Australia could get caught in the middle of a cyberattack from Russia. What might that look like?

Prime Minister Scott Morrison says cyberattacks are the most likely form of retaliation Australia could face from Russia. Here's how that could affect you.

Russian hacker sits in front of a computer

Russian hackers tried to access the computers of 200 journalists, including foreign correspondents based in Moscow. Source: Getty / Getty

Electricity down for hours on end, communications systems jammed, water supplies affected, hospitals in chaos. These are just some of the potential effects of a cyberattack on critical infrastructure.

As Ukrainian cities come under attack from Russia's forces in the biggest assault on a European state since WWII, another assault is being made in cyberspace.

Several Ukrainian banks and government department websites were targeted this week by cyberattacks.

It follows a similar attack just over a week ago, which saw about 70 Ukrainian government websites crash. The United States and Ukraine have blamed Russia.

During an emergency meeting of the National Security Committee of cabinet on Wednesday, Home Affairs Minister Karen Andrews said discussions recognised the escalating threat.

"We are concerned about protecting Australia's interests and we are concerned about the potential for a cyberattack, particularly on our critical infrastructure in Australia," Ms Andrews said.

The government's Australian Cyber Security Centre (ACSC) this week placed a message on its website headed: "Australian organisations should urgently adopt an enhanced cyber security posture."

Other security experts are also issuing warnings that Australia is not immune from cyberattack.

Why launch cyberattacks in the first place?

Cyberattacks have the potential to cripple infrastructure, electricity grids and critical services such as health care, Centrelink and banking.

Katherine Mansted is the director of cyber intelligence at Australia’s largest independent cyber security services company, CyberCX, and a senior fellow in the Practice of National Security at the ANU National Security College.
For attacks against Ukraine, the “objective is to demoralise, destabilise, and distract Ukraine from responding to the political situation and the military situation in front of it,” she said.

Lawrence Patrick, the chief communications officer of Sydney-based cybersecurity firm Zirilio, said attacks on Australia would try aim to “embarrass” national leaders who have spoken out against Russia and slapped sanctions on officials by disrupting critical services.

"It's very low effort, compared to having to put tanks onto a cargo plane, and then fly that around the world ... from Russia's standpoint, it's a quick and easy way to punish Australia for being an ally of the United States," said Mr Patrick.

The ACSC said last year, cybersecurity authorities in the United States, Australia, and the United Kingdom .

In more sophisticated attacks, hackers could extract data or ask for a ransom.

What could an attack look like?

Australian authorities are not aware of any current or specific cyber threats against businesses or critical infrastructure. But Prime Minister Scott Morrison said on Thursday cyberattacks are the most likely form of retaliation Australia is facing from Russia.

Cybersecurity experts and the threat has materially worsened as a result of the escalating crisis between Ukraine and Russia.

While Ms Mansted said it's unlikely Russia will directly target Australia, she said it's highly likely Australia will get caught in the “cyber crossfire” because of Russia's characteristic "recklessness" online.
Prime Minister Scott Morrison speaks to the media during a press conference at Kirribilli House, in Sydney,
Prime Minister Scott Morrison warns of potential cyberattacks from Russia. Source: AAP / Bianca De Marchi
“Russia is a very powerful cyber threat actor ... And it's also often a reckless cyber actor, so it doesn't care about collateral damage," Ms Mansted said.

"In 2017, Russia used a cyberattack against Ukraine, and it spread around the world and caused billions of dollars of damage, and it also affected some Australian organisations."

The 2017 Petaya and NotPetaya attacks froze users' computers and demanded ransom - a "ransomware" attack.

Ukrainian firms, including the state power company and Kyiv's main airport, were the first to report issues. The Chernobyl nuclear power plant has had to monitor radiation levels manually when its system went offline during the attack.

Later analysis found the attack was masquerading as ransomware and was instead designed to cause maximum damage.

Ms Mansted said attacks in cyberspace don’t always map out cleanly, and often have spillover effects.

Organisations that share the same platforms, tools or systems as organisations in Ukraine, face a high risk of having their operations shut down.
Cybersecurity experts are also bracing for an uptick in Russian cybercriminals, who are often behind ransomware attacks.

Australian hospitals have already been targeted by ransomware attacks in the past,

While the perpetrator of the cyberattack on Nine Entertainment last year was not revealed, the attack saw television programming and newspaper computer systems disrupted.

Gangs linked to Russia's forces may feel more encouraged to target organisations in the West as the relationship sours, said Ms Mansted, who adds that attacks from Russia to Australian organisations were already frequently being made well before recent events.

"They're in the business of stealing data and then threatening to expose that sensitive data unless organisations pay," Ms Mansted said.

Mr Patrick told SBS News the line between cybercriminals and state actors in Russia isn't so clean-cut.

"What you have to understand is that very often, the ransomware gangs, these criminal organisations that do the hacking, are being paid directly by the government ... essentially, they work for them," said Mr Patrick.

"It's also definitely a long term strategy ... that can be useful to them in the future and they're doing this by harvesting large databases of details on the people of Australia."

What should Australians be doing?

On Thursday, Mr Morrison urged Australian businesses to immediately review and adopt enhanced cybersecurity measures such as malware detection, mitigation and response.

The ACSC gave similar advice in its alert, warning of sophisticated "phishing" techniques, before detailing some of the measures organisations can take to prevent an attack.

"Organisations should ensure that logging and detection systems in their environment are fully updated and functioning and apply additional monitoring of their networks where required," the alert read.

"Organisations should also assess their preparedness to respond to any cyber security incidents, and should review incident response and business continuity plans."

Mr Patrick points to the Australian Cyber Security Centre’s as a useful framework that can help protect Australian organisations.

“From a cybersecurity standpoint, they're very simple things, like having a backup and recovery strategy, paying attention to administrative privileges, and making sure that the right people in your organisation have the right level of access,” he said.

The attacks, he added, will likely target smaller employees in larger organisations for a way in and said all Australians should remain alert.

CyberCX has similarly issued a "be alert, not alarmed" warning to their customers and the public, encouraging them to create an incident response plan.

"If there are any kind of quick wins in terms of cyber hygiene or cyber readiness that are sitting on a shelf ready to be put in place, now's the time to do it," Ms Mansted said.

7 min read
Published 25 February 2022 at 4:36pm, updated 25 February 2022 at 4:47pm
By Michelle Elias
Source: SBS News