Why Australian businesses may be at risk of a Russian cyber-attack

The current war between Russia and the Ukraine has made huge ripples throughout the world and has affected businesses and individuals alike in myriad ways. The Australian Government in response has reiterated the importance of businesses increasing their security posture and implementing compliance with the Essential 8 in order to thwart possible attacks from cybercrime groups that support the Russian Government’s actions.

It is, of course, a no-brainer for businesses to ensure their security posture and cyber security strategies, policies, and procedures are up to scratch regardless because cyber-attacks are now omnipresent, but with the war being almost 15,000kms away from us, it can be difficult to understand how and why your Australian business may be targeted.

Cyber-attacks are being used as a weapon of war in order to gain intelligence, inflict damage, and disrupt operations. The Australian Government wants businesses to understand that the threat of Russian cyber-attacks is real – even if you don’t fall into a high-profile industry such as finance, defence, or energy, the threat is still there - but why?

Globalisation: A Blessing and A Curse

Since the birth of the industrial era, we have been on a global trajectory of interconnectedness, and for the most part, it has benefited everyone greatly - especially in business. Our pool of potential customers has expanded exponentially and so has our revenue as we have transcended the previous geographical confines by taking full advantage of the reach that the internet and technology has allowed us.?

Consequently, we now find ourselves in the midst of a digital revolution. This has brought many benefits, but also many risks; as we are all more connected, so too are our systems vulnerable to attack.

The internet was designed with a number of fundamental principles in mind; it should be open and transparent, it should be decentralised to ensure no single party has complete control over the entire system, and it should be resilient so that if one part of the system fails the rest will continue without disruption. These principles have allowed for a rapid expansion of technology – but they have also left us vulnerable. As we have more devices connected to each other, through our smartphones and laptops, this interconnectedness makes us susceptible to attacks.

The internet is not geographically bound, so as soon as you connect your computer to the internet, you are part of this global network – there are no boundaries or borders in cyberspace. This has led to the spread of cybercrime, and many criminals are now using sophisticated techniques to target their victims.

Of course, some countries, industries, and businesses are more vulnerable than others, but this doesn't mean that we can become complacent. In fact, it is this very complacency that can help to make us vulnerable and, therefore, destroy our businesses, critical infrastructure, and lives in ways that we could never have imagined.

The Statistics

Between March 2021 and March 2022, there were roughly 134 cyber-attacks on government agencies, defence, and high-tech companies, as well as businesses around the world that have resulted in losses of more than a million US dollars per attack. As the world becomes more and more digital, this number will undoubtedly continue to rise, too.

In May 2021, people everywhere were taken aback when the Colonial Pipeline systems were breached and held at ransom until US$5 million was paid to the cybercriminals for a decryption tool which would allow them to regain control of their systems. The sheer scale and run-on impact that this attack had throughout the US left many of us awestruck, and it should be a real-world warning for the rest of us.

For many of us down under, we often think we will be overlooked by cybercriminals because despite being a ‘Top 20’ country, in comparison to the economies and political powers of the US and EU, we don’t have anywhere near the global influence they have. Cybercrime in Australia, though, is just as prevalent as it is in other, more globally and politically influential countries.

Since January 2022, businesses and local, state, and national government agencies in Australia have experienced no less than 50 large-scale breaches of varying degrees that threatened to not only negatively impact the direct target of the attack but also the end consumer/residents. While a lot of these attacks came from onshore malicious actors, there were a growing number that were undertaken by international cybercriminals.

What this shows is that Australia is not flying as low under the radar as we may think, so we need to start understanding the motivations that may lead malicious actors to target us in order to understand why every and any Australian business has the potential to become a victim of a large-scale, international cyber-attack.

The Motivations

As you can probably guess, the primary motivation of cybercriminals is often financial. They seek to penetrate the digital infrastructure of companies and governments to obtain funds in some way - be it through holding control of data for a ransom or exploiting the obtained data of the end consumer by engaging in tactics such as identity theft. However, what we seem to be witnessing now is an increase in politically motivated targeting.

Over the years, and even before the mass adoption of globally connected technology, Australians have been strong allies of various countries depending on the government in power. We have had a strong relationship with the UK on account of our colonial heritage, with the US, and even with China. We have also, as a country, ruffled a few political feathers along the way. While ruffling feathers is considered par for the course in politics, if cybercriminal groups are in support of the governments whose feathers we have ruffled, we can become a target.

A perfect example of this is the tumultuous political relationship we have had with China over the years. Under the Labor government led by Rudd, we had a strong trade relationship with China, but we have since chosen to forego maintaining it and have chosen to ally with the US instead. This has led to tense relations with China and an increasingly present security threat.

In early 2021, it was discovered that some Australian governments, businesses, and consumers became unwitting victims of a covert cyber-attack by China’s ministry of state security. Exploiting a Microsoft Exchange vulnerability, the ministry was accused of gaining access to thousands of computers and networks worldwide in order to gather information that could benefit the Chinese government. Since the event, China has also been accused of employing contract threat actors to carry out cyber-enabled intellectual property theft that will give China a commercial competitive advantage in other countries.

While the current war is also far from this example with China, the point here is to highlight that political relationships that turn sour can have an adverse effect on the security of Australian businesses as do our politically strategic alliances with other countries which are seen as ‘undesirable’ by the aggressors.

Cyber Security and Your Business

There are many contributing factors that can make any Australian business the target of an international cybercrime group, and while you may not be able to control these factors directly, you can be proactive in your approach to protect your digital environment. With the help of cyber security specialists like managed security service providers (MSSP), you can be confident that your systems are protected, and you can focus on your business.

An MSSP can ensure that your security is up to date, and you can monitor your environment to identify any changes that may be occurring in the space. They will work with you to architect a customised security strategy that is suited to your business needs. They will also help you evaluate the threats and vulnerabilities facing your organisation’s digital environment and develop an appropriate plan of action.

MSSPs are also able to provide you with the tools and techniques that you need to understand cyber threats. They will work closely with you to identify specific security requirements and can provide a range of services that will ensure a robust security posture for your organisation as well as enhance compliance with the ASD's Essential 8 recommendations.

Don’t let your business become another cybercrime statistic. No matter how possible or probable you think it is that your business will be attacked, it’s always better to be safe than sorry.