Skills shortages and technology lags have left Australian enterprises and agencies vulnerable to cyber-attacks from state-sponsored and international criminal gangs using increasingly sophisticated techniques to break down defences, a leading cyber security expert has warned.
Jake King, Director of Security Intelligence at Elastic, warned that cyber-attacks by criminal entities, in most cases motivated by financial gain, were increasing in frequency and becoming borderless as new technologies reduced barriers for commerce across the globe.
Our lack of immunity to threats
Australia’s geographic (physical) isolation is no longer a defence, particularly with local enterprises struggling to find enough cyber-skilled defenders onshore. Another challenge for Australian enterprises, particularly SMEs, is that many of the technological advantages in cyber security currently on the market and being deployed against cyber attackers in the United States, have yet to be made available in Australia.
“Threats are global, and many of the threat actors that we’ve been seeing across the United States, across North America, are the same groups targeting Australian companies,’’ Mr King said.
“There is no more hiding in the shadows for Australia,’’ he said. “We are on the same internet that the rest of the world is on, and it’s critical that we understand the risks are the same for us as they are for any other part of the world,’’ he said.
The data privacy of hundreds of thousands of Australians has been jeopardised by high-profile cyber-attacks on major Australian enterprises, including telcos, health insurers, finance companies, law firms and corporate services partnerships in the past 12 months.
While some threat groups sought to steal intellectual property, Mr King said there had been an escalation in financially motivated attacks using ransomware and malware campaigns tied to an extortion threat around releasing or sharing information.
Government agencies were as much in the crosshairs of attacks as private sector enterprises.
“They may see themselves as a little less attractive to (cyber-threat actors) but it is absolutely not the case,’’ Mr King said.
In a time of tight budgetary conditions, Mr King said it was important that public sector enterprises continued to invest in cyber defences and considered cyber security to be one of the critical components of running a government successfully.
“The more you invest now, the more we can pave the road to a secure future. So much of security is investment – investment in training, in education, in technology to protect against data breaches,’’ he said.
Mr King said the Australian public sectors’ level of maturity in relation to cyber threats had impressed him.
“Australia’s investment in cyber programs like our public initiatives around informing folks around critical controls, and the education that is provided to the community is honestly some of the best in the world. But it is something we are going to need to continually invest in to stay on top,’’ he said.
Mr King said open security – the free and comprehensive sharing of intelligence on the latest manoeuvres by cyber threat groups – was a powerful weapon in limiting their effectiveness.
While Elastic, best known for ‘Elasticsearch’, its flagship search and analytics engine, offers a full suite of cyber defence services to customers, the company is committed to sharing its intelligence freely and openly to increase the capability of enterprises to combat cyber-attacks.
Mr King said Elastic’s Global Threat Report provides insights into global threat phenomena and trends, and includes recommendations to organisations prepare for the future of cybersecurity attacks. Elastic also shares defence strategies in real-time in open forums as a way of “democratising access to knowledge that is typically guarded behind closed doors’’.
“Open security is about raising all boats,’’ Mr King said. “We want to make it really difficult for the adversarial groups to do what they want to do every day, and we do that through sharing knowledge.’
Artificial Intelligence to the rescue
Mr King said Artificial Intelligence promised to be a “force multiplier’’ in the fight against hackers.
“When I think of a way a human can use those tools to better understand a threat or tactic or write a query for a threat in their environment, Generative AI is going to allow us to stand on the shoulders of giants,’’ Mr King said.
“We’ll be able to use those tools to enable us to do tenfold more,’’ he said. “Specifically, within cyber, where so many of the concepts are new, so many of the tactics that the adversaries are using are new to the researchers who are observing them, being able to ask questions of a generative tool will be a game changer,’’ he said.
Mr King said security intelligence would be critical for any business or enterprise, whether it be open-source, free intelligence from vendors like Elastic, or from government agencies.
But security intelligence alone would not solve the problem.
“It is part of an overall strategy you have to build,’’ Mr King said. “Your representatives have to be thinking about security and living and breathing that part of the business.
“Once you get to a certain scale, criminals are going to want to break into your cyber systems and digital environment, just as they would with a retail shop or office location.
“So, it is critical to look at a holistic approach to protecting your organisation, staff and customers.’’
Global Threat Report
Elastic’s Global Threat Report warns that cyber defenders need to take a more proactive approach as threat groups act with increasing speed and sophistication.
The Global Threat Report also warns that cyber attackers are seeking to exploit the increasing integration of internal systems with cloud-based services in major corporations by using malicious malware, targeting emails, FTP files and clients’ web browsers to gain access to their systems.
Cloud services had “a large attack surface’’. Malicious spam campaigns where users are encouraged to download, and executive infected email attachments had become popular during the Covid-19 pandemic.
The Global Threat Report also forecasts that increasingly popular technologies like smart contracts and blockchain technology will be targets for weaponization to steal sensitive information, as its record keeping and trading becomes integrated with the way more organisations do business.
Mr King said threat groups had evolved dramatically over the past decade from stealing information and then trying to sell it, to using sophisticated ransomware to extort money from victims.
“Now we are actually seeing double ransom,’’ Mr King said. “They are asking for a ransom to unlock your computers after stealing information. Now they are extorting groups again that have been compromised, by threatening to release the information if they don’t pay again.’’
Hackers target Australia’s vulnerabilities
Mr King said Australia was a “target-rich environment’’ for international threat actors.
“We’re modern from an infrastructure standpoint. We have thousands and thousands of records when it comes to medical information. We have financial and business links that run internationally,’’ Mr King said.
“And so much of the focus from a defender standpoint isn’t being talked about here,’’ he said.
Some technologies for defenders that were in use in the United States had not been implemented in Australia, Mr King said.
Many Australian companies were also having difficulty finding cyber defenders.
“I have felt a skills gap in some of the conversations I’ve had recently. It’s hard to find defenders to defend our networks and adversaries are aware of that too.
“They (attackers) know they can spend less time attacking infrastructure in Australia than they may do in a counterpart like the United States that may have access to a higher level of response skills or technology to act on their objectives. They are looking for the easiest path to financial gain,’’ Mr King said.
Mr King said across both the private and public sector, security improvements were a cumulative investment in the future.
“It may start with technology choices; it may extend into better behaviours across different groups. It may extend into training and an awareness that risks are pertinent. But what investment also does is increase our ability to observe threats and invest further in different areas.
“There is a sweet spot you hit with investment…investing now makes it a much harder undertaking in the future for threat actors to infiltrate systems. So much of this is a global race.’’
In the Asia Pacific region, threat actors were infiltrating networks despite strong defences.
“Adversarial groups are spending a lot of time being very stealthy on the network and less time being stealthy on the endpoint. This is a distinction we have observed in the Asia Pacific region broadly, and it is definitely reflected in Australia.”
Stealth on the network means that attackers can remain undetected for longer by getting around the technology many companies are using.
“Effectively, when you find out they are in the network, it is already too late,’’ he said. “When you see ransomware notices or notifications of a breach, it is a big problem.’’
