scale and nature of the targeting and the tradecraft used. Regrettably, this activity is not new. Frequency has been increasing.”

Mr Morrison said the Australian Cyber Security Centre has been “actively working with targeted organisations to ensure that they have appropriate technical mitigations in place and their defences are appropriately raised”.

Asked which nation was suspected to be behind the attack, Mr Morrison said the “threshold for public attribution on a technical level is extremely high” and that Australia “doesn't engage lightly in public attributions”.

“When and if we choose to do so is always done in the context of what we believe to be in our strategic national interests,” he said.

“What I can confirm is there are not a large number of state-based actors that can engage in this type of activity and it is clear, based on the advice that we have received, that this has been done by a state-based actor, with very significant capabilities.” Mr Morrison would not be drawn on whether China was behind the attack. “I can only say what I have said,” he said. An important part of these attacks were launched through spear phishing campaigns.

Key points from Prime Minister Scott Morrison were as follows:
  • We are seeing an exponential increase in cyber intrusion attempts, that they believe are State sponsored.
  • He reeled off targeted industries, there wasn't many that weren't on there...but Government is clearly underwater with this. A new Cyber Strategy to be released in coming months.
  • The PM emphasised that cyber attacks are ongoing, not new, and a constant threat.
  • No specific Government data breach to report at this moment
  • Today's announcements are all about increasing 'awareness' and he emphasised this twice....
The Minister for Defence Linda Reynolds listed the 3 things that organisations must do now:
  • Patch software and all web facing and email servers
  • Ensure you have MFA
  • Become a member of the Australian Cyber Security Centre

We can add to the above items that stepping your employees through new-school security awareness training is a must to improve awareness and we are ready to help any Australian organization to get this deployed ASAP. We suggest you start with a free phishing security test that shows the current Phish-prone percentage of your staff and is a great way to establish your initial baseline.  Source.

Free Phishing Security Test

Would your users fall for convincing phishing attacks? Take the first step now and find out before bad actors do. Plus, see how you stack up against your peers with phishing Industry Benchmarks. The Phish-prone percentage is usually higher than you expect and is great ammo to get budget.

PST ResultsHere's how it works:

  • Immediately start your test for up to 100 users (no need to talk to anyone)
  • Select from 20+ languages and customize the phishing test template based on your environment
  • Choose the landing page your users see after they click
  • Show users which red flags they missed, or a 404 page
  • Get a PDF emailed to you in 24 hours with your Phish-prone % and charts to share with management
  • See how your organization compares to others in your industry

Go Phishing Now!

PS: Don't like to click on redirected buttons? Cut & Paste this link in your browser:


Topics: Phishing

Subscribe To Our Blog

Ransomware Hostage Rescue Manual

Get the latest about social engineering

Subscribe to CyberheistNews