The federal government has voiced its concerns over international cyber criminals who have been attempting to exploit the coronavirus pandemic for their own gain.
The Department of Foreign Affairs and Trade and the Australian Cyber Security Centre on Wednesday said they’re concerned about reports of malicious cyber actors seeking to hinder the operation of hospitals, medical services, and crisis response organisations outside of Australia.
The warning coincided with a new technical advisory detailing the most common tactics, techniques and procedures used by malicious cyber actors to target Australian networks.
Australia’s ambassador for cyber affairs, Dr Tobias Feakin, said nations worldwide have been in talks over the cyber threat.
“Countries have agreed at the United Nations that existing international law applies in cyberspace,” he said.
“Countries have also agreed that it is contrary to norms of responsible state behaviour to use cyber tools to intentionally damage or impair critical infrastructure providing services to the public. Countries have also agreed to cooperate to address cybercrime and not to knowingly allow their territory to be used for internationally wrongful acts.”
He said Australia has called on all nations to “immediately” cease initiating or allowing any harmful cyber activity.
“We also urge all countries to exercise increased vigilance and take all reasonable measures to ensure malicious cyber activity is not emanating from their territory,” he added.
The ACSC’s new technical advisory has looked at the most common ways criminal and state-based malicious cyber actors have compromised domestic networks over the last 18 months. ACSC head Abigail Bradshaw said the advisory would help organisations identify and mitigate cyber attacks.
“The ACSC is on the front line of our defence against malicious cyber activity, and this advisory is informed by a range of incidents we have observed and responded to,” she said.
“The tradecraft used by malicious adversaries ranges from the simple to the very sophisticated.”
She urged organisations to review their networks in line with the advisory, and to contact [email protected] if they detect a compromise.
The ACSC also recommended entities implement the Australian Signals Directorate’s Essential Eight mitigation strategies.
Earlier this month the agency published advice on Advanced Persistent Threat actors, which have been targeting the Australian health sector and COVID-19 essential services. The ACSC said such actors may be seeking information and intellectual property relating to vaccine development, treatments, research, and responses to the virus outbreak.
It provided recommendations for the health sector to implement as part of their mitigation strategies.