- The Strategist - https://www.aspistrategist.org.au -
Australia must do more to prepare for a SolarWinds-style supply-chain attack
Posted By Tom Uren on December 22, 2020 @ 06:00
Article printed from The Strategist: https://www.aspistrategist.org.au
URL to article: https://www.aspistrategist.org.au/australia-must-do-more-to-prepare-for-a-solarwinds-style-supply-chain-attack/
[1] 2020 cyber security strategy: https://www.homeaffairs.gov.au/about-us/our-portfolios/cyber-security/strategy
[2] announced: https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html
[3] alleged Russian: https://www.washingtonpost.com/national-security/russian-government-spies-are-behind-a-broad-hacking-campaign-that-has-breached-us-agencies-and-a-top-cyber-firm/2020/12/13/d5a53b88-3d7d-11eb-9453-fc36ba051781_story.html
[4] 18,000 of them: https://krebsonsecurity.com/2020/12/solarwinds-hack-could-affect-18k-customers/
[5] reported: https://www.washingtonpost.com/national-security/dhs-is-third-federal-agency-hacked-in-major-russian-cyberespionage-campaign/2020/12/14/41f8fc98-3e3c-11eb-8bc0-ae155bee4aff_story.html
[6] Operation Cloud Hopper: https://www.reuters.com/investigates/special-report/china-cyber-cloudhopper/
[7] more than a dozen: https://www.wsj.com/articles/ghosts-in-the-clouds-inside-chinas-major-corporate-hack-11577729061
[8] other allies: https://www.washingtonpost.com/world/national-security/us-and-more-than-a-dozen-allies-to-condemn-china-for-economic-espionage/2018/12/20/cdfd0338-0455-11e9-b5df-5d3874f1ac36_story.html
[9] indictments: https://www.justice.gov/opa/pr/two-chinese-hackers-associated-ministry-state-security-charged-global-computer-intrusion
[10] EU imposed sanctions: https://www.consilium.europa.eu/en/press/press-releases/2020/07/30/eu-imposes-the-first-ever-sanctions-against-cyber-attacks/
[11] vision document: https://www.cybercom.mil/Portals/56/Documents/USCYBERCOM%20Vision%20April%202018.pdf?ver=2018-06-14-152556-010
[12] ‘persistent engagement’ and ‘defending forward’: https://www.lawfareblog.com/persistent-engagement-foundation-evolution-and-evaluation-strategy
[13] booted a Russian troll factory off the internet: https://www.washingtonpost.com/world/national-security/us-cyber-command-operation-disrupted-internet-access-of-russian-troll-factory-on-day-of-2018-midterms/2019/02/26/1827fc9e-36d6-11e9-af5b-b51b7ff322e9_story.html
[14] worked with: https://www.nytimes.com/2020/11/02/us/politics/cyber-command-hackers-russia.html
[15] offensive cyber operations: https://www.aspi.org.au/report/defining-offensive-cyber-capabilities
[16] Australia: https://www.minister.defence.gov.au/minister/lreynolds/media-releases/offensive-against-covid-19-cyber-criminals
[17] the UK: https://www.cyberscoop.com/gchq-cyber-operation-russia-covid-19-disinformation/
[18] Trickbot botnet: https://www.lawfareblog.com/persistently-engaging-trickbot-uscybercom-takes-notorious-botnet
[19] undermine the cyber insurance market: https://risky.biz/newsletter36/
[20] particularly stealthy: https://www.fireeye.com/blog/products-and-services/2020/12/global-intrusion-campaign-leverages-software-supply-chain-compromise.html
[21] critical infrastructure: https://www.homeaffairs.gov.au/reports-and-publications/submissions-and-discussion-papers/protecting-critical-infrastructure-systems
[22] indicated: https://www.apra.gov.au/news-and-publications/executive-board-member-geoff-summerhayes-speech-to-financial-services
[23] are identified: https://www.kwm.com/en/au/knowledge/insights/asic-commences-proceedings-alleging-failure-to-have-adequate-cyber-systems-20200826