Australian Outlook

In this section

As the SolarWinds Hack Reaches Australian Shores, Australia's Defences Look Too Little, Too Late

13 Jan 2021
By Anton Lucanus
Picture of a cyber attack. Source: Don Hankins

As global adversaries expand their offensive digital capabilities, Australia’s in danger of falling too far behind to catch up. After China launched a series of cyberattacks on Australian targets and Russia established a beachhead in some Australian networks, the Australian government stands at a crossroads.

Not long ago, the Morrison government announced plans to speed up cyber defence spending in the wake of a massive hacking campaign aimed at the nation’s digital infrastructure. At the time, most of the attention turned to China, whom experts identified as responsible for the attacks. And in the months since, Australia’s relationship with China has continued to deteriorate.

But it turned out that the digital threats facing Australia aren’t limited to those emanating from Beijing. Last month, an American technology company called SolarWinds announced that it had been the target of a long-term hacking attack that managed to compromise the software update systems used to send new code to customers using its software. Except this time, it isn’t China that’s to blame, it’s Russia.

Turla, a Russian hacking group, has been linked to the SolarWinds breach, in a report released by the anti-virus software company Kaspersky. While they released a disclaimer saying that they aren’t suggesting that the hack was done by Turla, there are certain similarities in the code lifted from the recent breach that looks similar to the code that Turla utilises.

A Widespread Security Calamity

If the attack had only managed to affect the targeted company itself, the damage would have been severe but manageable. But because SolarWinds is one of the world’s leading providers of network monitoring and management tools, the scope of the problem was worse. Much worse.

The first – and arguably biggest – victim of the attack appeared to be the US federal government. The list of agencies affected by the breach includes a virtual who’s who of the American bureaucracy. So far, the Departments of Energy, Commerce, Treasury, Homeland Security, and the Pentagon are all known to be compromised. And for the US government, the list will likely grow longer as more agencies audit their systems looking for the tell-tale signs of unauthorised access.

The understanding of which part of Russia is behind this attack is vital to understanding why this hacking has taken place and whether it is purely an espionage-based attack or paves the way for something more sinister.

Australian Data is Safe, For Now

And the damage isn’t limited to the US. Already SolarWinds has put the number of compromised networks at anywhere up to 18,000. And among them are New South Wales Health, Rio Tinto, and Serco. So far, that’s the known extent of Australia’s exposure to the hack, but given what’s known already, that’s probably wishful thinking.

The good news is that the attackers don’t appear to have gone any further than installing malware within any of the affected Australian organisations’ systems. And while the malware could have allowed the exfiltration of data from the systems it ran on, there is no indication that this has happened. That’s good news, in particular, for NSW Health, which houses large amounts of personal medical and financial data on the citizens it serves.

Exfiltration of patient details can be devastating as they contain sensitive information ranging from birthdates to diagnoses, details which make exploitation and identity theft only a short hop away. In 2020, amidst the coronavirus attacks, patient data also came under attack by means of malware, email phishing, and ransomware attacks. However, two of the most significant data leaks were caused by human error and carelessness. One was due to a displaced laptop and another was due to improper disposal of patient records.

The Future Implications

Whilst relatively minor, the attack does prove that Australia’s vulnerability to cyberattacks is much greater than many people believed. And the fact that one of the targets is a healthcare organisation should send shivers down the spines of every Australian. It means that Australia’s international adversaries are targeting systems that, if exploited, could do grave harm to a wide swath of the country.

It also indicates that those adversaries are acutely aware of which buttons to press. It’s widely known that Australia’s healthcare infrastructure requires some updating and modernisation. There’s a nationwide shortage of skilled and qualified nurses and a general fragmentation of operations. This means that the system as a whole is already under the kind of strain that could spell disaster in the event of a massive digital attack.

In July 2020, there was indeed a mass release of sensitive information when a hacker managed to infiltrate a database of COVID-19 patients. One of the cases leaked revealed the medical file of a two-month-old COVID-19 patient, complete with annotations filled with a doctor’s concerns about exposure. Another case talked about the security and well-being of a young patient in a group home. This is highly sensitive information which is now on public display, and it begs the question of how frail the system truly is.

The Needed Response

These latest developments make clear that the Morrison government is going to have to do a whole lot more than speed up cybersecurity funding to meet the challenge the country now faces. Instead, it’s going to have to take a comprehensive, government-wide approach to not only harden potential targets but also to get them operationally up to the task of responding to an attack if one does come.

The trouble is, that’s going to cost some serious money at a time when Australia is going through its first recession in almost 30 years. And while some degree of protection may be realised through diplomatic efforts, the countries now rolling out offensive cyber operations aren’t likely to listen to reason and refrain from hitting Australia’s soft digital targets.

So, the bottom line is that Australia is now playing a very dangerous, very international digital game for which it is ill-equipped. It may get lucky and stay safe by playing a desperate game of defensive catch-up. But the time to start prioritising organisations and services in need of protection and getting them the resources they need is now. The consequences of failure are too great to contemplate, and the price of inaction is becoming clearer by the day.

Anton Lucanus holds a BSc from the University of Western Australia and is the Founder of Neliti, Indonesia’s largest digital library with over 200,000 publications and 3 million monthly website visitors. Anton is a past recipient of the AIIA’s Euan Crone Scholarship.

This article is published under a Creative Commons Licence, and may be republished with attribution.