The Times Australia
The Times World News

.

As Russia wages cyber war against Ukraine, here's how Australia (and the rest of the world) could suffer collateral damage

  • Written by Paul Haskell-Dowland, Professor of Cyber Security Practice, Edith Cowan University
As Russia wages cyber war against Ukraine, here's how Australia (and the rest of the world) could suffer collateral damage

The Australian Cyber Security Centre[1] is asking organisations and businesses to be on high alert amid Russia’s cyber attack bombardment of Ukraine[2].

The United Kingdom’s National Cyber Security Centre issued a similar warning[3], as have New Zealand[4] and the United States Department of Homeland Security[5].

The Australian Cyber Security Centre has said it is not aware of any specific direct threat to Australia, but that the country could be affected by “unintended disruption or uncontained malicious cyber activities”.

It wouldn’t be the first time a Russian cyber attack has caused serious collateral damage to nations that aren’t its intended target.

Attacks so far

Ukraine has suffered through a sustained digital assault from Russia over the past few weeks. One of the most penetrative attacks came on Wednesday, cutting off access[6] to several Ukrainian government and banking websites – followed by more on Thursday.

These were distributed denial of service attacks, in which the perpetrator knocks targeted websites offline by flooding them with bot traffic.

Meanwhile, experts at the internet security company ESET identified[7] a malicious data-wiping malware called “HermeticWiper” circulating on hundreds of computers in Ukraine, Latvia and Lithuania – which they said may have been months in the making.

According to reports[8], experts from software company Symantec found the malware had affected Ukrainian government contractors in Latvia and Lithuania and a Ukrainian bank.

Read more: Russia is using an onslaught of cyber attacks to undermine Ukraine's defence capabilities[9]

How the impact will be felt

Australia’s risk in the face of ongoing cyber attacks from Russia would almost certainly come in the form of a “spill over” effect.

For example, if a Ukrainian bank is targeted and goes offline, this would still impact Australians who use that bank to receive or send money to Ukraine. Attacks on banks are particularly alarming when you consider Ukraine’s dire need for financial aid and economic support[10] right now.

All global business conducted with, or through, the bank will be affected – and the impact could reach virtually anywhere in the world. Similarly, distributed denial of service attacks on Ukrainian news media would also have global ramifications, by limiting the exchange of crucial information.

Another concern is the potential for Russia to cut off gas supplies flowing through Ukraine to Europe, either directly or through a cyber-enabled attack (the Colonial Pipeline[11] attack being a recent example). This also introduces significant market instability, resulting in shortages and driving up prices (including for Australia[12]).

Australian companies are a part of global supply chains. Many will have interests in Russia and/or Ukraine. Thus they will also have digital, and potentially even direct network connections with them, through a virtual private network – which allows users to establish a private network over a public internet connection (and which can be used to spread malware between connected devices).

Once a “wiper” malware – the likes of that currently circulating in Ukraine – gets enough footing, it can spread across countries within minutes. If an office in Canberra with a virtual private network connection based in Ukraine becomes compromised, it can allow the malware to jump countries.

The NotPetya malware attack in 2017 is a pertinent example. This “self-propogating” malware spread globally and caused billions of dollars’ worth of damage. It, too, was attributed to a Russian source by investigators, and traced back to the update mechanism for a tax-accounting software application used widely in Ukraine[13].

Read more: Three ways the 'NotPetya' cyberattack is more complex than WannaCry[14]

Leveraging the chaos

Apart from malicious Russian state-sponsored cyber crime, the current mayhem unfolding in Ukraine provides opportunity for cyber criminals more generally, too.

It’s very difficult to attribute cyber crime. While experts can analyse code taken from malware, this is usually a slow and costly process. Cyber criminals the world over may want to take advantage of the chaos, and try to carry out attacks they may not otherwise get away with.

Among all the noise, and with so many Ukrainians (including cyber security professionals) either displaced or fleeing, the chances of being caught may be lower. Also, it is likely any major cyber affliction will be blamed on Russia – at least initially.

At the same time, we might see an increase in phishing and scam attempts as a result of the crisis. Opportunistic criminals use global narratives to add credibility to their scams. For instance, they may send phishing emails posing as a Ukrainian citizen desperate for emergency funds.

How can businesses protect themselves?

A critical step in a defensive posture for companies and organisations in Australia is to determine their exposure level. This means being acutely aware of any direct or indirect connection with Ukraine and Russia, and the online systems and supply chains these countries partake in.

Employers also have a duty of care to employees who may have loved ones or other connections in Ukraine, and may be more vulnerable to various forms of cyber attacks exploiting the current situation.

And of course, the most basic cyber security advice is once more relevant. That is, individuals, businesses and organisations must take special care to ensure all devices are up-to-date and have software patches installed.

The 2017 NotPetya attacks were, in part, successful because the malware exploited a vulnerability in Microsoft Windows – even though a patch to fix it was available at the time. But the massive number of devices that hadn’t been patched meant NotPetya could spread without constraint.

In the case of Ukraine, where pirated software is common[15], this issue is particularly prevalent. Complications with (or a lack of) proper software licensing means updates may not be accessed or installed.

References

  1. ^ Australian Cyber Security Centre (www.cyber.gov.au)
  2. ^ bombardment of Ukraine (theconversation.com)
  3. ^ warning (www.ncsc.gov.uk)
  4. ^ New Zealand (www.cisa.gov)
  5. ^ Department of Homeland Security (www.cisa.gov)
  6. ^ cutting off access (apnews.com)
  7. ^ identified (www.reuters.com)
  8. ^ to reports (www.theguardian.com)
  9. ^ Russia is using an onslaught of cyber attacks to undermine Ukraine's defence capabilities (theconversation.com)
  10. ^ financial aid and economic support (www.politico.eu)
  11. ^ Colonial Pipeline (theconversation.com)
  12. ^ Australia (theconversation.com)
  13. ^ in Ukraine (arstechnica.com)
  14. ^ Three ways the 'NotPetya' cyberattack is more complex than WannaCry (theconversation.com)
  15. ^ pirated software is common (outsourcingreview.org)

Read more https://theconversation.com/as-russia-wages-cyber-war-against-ukraine-heres-how-australia-and-the-rest-of-the-world-could-suffer-collateral-damage-177909

Times Magazine

Building a Strong Online Presence with Katoomba Web Design

Katoomba web design is more than just creating a website that looks good—it’s about building an online presence that reflects your brand, engages your audience, and drives results. For local businesses in the Blue Mountains, a well-designed website a...

September Sunset Polo

International Polo Tour To Bridge Historic Sport, Life-Changing Philanthropy, and Breath-Taking Beauty On Saturday, September 6th, history will be made as the International Polo Tour (IPT), a sports leader headquartered here in South Florida...

5 Ways Microsoft Fabric Simplifies Your Data Analytics Workflow

In today's data-driven world, businesses are constantly seeking ways to streamline their data analytics processes. The sheer volume and complexity of data can be overwhelming, often leading to bottlenecks and inefficiencies. Enter the innovative da...

7 Questions to Ask Before You Sign IT Support Companies in Sydney

Choosing an IT partner can feel like buying an insurance policy you hope you never need. The right choice keeps your team productive, your data safe, and your budget predictable. The wrong choice shows up as slow tickets, surprise bills, and risky sh...

Choosing the Right Legal Aid Lawyer in Sutherland Shire: Key Considerations

Legal aid services play an essential role in ensuring access to justice for all. For people in the Sutherland Shire who may not have the financial means to pay for private legal assistance, legal aid ensures that everyone has access to representa...

Watercolor vs. Oil vs. Digital: Which Medium Fits Your Pet's Personality?

When it comes to immortalizing your pet’s unique personality in art, choosing the right medium is essential. Each artistic medium, whether watercolor, oil, or digital, has distinct qualities that can bring out the spirit of your furry friend in dif...

The Times Features

How much money do you need to be happy? Here’s what the research says

Over the next decade, Elon Musk could become the world’s first trillionaire[1]. The Tesla board recently proposed a US$1 trillion (A$1.5 trillion) compensation plan, if Musk ca...

NSW has a new fashion sector strategy – but a sustainable industry needs a federally legislated response

The New South Wales government recently announced the launch of the NSW Fashion Sector Strategy, 2025–28[1]. The strategy, developed in partnership with the Australian Fashion ...

From Garden to Gift: Why Roses Make the Perfect Present

Think back to the last time you gave or received flowers. Chances are, roses were part of the bunch, or maybe they were the whole bunch.   Roses tend to leave an impression. Even ...

Do I have insomnia? 5 reasons why you might not

Even a single night of sleep trouble can feel distressing and lonely. You toss and turn, stare at the ceiling, and wonder how you’ll cope tomorrow. No wonder many people star...

Wedding Photography Trends You Need to Know (Before You Regret Your Album)

Your wedding album should be a timeless keepsake, not something you cringe at years later. Trends may come and go, but choosing the right wedding photography approach ensures your ...

Can you say no to your doctor using an AI scribe?

Doctors’ offices were once private. But increasingly, artificial intelligence (AI) scribes (also known as digital scribes) are listening in. These tools can record and trans...