Australia’s cyber security agency has alerted two organisations they were about to be targeted by the ransomware attackers who forced Channel Nine to cancel several live shows in March.

Staff were locked out of the emails and internet access, and the media company’s print production systems were also affected in the incident.

Assisting Nine in the aftermath allowed the Australian Signals Directorate (ASD) to avert two other planned attacks, the agency’s director-general Rachel Noble told a Senate hearing.

“We were very engaged with them and the technical information that they were able to provide us about what happened on their network helped us using our more classified capabilities to warn two other entities that they were about to be victims as well, to prevent them from becoming victims,” she said.

Abigail Bradshaw, who heads the Australian Cyber Security Centre within the ASD, told the hearing the organisation had played a similar role several times over the past 12 months. She described that as more useful than offensive cyber operations.

When asked if the ASD had gone on the offensive against the group responsible for the attack on Nine, Noble said it had not.

“It really is our role to try and help take this information in and lift our national cyber defences by having a better, more holistic, national picture and that’s the value add, I guess, that we bring to the table,” she said.

The Senate hearing was also told the health care sector is the number one target for ransomware attacks and ASD is determining the likelihood of hospitals or hospital networks being attacked.

Bradshaw said: “We have direct links and, in fact, officers embedded in the department of health, because of the criticality of the health sector at the moment.

“That means we alert the department of health whenever there is an impact to the health care sector, but also in particular, any entity involved in the vaccine rollout because that is of critical importance.”

During the hearing, member of parliament Tim Watts commented: “Ransomware crews are like modern-day privateers, exploiting the legal impunity provided by their host countries to menace and extort innocent organisations around the world.

“If the countries that host these pirates won’t force them to face justice through the legal system, we should use all the tools available to us in the cyber domain to hunt down and destroy these criminal groups.”

 

PrivSec Global