- The Strategist - https://www.aspistrategist.org.au -

Cyber wrap

Posted By on February 24, 2016 @ 14:22

Tim Cook [1]

Western Australia’s parliament was hacked last Tuesday with a computer virus forcing the shutdown of its telecommunications systems. According [2] to Speaker Michael Sutherland, the attack impeded a number of house operations including, ‘Hansard publications, the preparation and processing of questions on notice and answers to questions on notice’. Fortunately, the breach didn’t prevent Parliament sitting as usual.

The incident comes following a 2015 audit [3] of sections of the WA government’s digital infrastructure. The assessment found [4] that some agencies didn’t adequately protect information to prevent unauthorised access and data loss. Specifically, it noted the lack of basic controls over passwords, patching, setting of user privileges, copies of sensitive information across systems and poorly configured databases. Cyber security within state governments in Australia often lags behind best practice [5], but news last week that Queensland is establishing its own cybersecurity unit [6] can be taken as a welcome sign that this trend may soon reversed.

Last week’s ruling that Apple must assist the FBI to unlock an iPhone [7] linked to San Bernardino gunmen Syed Farook has reignited the smouldering discussion on encryption and the difficult balance between privacy and public safety. More public figures have recently come out on one side of the debate or the other. NSA chief Admiral Mike Rogers surprisingly came out on the side of encryption [8], saying that it’s ‘foundational to the future’, while Microsoft founder Bill Gates [9] has chastised Apple CEO Tim Cook for opposing the court order. Surveys of public opinion [10] in the US have found that there’s a roughly 50/50 split between support for the FBI or Apple. This is significant as Apple will reportedly seek to propel the case out of the courts this week [11] and into the hands of Congress to decide.

Also in the US, the Hollywood Presbyterian Medical Centre in LA has paid 40 bitcoins (equivalent to US$17,000 [12] in ransom to retrieve access to its patient files after a malware attack. The attack prevented access to the computer systems and restricted the ability to share communications electronically, successfully forcing the hospital to return to manual paper and pen patient submissions. Ransomware [13] locks computer systems through file encryption which then demands a ransom payment in exchange for the decryption key.

Japanese companies have been targeted by a highly skilled and well financed state actor according to cyber security firm Cylance [14]. The campaign, named Operation Dust Storm [15], previously targeted major industry in Japan, South Korea the US, Europe and South East Asia, but has now narrowed its target set to Japanese organisations. The intent of the hackers appears to be long term presence on networks to exfiltrate data, particularly from electricity, oil, gas and transpiration companies. Japan is a frequent target for hackers [16], however security consultants to Japanese firms and the government continue to highlight weaknesses in corporate culture that views breaches as a loss of face, preventing disclosure and cooperation on common threats.



Article printed from The Strategist: https://www.aspistrategist.org.au

URL to article: https://www.aspistrategist.org.au/cyber-wrap-108/

URLs in this post:

[1] Image: http://www.aspistrategist.org.au/wp-content/uploads/2016/02/18075628855_a330fd048a_z.jpg

[2] According: http://www.abc.net.au/news/2016-02-17/cyber-security-breachwa-parliament-knocks-out-communications/7176570

[3] audit: https://audit.wa.gov.au/reports-and-publications/reports/information-systems-audit-report-application-reviews/

[4] found: https://audit.wa.gov.au/wp-content/uploads/2015/11/insert2015_23-IS.pdf

[5] often lags behind best practice: http://www.itnews.com.au/resource/the-state-of-security-409136

[6] establishing its own cybersecurity unit: http://www.computerworld.com.au/article/594102/queensland-establish-cyber-security-unit/

[7] ruling that Apple must assist the FBI to unlock an iPhone: http://www.smh.com.au/world/apple-refuses-to-help-fbi-unlock-san-bernadino-shooters-iphone-20160217-gmwwpv.html

[8] surprisingly came out on the side of encryption: http://www.digitaltrends.com/computing/nsa-director-actually-says-encryption-backdoors-are-a-bad-idea/

[9] Bill Gates: http://www.wired.co.uk/news/archive/2016-02/23/bill-gates-support-fbi-apple

[10] Surveys of public opinion: http://www.cnbc.com/2016/02/23/public-still-divided-on-apples-encryption-stance.html

[11] Apple will reportedly seek to propel the case out of the courts this week: http://www.sfgate.com/business/article/Apple-says-Congress-must-decide-encryption-case-6850183.php

[12] has paid 40 bitcoins (equivalent to US$17,000: http://www.bbc.com/news/technology-35602527

[13] Ransomware: https://ist.mit.edu/security/malware

[14] cyber security firm Cylance: http://www.zdnet.com/article/japans-critical-infrastructure-under-escalating-cyber-attack-says-report/

[15] Operation Dust Storm: https://www.cylance.com/operation-dust-storm

[16] Japan is a frequent target for hackers: http://www.adelaidenow.com.au/business/breaking-news/japan-its-own-enemy-in-cybersecurity/news-story/a89c83e835f24025d9e7579505e872d8

Copyright © 2016 The Strategist. All rights reserved.