The next world war will be cyber – and it has already begun

The government's recent $230m commitment to build Australia's national cybersecurity defence was welcomed by industry and notable for many reasons, but observers were quick to point out that the new Cyber Security Strategy (CSS) marked the first time the government had publicly stated that it was ready to go on the offensive against hackers.

Noting that “malicious actors including serious and organised criminal syndicates and foreign adversaries” are driving an “unprecedented” climate of attacks on Australian organisations, prime minister Malcolm Turnbull wrote in his introduction to the policy document that the government “has a duty to protect our nation from cyber attack and to ensure that we can defend our interests in cyberspace”.

That those interests were under attack was no surprise: sporadic reports of breaches and security errors at various government departments have leaked out over the years despite a culture predominantly focused on handling security issues internally. However, perhaps heralding Turnbull's new spirit of government cybersecurity openness and sharing – to be facilitated through a nationwide network of collaborative cybersecurity centres – the launch of the policy was flagged as the first time the government had confirmed that foreign interests had successfully breached the Bureau of Meteorology (BoM) late last year.

That revelation came as no surprise to industry figures but, given the context, formed part of a sort of declaration of war on the cybercriminal world. “Australian organisations across the public and private sectors have been compromised by state-sponsored or non-state actors,” the document states, “losing substantial amounts of sensitive commercial and personal information or incurring major damage to their business and reputation.”

To fight this impact, the strategy says, the government will work with international law-enforcement, intelligence agencies and computer emergency response teams (CERTs) to “build cyber capacity to prevent and shut down safe havens for cyber criminals.... Australia's defensive and offensive cyber capabilities enable us to deter and respond to the threat of cyber attack.”

“The APT world is changing. It's no longer the sole possession of the NSA; it's being outsourced to individuals and small organisations. The bad guys never rest and they are always one step ahead of us – so we need to keep up the pace.”

Maya Horowitz, Check Point Software Technologies

By surrounding himself with cybersecurity advisors and building an offensive cyber capability, Turnbull is positioning Australia to stop being a perennial victim, instead taking the fight to offshore cybercriminals where national interests are threatened. It remains to be seen where the triggers for such action lie – whether action would be initiated to reduce Australia's top-ranked proclivity for ransomware, for example, or would it take evidence of a concerted attack by state-sponsored hackers in China, North Korea, or elsewhere.

This strategy reflects a more proactive tone being adopted by governments around the world. “In the past, the preparedness of a country and its military readiness were measured by how many warships and active personnel it had,” says Robert Parker, APAC head of security solutions with Verizon Enterprise Solutions.

“The level of preparedness to respond and react at a national level is a key component in the new digital economy.” Preparedness will be crucial if Australia's cyber-coalition of the willing is to make inroads against an onslaught of increasingly targeted attacks against national and business interests.

Indeed, Verizon's recently released 2016 Data Breach Investigations Report (DBIR) concluded that 89 percent of breaches in 2015 had a financial or espionage-related motive. This espionage was often linked to malicious activity by privileged insiders – an attack method that accounted for 16.3 percent of analysed breaches – who abuse their access rights to access and exfiltrate sensitive corporate or government data.

DBIR's analysis, which is based on reports of analyses by law-enforcement and other authorities from dozens of countries – found that espionage activity was most common in utility, manufacturing, transportation and professional services companies – reinforcing ideas that outside parties remain deeply interested in industries that are part of a country's national infrastructure.


Intellectual property is a common target for such espionage: fully 47 percent of all confirmed breaches in manufacturing, the DBIR found, “could be classified as cyber-espionage.... These attacks typically begin with the same tools and techniques used successfully elsewhere, before moving on to more sophisticated methods.”

“That means that basic security measures [such as prompt patching, configuration change monitoring and systems segregation] are recommended are surprisingly effective in protecting against cyber-espionage and should not be forgotten in favour of specialised protection.”

“In the past, the preparedness of a country and its military readiness were measured by how many warships and active personnel it had. The level of preparedness to respond and react at a national level is a key component in the new digital economy.”

Robert Parker, Verizon Enterprise Solutions

Security specialists are already well aware of the profile of cyberespionage within the pantheon of security threats – even from smaller groups that represent political interests much more targeted than entire countries – and the Australian policy reflects growing recognition amongst law-enforcement bodies that a far-reaching international response was the only way to fight back effectively against such criminals.

Last year, an Australian Crime Commission report highlighted the growing shift of conventional criminals to cyberespionage, money laundering, fraud, and other online activities. “Now the attacks are everywhere and it's not only on governments and financial institutes,” says Maya Horowitz, intelligence operations group manager with Check Point Software Technologies.

Horowitz, who manages the security giant's 150-strong global threat-research team from its base in Israel, has watched threats become more sophisticated and easier to launch over time. The reality, she says, is that nation-state attacks aren't just for nation states anymore: with targeted spear-phishing and whaling delivering big bucks for criminals and requiring very little by way of technical expertise or resources; with complex and rapidly-mutating exploits readily available online; and with massive global botnets-for-hire providing nearly unlimited capacity to launch attacks; the massive volume of resources that typically characterised the nation-state attack is available to almost anybody with criminal intent.

“In many of these campaigns are not your full-of-resources nations, like Chinese, Russia, the NSA or MI6,” she says, citing the recent discovery of a Lebanese hacker group linked to Hezbollah that was able to run an advanced persistent threat (APT) campaign against several Middle Eastern telecommunications companies for years before being caught.

Fully 47 percent of all confirmed breaches in manufacturing “could be classified as cyber-espionage.... These attacks typically begin with the same tools and techniques used successfully elsewhere, before moving on to more sophisticated methods.”

Verizon Data Breach Investigations Report 2016

“They don't have too many financial or technical resources, and still they were able to maintain a campaign that lasted 2.5 years,” Horowitz says. Another, Iranian group used massive, targeted attacks focused on thousands of politically-related targets across Saudi Arabia, the US, the Netherlands and other countries. Such attacks are happening every day, often without discovery by the target organisation until the damage has been done.

Indeed, Verizon's 2016 DBIR found that in 93 percent of cases, attackers took minutes or less to compromise their target systems – but weeks or more to be discovered.

“The APT world is changing,” Horowitz says. “It's no longer the sole possession of the NSA; it's being outsourced to individuals and small organisations. The bad guys never rest and they are always one step ahead of us – so we need to keep up the pace.”

Join the CSO newsletter!

Error: Please check your email address.

Tags CERTscyber warcyber spaceverizonDBIRcyber warfarensacssCheck Point Software TechnologiesMalcolm TurnbullBoM hackCSO Buyers Guideapac

More about APACAPTAustralian Crime CommissionBureau of MeteorologyCheck PointCheck Point Software TechnologiesNSAPoint Software TechnologiesSoftware TechnologiesVerizon

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place