As Geopolitical Tensions Rise, So Does Our Need for Strong Cyber Intelligence

The Australian Cyber Security Centre (ACSC) has alarmingly found that the volume of cyber-crime reported last year increased by 13 per cent. Over this period cyber criminals broadened the scope of their attacks in Australia to include local hospitals, a food processing company and a Queensland power plant.

These were crimes that threatened our very way of life in the middle of a global pandemic.

Indeed, the scale of the threat has escalated to the point that the Australian Security Intelligence Organisation (ASIO) has declared espionage and foreign interference on democracy, which is often carried out in the virtual world, as the nation’s ‘primary security concern’, having supplanted terrorism for the first time in years

Australia has paid heed to the avalanche of virtual threats by investing heavily into defence measures, with the Federal Government last year allocating $50 million towards protecting government agencies against attacks and standardising cyber defences.

While these allocations are crucial, much of the focus across the public sector has been on ‘general’ defences such as backup and resilience measures, and other mechanisms that presume cybercriminals attack with a standard formula. These measures overlook a crucially important factor: cyber criminals don’t read from a playbook when they attack.

In fact, hackers are becoming more sophisticated, diverse and adaptable in their approaches. The Australian Securities & Investments Commission (ASIC) says it’s becoming increasingly difficult for employees to differentiate between what is real and what is a scam, with criminals setting up fake websites, social media sites and even pretending to be regulators over the phone. This is all happening at a time when more people work physically alone.

The recent passing of the Digital Transformation Agency’s (DTA) amended Security of Critical Infrastructure (SOCI) Bill, which has increased cyber protections for an expanded list of sectors including defence, food and grocery and public transport, is further evidence of cyber criminals diversifying their targets and tactics.

General measures are also largely reactive, with little thought given to identifying the modus operandi of attackers ahead of time, a critical element when it comes to decoding their motives and tailoring cyber defences.

For this reason, threat intelligence, which analyses data from past attacks to provide visibility into the latest cyber threats, directly from the front line, is essential to ensure future attacks are prevented. In fact, cyber threat intelligence forms one of the core design components of the DTA’s Cyber Hubs program, which is aimed at uplifting the cyber security posture of federal government agencies.

While this much is clear, it’s not always apparent how to integrate this information into an overall cyber strategy. A lack of understanding can limit comparative analysis to the attacks launched against individual businesses, with no insight into those that have occurred in other organisations, vertical sectors and even against international entities.

This oversight is occurring against a backdrop of rising geopolitical tensions that have already infiltrated the online world and have the potential to reach Australia’s shores.

Leveraging Industry Threat Intelligence as Cyber Warfare Rages

Organisations need industry threat intelligence as part of their arsenal to understand how exposed they are to a particular threat in real time. This will enable our private sector to rally its defences against the intended or unintended implications of cyber warfare.

Threat intelligence needs to go beyond simplistic analysis and should run the components of existing attack methodologies against organisations’ networks to identify gaps, misconfigurations, and opportunities for breach. This level of exposure ensures the organisation has an understanding of its vulnerabilities and possible network weaknesses, minimising the chance of an unexpected surprise.

Threat intelligence from the commercial sector is also not constrained by the geographical location of the organisation collecting it, or the jurisdictional control under which it is subject. This is a crucial consideration in the current geopolitical climate.

While the physical war between Russia and Ukraine is taking place in full view of the world, there is also a cyber war underway, with attacks launched in February against Ukraine’s foreign, education, agriculture, sports and energy ministries. This follows hackers from Russia defacing more than 70 government agencies in Ukraine in January.

Beyond the impact on the countries involved, these attacks could cause collateral damage to other nations that become caught in the crossfire.

We saw this happen in 2017 when Moscow launched an attack against the electricity grids in Ukraine. The malware used in this attack did not limit itself to Ukrainian targets, but also impacted anyone who did business with Ukraine with shipping ports and multinational companies around the world impacted, and the White House totalling the global damage from the attack at $10 billion.

Commercial threat intelligence reveals the likelihood that organisations and government agencies overseas will fall victim to collateral damage from the cyberwarfare taking place between these countries. It also negates the need to rely on foreign intelligence officials to brief our domestic organisations on potential risks.

The current state of cyber warfare means that organisations need to continuously review the effectiveness of their security controls ahead of time, rather than waiting for the virtual missile to hit and for personal information, physical infrastructure organisational networks to be impacted.

As each new cyber-attack is launched against Ukraine and the risk of it propagates throughout the cyber world, being prepared means practically applying the cyber intelligence of these current threats to our networks to strengthen our security environment. Only then will Australia be truly cyber-ready.

Macquarie Government is proud of the role it’s playing in Australia’s cyber defence, which includes protecting 42 per cent of commonwealth government agencies with secure internet, cloud and 24/7 cyber threat monitoring. Partnering with Mandiant to apply its cyber intelligence to our deep knowledge of the pan-government threat landscape will play a vital part in this cyber-readiness.

To find out more about the Mandiant Advantage Threat Intelligence, visit: https://macquariegovernment.com/lp-managed-security-validation/