Scott Morrison has called a press conference to announce that a “sophisticated state-based actor with very significant capabilities” has been targeting Australian businesses and government networks.
The Prime Minister said that there have been no large-scale data breaches on government networks as a result of the latest hack, but confirmed that a huge number of sectors within the Australian economy have been targeted.
“This activity is targeting Australian organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure,” the PM said.
“We know it is a sophisticated state-based cyber actor because of the scale and nature of the targeting and the trade craft used,” he added.
Morrison failed to confirm specifics, other than stating that there have been no “large scale” data breaches on personal information, but added that these attacks were “malicious”.
He did say, however, that “what is of interest to us is that it is occurring and what we are focussed on is the practices that they’re employing and we have some of, if not the best agencies in the world, working on this and that means that they are putting all of their efforts in thwarting these attempts.”
Morrison also said that the “frequency has been increasing,” and that “they are not new risks, but they are specific risks, and targeted activities,” stating that he wanted to “advise you how Australians and particularly these organisations can take action to protect themselves.”
“I can confirm that they have thwarted many, but this is a very complex area and it requires constant persistence and application, and that’s what they’re doing,” Morrison said.
“This is the world we live in,” he said.
“This is why we are raising this matter today to raise awareness of this important issue,” Morrison continued to explain, adding that it was essential to “encourage organisations, particularly those in the health, critical infrastructure and essential services to take expert advice and implement technical defences to thwart this malicious cyber activity.”
When questioned as to the origins of the attack, Morrison said the government would not be making “any public attribution” of the attacks, but stated that “what I can confirm is that there are not a large number of state-based actors that can engage in this type of activity.”
The Council on Foreign Relations has previously said that Russia, Iran and China are the West’s top suspects when it comes to large scale, sophisticated cyber attacks.
“The fact that these threats persist is not a surprise in this world in which we now live,” Morrison said, adding that “the actions that we are taking are the actions that we need to take and we will continue to be as vigilant as we possibly can be.”
Morrison called the press conference in Canberra this morning, alongside Defence Minister, Linda Reynolds, who said that the Australian Cyber Security Centre and Department of Home Affairs have published a technical advisory, which will give organisations a better idea of how they can ‘detect and mitigate’ cyber threats.
“I remind all Australians that cyber security is a shared responsibility of us all,” Reynolds said.
Reynolds urged the public to update software, implement two-factor authentication and learn more about cyber security best practices to mitigate the chance of a cyber attack on their network.
The government is asking those concerned to contact the Australian Cyber Security Centre for more information on how to stay protected.