ASD Is Using Confidential Capabilities to Alert Local Companies of Imminent Ransomware Attack
Following the Channel Nine Attack, the Agency Says Two Other Entities Are About to Suffer a Ransomware Attack as Well.
As the Australian Cyber Security Centre (ACSC) is actively helping a local business remove and recuperate following a ransomware attack, the Australian Signals Directorate (ASD) is using its more secretive abilities to discover whether any other companies are on the cybercriminals hit list.
Mentioning the Australian Channel Nine incident, Rachel Noble, director-general of the ASD told Senate Estimates that informing companies of a possible future danger about any precursor activity on their networks or systems is part of ASD’s “value add”.
We were very engaged with [Channel Nine] and the technical information that they were able to provide us about what happened on their network helped us, using our more classified capabilities, to warn two other entities that they were about to be victims as well, to prevent them from becoming victims.
Last year, the Australian Cyber Security Centre (ACSC) has been particularly focused on the health sector, which has seriously been affected by cyberattacks, becoming the sector with the highest level of ransomware assaults.
Head of the Australian Cyber Security Centre (ACSC) Abigail Bradshaw declared when an attack happens, the agency helps the impacted companies with ceasing operations and confining the malware, before confirming the threat actor is gone, and then helping to fix systems.
Bradshaw also said they immediately take whatever indicators of compromise they can in order to pre-warn other organizations before they get hit by a cyberattack.
We use the full range of ASD capabilities to determine whether or not there might be indicators of future victims. We have done that in a number of cases in the last 12 months … using the full range of ASD capabilities, we have been able to identify precursors going down on other people’s networks, and to pre-warn those entities before they become victims, which [as Noble says] is much more useful.
The ACSC has been publishing precautionary threat statements for health care organizations over the past year and a half as they have become such vulnerable targets. Due to the current situation, ACSC also has officers placed in the Department of Health.
That means we alert the Department of Health whenever there is an impact to the healthcare sector, but also, in particular, any entity involved in the vaccine rollout, because that is of critical importance.
Rachel Noble declared the government has been engaging with JBS Foods, the world’s largest meatpacking organization, following a ransomware attack that took down its systems at the beginning of this week.
JBS said on Tuesday it has seen “significant progress” in resolving the attack that impacted its North American and Australian operations.
We have cybersecurity plans in place to address these types of issues and we are successfully executing those plans. Given the progress our IT professionals and plant teams have made in the last 24 hours, the vast majority of our beef, pork, poultry, and prepared foods plants will be operational tomorrow.
Noble stated the Australian Signals Directorate (ASD) has not employed its attacking cyber capabilities against the ransomware gang which is believed to have its origin from a criminal organization most likely based in Russia.