With the digital revolution, we have seen impressive growth of global connectivity initiatives, the opening of new markets and the creation of a global community driving innovation that is fundamentally changing the business landscape.
Unfortunately, with the good has come the bad and it’s estimated that cybercrime costs the Australian economy over $4.5 billion annually. Beyond criminals and hacktivist groups, cybercrime has become an increasingly instrumental tool in geopolitics and conflicts.
Nation states are leveraging their cyber capabilities to gain a disproportionate advantage to defend or advance their national interests and the lines between the state, criminal and hacktivist have blurred. States can hire criminals as contractors, or support hacktivist groups to carry out operations to maintain deniability.
Malware and exploits are now “open source” and freely available, with malicious threat actors working together on development, trading best practices, buying and selling tools to hack into businesses and extract anything that can be monetized or used to their advantage on the global market.
In its annual report, the Australian Security Intelligence Organisation (ASIO) revealed that due to the scale of malicious activity, it’s been unable to investigate all the espionage and foreign interference against Australia. These adversaries are trying to access information about Australia’s alliances and partnerships, as well as positions on diplomatic, economic and military issues. Australian’s diplomatic ties and US alliance may make it more vulnerable as it is perceived as a softer target for nation state adversaries.
But who are these adversaries? While China was in the headlines recently after a suspected Chinese hacker stole significant data from a defence contractor, this year Iran has emerged as one of the most advanced cyber actors on a global scale and with its recent activity targeting the US, Australia should have them on its radar.
Iran, the Charming Kitten with Claws
For years, Iran has been honing its hacking capabilities and investing heavily in building out advanced exploit capabilities. It has staged campaigns targeting regional neighbours, and demonstrated keen interest to disrupt critical infrastructure.
In 2012, disk-wiping malware ‘Shamoon’ hit Saudi Arabia's oil conglomerate, Saudi Aramco, destroying data on tens of thousands of computers. Then in 2016, ‘Shamoon’ resurfaced, inflecting thousands of computers in Saudi Arabia's civil aviation agency and other Gulf State organisations.
Initially Iran had the US in its sight, launching attacks from 2011 to early 2013 that inundated the financial sector with distribution denial-of-service (DDoS) attacks, taking websites and bank accounts offline. The same group infiltrated a New York dam’s control systems and seven Iranian hackers were charged for conducting coordinated cyber-attacks.
Then in 2013 when the US began discussions to lift economic sanctions in exchange for limits on the nuclear program, Iranian hacking activity in the US dramatically dropped.
But this year’s threat landscape has been characterised by the growth of cyber activity from Iran. It has integrated cyber operations into military strategy and developed a mature way of thinking about establishing offensive cyber capabilities.
As the US-Iran relationship grows more complex with the US potentially withdrawing from the nuclear agreement, it’s foreseeable that Iran will use cyberattacks to strike back if the agreement is discarded.
Cyberwarfare and Australia
As nations seek to advance political interest through cyber means, Australia must find innovative ways of identifying and preventing such activity to better protect itself from complex cyberattacks.
Long gone is the belief that Australia’s geographic location protects it from national security threats. The internet exposes it to the world’s cyber threats, and Australia’s political allies puts it in the firing line for geopolitical threats.
Iran’s cyber response to the US was swift and intentional. It immediately started targeted cyber intrusions, sending a clear message about what could potentially happen if the agreement is discarded. Nations need to recognise the very real threat of geopolitical warfare and just how quickly nation states can respond.
The Australian government is making good progress in its national defence strategy, recently unveiling an International Cyber Engagement Strategy that highlighted the increasing seriousness of cyber threats from a foreign policy perspective and identifying that most cybercrime affecting Australians originates from overseas.
Beyond regulation, the private sector can also play an important part in national security by enhancing their defences and changing their approach to cyber security. Organisations should embrace modern security solutions that leverage artificial intelligence for detection and response to protect intellectual property.
Often people believe that cybercrime only affects certain sectors but the reality is that the potential impact on essential services, private information and organisations is huge. There are no boundaries, there are no limits, and there is no denying that geopolitical conflicts will continue to be played out in cyberwarfare.