A virtual government-to-government event attended by Australia’s home affairs secretary has underscored the escalating threat ransomware poses to the global community.
Mike Pezzullo represented Australia at the virtual conference hosted by the White House National Security Council at the weekend.
The Australian government joined with 31 other countries in signing an agreement to consider a range of urgent actions — including diplomacy, resilience, countering illicit finance, disruption and other law enforcement efforts — that would protect states from the threat of ransomware.
The joint statement also acknowledged ransomware as ‘one of the most significant cyber threats’ with ‘serious economic and security consequences’.
“From malign operations against local health providers that endanger patient care, to those directed at businesses that limit their ability to provide fuel, groceries, or other goods to the public, ransomware poses a significant risk to critical infrastructure, essential services, public safety, consumer protection and privacy, and economic prosperity,” the statement read.
“A nation’s ability to effectively prevent, detect, mitigate and respond to threats from ransomware will depend, in part, on the capacity, cooperation, and resilience of global partners, the private sector, civil society, and the general public.”
Only one prong to the complex challenge of the threat is ensuring sovereign capability to be resilient to ransomware attacks, the statement noted, also underscoring the need for ‘collective resilience’ and joint efforts to investigate and prosecute criminals.
Pezzulo chaired a plenary session on the disruption of ransomware with peers from Brazil, Israel, Mexico, the Netherlands and Poland. During the session, the panel considered the transnational nature of the problem, how to bolster international joint operations; domestic action to prevent ransomware attacks ensure criminals are accountable; economic considerations and opportunities for cooperation.
Today I've launched Australia's first Ransomware Action Plan – detailing new criminal offences, tougher penalties and a mandatory reporting regime. The Plan will better protect Australians, their businesses, and our critical infrastructure. Read more: https://t.co/YcYciw3hBQ pic.twitter.com/H15z1xDp6z
— Karen Andrews MP (@karenandrewsmp) October 12, 2021
Last week the federal government also released a ransomware action plan which mapped what measures Australia would take to ‘combat and disrupt’ ransomware, cybercrimes and the dark web. According to the government, the plan sets out Australia’s commitment to work alongside international allies to ensure cyber criminals are ‘held to account and prosecuted to the full extent of the law’. The issue of cyber security is a matter of securing the global economy, the plan said.
“Australia will need to rapidly increase our focus to disrupt and counter the proliferation of ransomware attacks,” a statement from the home affairs department read.
“These actions will combat the threat, noting the rate of ransomware attacks is not slowing down.
“It requires minimal technical expertise, is low cost and can have a significant impact on the lives and livelihoods of Australians especially where it may impact our critical infrastructure.”
This month the government also announced that a new ‘cyber guard for government data’ would be operating from the Australian Cyber Security Centre (ACSC).
Assistant minister for defence Andrew Hastie issued a statement on Thursday, saying that extra steps were being taken by the ACSC to ‘block connections to malicious websites that contain threats, including ransomware, malware and other cyber dangers’.
“Government networks provide the essential services that Australians rely upon, such as healthcare and education.
“A single malicious connection could result in a government network being vulnerable to attack or compromise, so it’s vital we do everything we can to prevent cybercriminals from gaining a foothold,” Hastie said.
According to the ACSC’s latest cyber threat report, 35% of the nation’s recorded cyber attacks last financial year were made against commonwealth, state, territory and local governments.
The assistant minister said that the free opt-in service provided by the Australian Protective Domain Name Service (AUPDNS) to all government entities delivering essential services had already analysed over 10 billion queries and blocked over 1 million connections to malicious domains.
AUPDNS works by automatically reviewing incoming and outgoing network traffic against a list of high‑risk websites and email server, which helps stop access to harmful websites by accident, and tackles malware that might be hidden on a government network to stop theft of sensitive data or deployment of destructive ransomware.
This technology, delivered by the ACSC in partnership with Nominet Cyber, formed part of the defensive suite that helped to protect this year’s digital Census, the assistant minister added.
“Throughout the Census, AUPDNS processed around 200 million queries a day and blocked more than 10,000 connections to known malicious domains, any one of which could have resulted in a phishing or ransomware attack,” Hastie said.
“Currently AUPDNS is protecting over 200,000 users, and this number is growing.”
The AUPDNS is one of several initiatives delivered under the government’s 2020 Cyber Security Strategy which aims to ‘protect every Australian’ from national cyber threats.