A hacker gained access to a national security contractor’s system for an “extended period of time” and stole a “significant” amount of data last year, the government will reveal today.
The Australian Cyber Security Centre (ACSC) first became aware of the breach in November.
“Analysis showed that the malicious actor gained access to the victim’s network by exploiting an internet or public-facing server, which they accessed using administrative credentials,” Assistant Minister for Cyber Security Dan Tehan is due to tell the National Press Club later today.
“Once in the door, the adversary was able to establish access to other private servers on the network,” a draft of Tehan’s speech says.
The adversary remained active on the network while ACSC analysts investigated. Although the victim of the hack will not be revealed, Tehan will confirm it is a “small Australian company with contracting links to national security projects”.
The ACSC have since been able to “remove the malicious actor”, Tehan will add.
Tehan told the ABC that the government was “not 100 per cent sure” of the identity of the perpetrator.
"It could have been a state actor, it could have been cyber criminals, and that's why it was taken so seriously," he is quoted as saying.
The revelation comes just a week after Foreign Minister Julie Bishop launched Australia's first International Cyber Engagement Strategy.
The document says the country has the capability to attribute malicious cyber activity to "several levels of granularity" down to specific states and individuals.
If hit by malicious cyber activity, the strategy explains that Australia could respond with “law enforcement or diplomatic, economic or military measures”, which could include “offensive cyber capabilities that disrupt, deny or degrade the computers or computer networks of adversaries”.
Under-reported crime
The Government is today launching the ACSC’s Threat Report for 2017.
Over the last 12 months the centre has identified 47,000 cyber incidents, a 15 per cent increase on last year. More than half of these incidents were online scams or fraud, which increased in number by 22 per cent.
There were 7,283 cyber security incidents affecting major Australian businesses. The ACSC also responded to 734 cyber incidents affecting private sector systems of national interest and critical infrastructure providers.
Phishing attacks continue to rise in number, the report states. Incidents reported to the ACSC indicate losses of over $20 million due to business email compromise. This was up from $8.6 million in 2015-16, an increase of more than 130 per cent.
The ACSC’s measure of cyber security incidents in Australia suffers from severe under-reporting.
“Of the reported incidents that impacted business, fewer than 60 per cent came forward to report what had happened. For the other 40 per cent, the incidents were identified by the ACSC. And these are only the incidents that we know about,” Tehan will say today.
“If you are a victim of cybercrime, you have done nothing illegal. Hiding cybercrime only allows cybercriminals to continue to break the law. When your house or car is broken into, you report it to the police. We must have the same mindset when it comes to cybercrime,” he will add.
