"Aanval op Australische overheid is waarschijnlijk pas begin"

Eerder vandaag werd meegedeeld dat verschillende politieke partijen in Australië het slachtoffer zijn geworden van een digitale aanval uitgevoerd door een ander land, aldus premier Morrison van Australië. Hoewel langzaam maar zeker meer duidelijk wordt wat er precies is gebeurd, zijn er ook nog een hoop vragen. In reactie op het nieuws geeft cybersecurity-expert David Higgins, EMEA Technical Director van CyberArk, antwoord op een aantal van deze vragen.

Vanwege de snelheid hebben we de antwoorden in Engelse laten staan. Voor meer toelichting kan uiteraard contact worden opgenomen.

How likely do cybersecurity experts think this is?
Whenever something of this nature affects a political party, nation state involvement must be considered as likely, given what has been reported.While the motive is not yet clear – and motive is of course key in determining who might have accessed these systems – the fact of who has been targeted and the level of sophistication involved indicates some kind of nation state involvement or sponsorship.

Are we likely to see more of this kind of attack?
It is very likely that we will continue to see more of these attacks in 2019. Nation-state attackers will combine existing, unsophisticated, yet proven, tactics with new techniques to exfiltrate IP, as opposed to just targeting PII or other sensitive data.

An important point to keep in mind is that while these attacks will predominantly be carried out by malicious external attackers, governments and businesses should always stay alert for insider attacks. On top of this, we are likely to see attacker dwell times extend as nation-states spend more time conducting reconnaissance and carrying out these trade-driven attacks. We’ll also see the emergence of nation-state weapons commercialised on the black market. This same phenomenon happened after Stuxnet, Petya and NotPetya – where cyber criminals take pieces of code from massive nation-state attacks and incorporate them into their attacks.

Government organisations must prepare for the eventuality that persistent threat actors will continue to go after the information they desire, even after they are thwarted.

And what may be the motive for such an attack?
The motive is often gaining competitive market advantage – government policies that could be seen as likely to provoke ‘trade wars’ are very likely to trigger a new round of nation-state attacks designed to steal intellectual property and other trade secrets.

But this is just one of many potential reasons. Destabilisation, experimentation, information wars, policy influence and myriad other possibilities also exist.