Prime Minister Scott Morrison has announced that Australian organisations are currently being targeted by a sophisticated foreign cyber attack on a mass scale.
The news follows revelations that Lion has been hit by its second cyber attack in two weeks.
Lion’s IT teams and expert cyber advisors have worked around the clock for more than a week on the issue, which is still creating problems for breweries aside from XXXX and Little Creatures’ Fremantle and Geelong operations.
The Sydney Morning Herald and The Age have reported on the second cyber attack, which has further disrupted Lion’s IT systems, while ITWire says REvil Windows ransomware is responsible for the issues.
Morrison said: “This activity is targeting Australians organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure.
“We are raising this matter today, to raise awareness of this important issue to encourage organisations, particularly those in the health, critical infrastructure and essential services to take expert advice and implement technical defences to thwart this malicious cyber activity.”
Morrison wouldn’t say which country is believed to be responsible for the hack against Australia.
“What I can confirm, with confidence, based on the advice, the technical advice that we have received, is that this is the actions of a state-based actor with significant capabilities,” he told reporters.
“There aren’t too many state-based actors who have those capabilities.”
The Australian Strategic Policy Institute’s cyber security analyst Tom Uren said there was no question that China was the perpetrator of the attacks the Prime Minister described today.
“Of course it is China. There are a few countries that have the capability: Russia, China, US, UK, and perhaps Iran and North Korea, although they may not have the scale,’’ he tweeted.
The Australian Cyber Security Centre has published guidelines for what businesses should do in light of the cyber attacks.
They’ve warned remote access from working from home is vulnerable, and multi-factor authentication should be used.
“It is imperative that Australian organisations are alert to this threat and take steps to enhance the resilience of their networks.”
Defence Minister Linda Reynolds said there was some simple advice for companies to follow to protect against cyber attacks.
“Firstly, patch your Internet facing devices promptly, ensuring that any web or email servers are fully updated with the latest software. Secondly, ensure you always use multifactor authentication to secure your Internet access, infrastructure and also your CLOUD-based platforms,’’ she said.
“Thirdly, it’s important to become an ACSC partner to ensure you get the latest cyber threat advice to protect your organisation online.”