The war has not diminished the threat Australia poses to ‘cybercriminal superpowers’ Russia and Ukraine, a leading cybersecurity strategist warns.
The targets of ransomware attacks – a growing threat to the digital economy – range from logistics giant Toll Group to hospitals in Victoria in recent years.
One of the criminal groups aligned with Russia in its invasion of Ukraine is Conti, Defense Minister Peter Dutton said.
Watch the latest news on Channel 7 or stream for free on 7plus >>
“The Ukrainian side of Conti is still the most active cyber actor we’ve seen in Australia, even in the past two weeks,” security expert Ryan Kalember of US firm Proofpoint said Thursday.
“We see them sending millions and millions of malicious messages.”
Many Russian and Ukrainian cybercriminals work together, he told AAP.
“There are a lot of talented cyber adversaries in both countries – maybe they are the two cyber criminal superpowers.”
Conti is the most successful ransomware-as-a-service (RaaS) operator and Australia has one of the highest rates of ransomware impacts in the world, Kalember says.
Ransomware is a form of malicious software, or malware, that can lock computer users out.
Hackers then demand money in exchange for restoring access to data and systems.
“This is likely to be the most disruptive event an organization will experience,” Mr. Kalember said.
“You have a relatively high cyber insurance rate, where policies pay off, and a lower defense spending rate.”
While businesses remain a target for ransomware, he says Australians should also watch out for Ukraine-inspired fraudulent donation emails, similar to scams launched after the floods and bushfires.
This week Defense Minister Peter Dutton identified Conti as being behind 13 successful ransomware attacks on Australia, including attacks on critical infrastructure.
Conti’s operation includes English-speaking malware coders, administrators and traders who extract payouts.
Toll suffered two ransomware attacks in 2020, one locking down systems for weeks with malware that allegedly infected 1,000 servers.
While most Australian criticism has focused on China in recent years, Russian agencies and their state-sponsored hackers have sought to attack the systems and networks of Western economies for decades.
“We are not immune to this attack,” Mr Dutton said at the opening of a new Australian Directorate of Signals facility.
“In fact, we are a target, as a western democracy, as a nation that stands up for its values, a nation that believes in the rule of international law, we are a huge target in the modern age.”
He said the expected retaliation from Russia and others in the coming years should be acknowledged and acknowledged.
Businesses also need to bolster their workforces to withstand attacks.
But China remains the biggest cyber threat and the most likely to use it as a tool of state, Kalember said.
“It’s primarily about industrial espionage, which we know is aligned with their ‘belt and road’ initiative and their longer-term economic goals.”