Nine hacking ‘a wake-up call for Australia’
Australians should know this week whether the country's biggest organisations are being targeted by foreign spies or merely criminals seeking a big payday, according to the nation's top cyber security experts.
The warning comes as Channel 9 continues to investigate the source of an attack on its Sydney headquarters that has left its network crippled, which were infiltrated at the same time the Parliament House email system was taken down following an attack on an external provider.
While speculation has put Russian hackers in the frame for attack on Nine, former national cyber security adviser Alistair MacGibbon said its source was not yet clear but the event should "serve as a wake-up call" to all Australian businesses.
The cyber attack on the Nine Network was exposed early on Sunday when computers at its heavily-automated Sydney studios were remotely encrypted and disabled.
The media outlet has since requested help from the Australian Signals Directorate and a spokeswoman said the company was "working to continue operations and investigate" the source of the problem.
Late on Monday night, Nine chief information and technology officer Damian Cronan sent a memo to staff, advising them "our technology teams have isolated the attacker and the specific destructive activity that was initiated".
"This has been an effective strategy, however it also means several services that are dependent on the corporate network are not available," he wrote.
"This will have a significant impact on business-as-usual processes across the organisation."
Mr Cronan said the outlet would now focus on the network's recovery.
One high-profile Nine star, who did not want to be named, noted: "Whoever has done this has done a proper job."
Speculation is rife that Russian or North Korean hackers could be behind the attack as the network had plans to run news stories on both nations this week.
Mr MacGibbon, now chief strategy officer for CyberCX, said the attack on an Australian broadcaster could be the work on foreign spies but early indications pointed strongly towards the use of ransomware and a future attempt to extort money from the company.
"I've seen some speculation it could be nation states and we have seen nation states in the past carry out activity to do with broadcasts," he said.
"But if I was a betting guy, I'd argue it was more likely cyber criminals with ransomware.
"Just because they haven't received an extortionist demand yet doesn't mean that they won't get one. Often it could be days or even a week that you end up seeing that demand."
Mr MacGibbon said pinning down the attacker could prove particularly difficult as some ransomware was spread by nation states, and state-based actors "sometimes use other nations' toolkits to make them less easy to blame".
But UNSW Canberra Cyber director Nigel Phair said Australian cyber security officials investigating the attack should make their findings public as soon as they identify the perpetrators.
Mr Phair said if it was the work of another country, the Australian public may be kept in the dark.
"We never call them out and that's part of the problem," he said.
"We never attribute (attacks) and there needs to be consequences in this jurisdiction. At the moment, we've become easy picking because there aren't any consequences."
Possible state-based attacks could come from China, Russia, North Korea or Iran, he said.
Check Point cyber security evangelist Ashwin Ram said an employee targeted with a phishing email was the most likely entry to the company but identifying the source and cleaning the network may be a long process.
"Once a company has been breached, it's hard to find out how they have been attacked, how they got in, and whether they have fully dealt with it," he said. "It can take weeks or months to do manually."
Mr MacGibbon said regardless of the cause, Australian businesses and government agencies should learn from the disruption caused by this attack and develop plans to deal with an attack when they "inevitably" become a victim.
"This should be a wake-up call whether it's a criminal or a nation state," he said.
"We have to accept that this threat is significant and likely to impact every business or government enterprise in the country."
Additional reporting by Jonathon Moran.
Originally published as Nine hacking 'a wake-up call for Australia'