Water, rubbish services could be next big cyber target
AUSTRALIANS could face “potentially catastrophic” disruptions to water supplies, the electricity network, sewage and rubbish services in the newest emerging threat from foreign spies and cyber criminals, according to a new security report.
Local councils are the latest highvalue targets for online attacks in Australia, according to the whitepaper from independent security firm CyberCX, with all local governments facing the “high likelihood” of a data breach and many at risk of suffering serious disruptions.
The security warning follows confirmation Chinese and Iranian hackers have been exploiting a new widespread computer flaw to steal information, and after Bloomberg claimed to have unearthed evidence Huawei siphoned information from an Australian phone network before its 5G ban.
CyberCX cyber intelligence director Katherine Mansted (inset) said the “threat landscape” in Australia continued to worsen, and evidence from overseas pointed to local government organisations being the next top target for criminals and state-sponsored hackers.
Three notable attacks against Australian local councils were reported in 2021, according to the CyberCX report, which also warned that “foreign governments (were now) actively targeting local government organisations in Australia for intelligence collection and political interference” and considered the organisations as “weak links” in Australia’s national security.
“It’s only a matter of luck that an Australian local government hasn’t experienced a serious interruption to its services or a destructive attack against local infrastructure,” Ms Mansted said.
She said nation states increasingly viewed local councils as the easiest way to infiltrate larger government bodies and steal data.
The Australian Cyber Security Centre’s (ACSC) annual report found that attacks on local, state and territory governments jumped by more than 15 per cent during the 2020-2021 financial year, making the sector the fifth most likely to be targeted. The warnings also come just days after the ACSC issued advice about a dangerous and widespread computer vulnerability, Log4j2, that could let attackers take control of entire systems.
Microsoft confirmed the flaw was already being exploited by statesponsored hackers from China, Iran, North Korea and Turkey, and urged organisations to scan and patch their devices. It emerged as China faced further scrutiny over its control of Huawei, as Bloomberg reported the company had installed software that acted as a “digital wiretap” on the network of an Australian phone provider in 2012 – an action later cited as a reason behind banning it from the country’s 5G network.