Google AI
The Times Australia

Times Media

As Russia wages cyber war against Ukraine, here's how Australia (and the rest of the world) could suffer collateral damage

  • Written by: Paul Haskell-Dowland, Professor of Cyber Security Practice, Edith Cowan University
As Russia wages cyber war against Ukraine, here's how Australia (and the rest of the world) could suffer collateral damage

The Australian Cyber Security Centre[1] is asking organisations and businesses to be on high alert amid Russia’s cyber attack bombardment of Ukraine[2].

The United Kingdom’s National Cyber Security Centre issued a similar warning[3], as have New Zealand[4] and the United States Department of Homeland Security[5].

The Australian Cyber Security Centre has said it is not aware of any specific direct threat to Australia, but that the country could be affected by “unintended disruption or uncontained malicious cyber activities”.

It wouldn’t be the first time a Russian cyber attack has caused serious collateral damage to nations that aren’t its intended target.

Attacks so far

Ukraine has suffered through a sustained digital assault from Russia over the past few weeks. One of the most penetrative attacks came on Wednesday, cutting off access[6] to several Ukrainian government and banking websites – followed by more on Thursday.

These were distributed denial of service attacks, in which the perpetrator knocks targeted websites offline by flooding them with bot traffic.

Meanwhile, experts at the internet security company ESET identified[7] a malicious data-wiping malware called “HermeticWiper” circulating on hundreds of computers in Ukraine, Latvia and Lithuania – which they said may have been months in the making.

According to reports[8], experts from software company Symantec found the malware had affected Ukrainian government contractors in Latvia and Lithuania and a Ukrainian bank.

Read more: Russia is using an onslaught of cyber attacks to undermine Ukraine's defence capabilities[9]

How the impact will be felt

Australia’s risk in the face of ongoing cyber attacks from Russia would almost certainly come in the form of a “spill over” effect.

For example, if a Ukrainian bank is targeted and goes offline, this would still impact Australians who use that bank to receive or send money to Ukraine. Attacks on banks are particularly alarming when you consider Ukraine’s dire need for financial aid and economic support[10] right now.

All global business conducted with, or through, the bank will be affected – and the impact could reach virtually anywhere in the world. Similarly, distributed denial of service attacks on Ukrainian news media would also have global ramifications, by limiting the exchange of crucial information.

Another concern is the potential for Russia to cut off gas supplies flowing through Ukraine to Europe, either directly or through a cyber-enabled attack (the Colonial Pipeline[11] attack being a recent example). This also introduces significant market instability, resulting in shortages and driving up prices (including for Australia[12]).

Australian companies are a part of global supply chains. Many will have interests in Russia and/or Ukraine. Thus they will also have digital, and potentially even direct network connections with them, through a virtual private network – which allows users to establish a private network over a public internet connection (and which can be used to spread malware between connected devices).

Once a “wiper” malware – the likes of that currently circulating in Ukraine – gets enough footing, it can spread across countries within minutes. If an office in Canberra with a virtual private network connection based in Ukraine becomes compromised, it can allow the malware to jump countries.

The NotPetya malware attack in 2017 is a pertinent example. This “self-propogating” malware spread globally and caused billions of dollars’ worth of damage. It, too, was attributed to a Russian source by investigators, and traced back to the update mechanism for a tax-accounting software application used widely in Ukraine[13].

Read more: Three ways the 'NotPetya' cyberattack is more complex than WannaCry[14]

Leveraging the chaos

Apart from malicious Russian state-sponsored cyber crime, the current mayhem unfolding in Ukraine provides opportunity for cyber criminals more generally, too.

It’s very difficult to attribute cyber crime. While experts can analyse code taken from malware, this is usually a slow and costly process. Cyber criminals the world over may want to take advantage of the chaos, and try to carry out attacks they may not otherwise get away with.

Among all the noise, and with so many Ukrainians (including cyber security professionals) either displaced or fleeing, the chances of being caught may be lower. Also, it is likely any major cyber affliction will be blamed on Russia – at least initially.

At the same time, we might see an increase in phishing and scam attempts as a result of the crisis. Opportunistic criminals use global narratives to add credibility to their scams. For instance, they may send phishing emails posing as a Ukrainian citizen desperate for emergency funds.

How can businesses protect themselves?

A critical step in a defensive posture for companies and organisations in Australia is to determine their exposure level. This means being acutely aware of any direct or indirect connection with Ukraine and Russia, and the online systems and supply chains these countries partake in.

Employers also have a duty of care to employees who may have loved ones or other connections in Ukraine, and may be more vulnerable to various forms of cyber attacks exploiting the current situation.

And of course, the most basic cyber security advice is once more relevant. That is, individuals, businesses and organisations must take special care to ensure all devices are up-to-date and have software patches installed.

The 2017 NotPetya attacks were, in part, successful because the malware exploited a vulnerability in Microsoft Windows – even though a patch to fix it was available at the time. But the massive number of devices that hadn’t been patched meant NotPetya could spread without constraint.

In the case of Ukraine, where pirated software is common[15], this issue is particularly prevalent. Complications with (or a lack of) proper software licensing means updates may not be accessed or installed.

References

  1. ^ Australian Cyber Security Centre (www.cyber.gov.au)
  2. ^ bombardment of Ukraine (theconversation.com)
  3. ^ warning (www.ncsc.gov.uk)
  4. ^ New Zealand (www.cisa.gov)
  5. ^ Department of Homeland Security (www.cisa.gov)
  6. ^ cutting off access (apnews.com)
  7. ^ identified (www.reuters.com)
  8. ^ to reports (www.theguardian.com)
  9. ^ Russia is using an onslaught of cyber attacks to undermine Ukraine's defence capabilities (theconversation.com)
  10. ^ financial aid and economic support (www.politico.eu)
  11. ^ Colonial Pipeline (theconversation.com)
  12. ^ Australia (theconversation.com)
  13. ^ in Ukraine (arstechnica.com)
  14. ^ Three ways the 'NotPetya' cyberattack is more complex than WannaCry (theconversation.com)
  15. ^ pirated software is common (outsourcingreview.org)

Read more https://theconversation.com/as-russia-wages-cyber-war-against-ukraine-heres-how-australia-and-the-rest-of-the-world-could-suffer-collateral-damage-177909

Find out more. Get in touch with The Times.

Invalid Input
Invalid Input
Invalid Input
Invalid Input

Find Out More. Get in Touch with The Times.

Whether you have a question, a news tip, a business enquiry or would like more information, we're here to help

Please complete the enquiry form and a member of The Times team will respond as soon as possible.

Product enquiries

News Tips

Advertising & Sponsorship

Business Enquiries

Editorial Feedback

Corrections

Media Requests

Partnership Opportunities.

Email us at editor@TheTimes.com.au or use our enquiry form.

Times Magazine

The AI economy: How artificial intelligence is creating the jobs of tomorrow in Australia

Artificial intelligence has become one of the most discussed technologies of the decade, often acc...

Yoga and Tai Chi: Why Simple Movement Still Inspires Millions

In a world of high-intensity workouts, fitness technology and ever-changing exercise trends, two a...

Offshore vs Inshore Centre Console Boats: Which One Should You Buy?

Centre console boats have become one of the most popular choices among modern anglers. Their open ...

Technology

Why Australian Enterprises Are Reth…

The corporate landscape in Australia has undergone a permanent structural shift over the past few ...

Local News

QLD Day

On Saturday 6 June, parkrun events across the state will be a sea of maroon, with communities  str...

Culture

Vaccinations in Australia: Who Needs Them, Wh…

Vaccination is one of Australia's greatest public health success stories. Diseases that once claim...

Travel

Sri Lanka: An Island Adventure That Delivers …

For Australian travellers looking for a destination that combines tropical beaches, ancient histor...

The Times Features

Opinion: We've been here before — AI deserves caut…

Every generation encounters a technology that is said to change everything. Almost every time, th...

The AI economy: How artificial intelligence is creating…

Artificial intelligence has become one of the most discussed technologies of the decade, often acc...

Vaccinations in Australia: Who Needs Them, When and Why…

Vaccination is one of Australia's greatest public health success stories. Diseases that once claim...