Cloud Hosting

Both federal Parliament and Channel Nine faced major IT disruptions on Sunday, something one expert said could be a coincidence, but could also be linked to previous malicious attacks likethoseon Microsoft Exchange servers.

The system disruptions left parliamentary staff without mobile access to their emails over the weekend, while the "cyber attack" on Channel Nine prevented the broadcaster from airing several programs, including Weekend Today.

The Australian Cyber Security Centre (ACSC) is investigating both incidents.

Edith Cowan University Security Research Institute director Craig Vallisaid attacks or disruptions could happen when systems were not "patched" or protected against specific malicious codes.

He said when systems were not protected against a "known" attack code, they could be compromised.

Supplied (ECU)

If it was an unknown attack and an unknown exploit tool, it was considered more sophisticated, because it would have taken more advanced planning.

"If it's unknown, it tends to be either [a] new code that spins off the back of something like this Microsoft Exchange [attack], or sophisticated actors who are being paid go after the information itself," he said.

Professor Valli said there could be motivation for a sophisticated attack on Channel Nine, "giventhat Channel Nine may be working on stories where they're holding confidential information, as journalists do, that may be of interest to criminal gangs to find leaks".

ABC News

Professor Valli said if the attack on either federal Parliament or Channel Nine was "known" and it was similar to the recent Microsoft Exchange attacks, they could have been prevented by patches, something he likened to vaccines.

"The longer you leave it unpatched, the probability that someone's going to attack you will increase," he said.

Rachael Falk, chief executive of Cyber Security Cooperative Research Centre, said she could not yet say if the attack was because the target systems were vulnerable or if the attack was simply too sophisticated.

"It's a timely reminder for everyone, from the chair and the board and the CEO [of Channel Nine] down, that you cannot be complacent about cyber attacks," she said.

"If it can happen to Channel Nine, it can happen anywhere, because we all run on connected systems."

In early March, the ACSC published a series of alerts warning organisations using Microsoft Exchange to urgently patch their software after it was compromised by hackers.

Reuters: Dado Ruvic

That was because malicious codes evolved in a similar way to variants of human diseases like COVID-19 do, Professor Valli said.

"If you launch a piece of malicious codeand it's network-aware, which most of them are, it will spread through the internet basically at the speed of light," he said.

"As soon as someone finds a new technique to exploit a system, then others will copy it, because it's efficient, because they don't have to invent their own."

Channel Nine described the attack as the largest on a media company in Australia's history.

Professor Valli was not convinced that was necessarily the case, but he said it might have had the largest consequencesbecause it impactedprograms over several hours.

In a subsequent email to staff yesterday, Channel Nine CEO Mike Sneesby said the attackwas "significant in scale with high potential to disrupt our business", while the network's chief information and technology officer Damian Cronin called it "sophisticated and complex".

Supplied: Nine Network

He said technology teams had "isolated the attacker and thespecific destructive activity that was initiated", but several services were still not available.

"This will have a significant impact on business-as-usual processes across the organisation it will take time before all our systems are back up and running," he said.

Federal government sources told the ABC the attack on their email access was not sophisticatedbut that does not mean it was not potentially serious.

One person with knowledge of the investigation said a hacker "tried so clumsily to compromise the [Department of Parliamentary Services]system in particular, that the system itself noticed and shut down, exactly like [it was] designed to do".

Referring to the federal Parliament disruption, Professor Valli said there was "every possibility" it was state-sponsored but it could also have been because the system was not patched.

Professor Valli said if it was not state-sponsored, it was more of a concern because it shows how vulnerable their systems are.

Ms Falk said it was too early to tell who was responsible for the attack.

She said it could have been a state-based attackbut she said in many casesthese types of attacks were "opportunistic".

Professor Valli said it was too early to tell if anything had been accessed, but the ASCS wasinvestigating.

Originally posted here:
How did the cyber attack on Nine and Parliament House happen? - ABC News