Experts comment on Aus Parliament breach
FYI, this story is more than a year old
Late last week, Australian security agencies reported they were looking into a security breach of the Federal Parliament’s network.
The Federal Parliament has said in a statement that authorities have yet to detect any evidence that data was stolen as a result of the breach.
Here’s what security experts have to say about the breach and the possibility of it being a thwarted nation-state cyber attack:
LogRhythm APAC sales director Simon Howe
The attack on the Australian Parliament is a timely reminder for both citizens and those in power to take note of the Australian Signals Directorate’s (ASD) Essential 8 recommendations for cyber hygiene and for ongoing awareness and education of the potential harm which an attack can create on a nation’s infrastructure or business operation.
This latest attack shows that no organisation is exempt from being a target from hackers who have proven time and again that they are capable of infiltrating critical infrastructure and causing disruption.
Proactive security controls, including network monitoring and analysis, and both timely and rapid detection within seconds, can circumvent the risk of data loss and limit an attacker’s ability to move about a network.
Ultimately, however, public and private sector organisations need to think more strategically about the type of attacks at hand and understand the end goal of the game being played here, namely prized access to highly sensitive data.
WatchGuard Technologies A/NZ country manager Mark Sinclair
A sophisticated attack requiring a mature skill set is highly likely to be executed by a foreign state-based actor or a very well-funded organisation.
The fact that it is targeting an MP is a strong indication that it is a foreign nation.
Any MP can be the target of such an attack since the attacker may be able use it as a springboard to launch subsequent attacks on other MPs on the network.
If this attack was the result of weak or stolen credentials then the use of multifactor authentication will play a big part in preventing further attacks.
Ping Identity APAC regional director Geoff Andrews
Although Ping Identity has no specific insights into this incident, we are aware of several highly active state-sponsored cyber actors who have successfully compromised other government entities worldwide.
Government ministers and MPs are high-value targets for hackers.
Highly sensitive information assets should at a minimum be protected by multi-factor authentication, including something you are (biometric), something you know (for example, a password) and something you have (a one time code or token).
Sophisticated protections will overlay intelligent, dynamic step-ups in authentication based on other factors such as location, time, changing IP addresses, or other behavioural characteristics.
Government and commercial enterprises need to secure user access via strong authentication, using secure but user-friendly methods, like industry standards like FIDO.
Aura Information Security Australia country manager Michael Warnock
This breach once again confirms that distance is no defence for the Australian public and private sectors.
Both individuals and their employers need to have proactive cyber defence measures in place day in day out and also ensure that they have a strong focus on educating their employees.
As with the community in general, the Australian public sector is in the sight of cyber criminals and we should all continue to take note of the ASD Essential 8 strategies to mitigate cybersecurity incidents.
Thycotic chief security scientist & advisory CISO Joseph Carson
The latest cyber attack against the Australian Parliament shows that nation state actors and cybercriminals will continue to target humans in an attempt to gain access to their email and passwords
Email and Password theft is the first step in trying to gain access to sensitive information and networks.
This is typically one step in the door for attackers who can then use those credentials to elevate to privileged accounts that could then allow unfederated access to the entire network.
Sometimes elevated accounts to privileged users can be as easy as exploiting vulnerable systems, or the compromised account is already overprivileged allowing the attackers to bypass any security controls in place.
The incident at AMP highlights the risks of overprivileged insiders who can abuse their access to steal sensitive information from their employers.
Third party suppliers and contractors are a major risk to organisations and it is critically important to ensure that strong privileged access management is in place to secure access to customer data, intellectual property and sensitive systems so they must satisfy strong security controls and are prevented from moving data to personal accounts or outside of the organisation’s data vaults.
Carbon Black security strategy head Rick McElroy
Democracies around the world are under attack.
Governments, which are often understaffed and underfunded for cybersecurity, must craft and implement strategies to address the rising number of attacks they face.
The bar for cyber attacks is so low in some instances that it invites various repeated attacks.