Australian universities have been targeted by hackers with connections to Iran in recent months, and "a number of investigations" are in progress, according to cybersecurity firm CrowdStrike.
"There are a lot of things that are happening geopolitically that are driving a lot of attacks," the company's vice president for technology strategy Michael Sentonas told journalists in Sydney earlier this month. "There are things happening in China, in Russia, in Iran, there are things happening in North Korea, that [are] directly having an impact to all of us on the internet."
CrowdStrike has called out this blurring of cyber tradecraft with what they're calling "cyber statecraft" in their 2018 Global Threat Report, released on Monday.
"Obviously Iran has a specific interest in Saudi Arabia. There's a number of diplomatic disputes. Iran, heavily embargoed, want access to a lot of intellectual property they may not necessarily be able to get. There are groups that are linked [to Iran] and are seeking for a lot of that information," Sentonas said.
"There's been a number of universities in Australia, over the last two to three months, that have been targeted, with adversaries looking to get intellectual property that would be of benefit to certain groups and government departments in Iran. We've been directly impacted by that, and there's a number of investigations going on across the country."
CrowdStrike has also seen an increase in cyber activity originating from China, even though Australia and some other western nations had signed what were essentially cyber non-aggression treaties with China in 2015 and 2016.
"In 2017, we saw a lot of activity again, activity targeted at what I would call a soft target. An NGO. A think tank," Sentonas said.
"They're great people to target, because you have people that were once in government. You have academics. You have people researching economic policy. They're working on defence projects. They are in technology and medical advancement. That would be interesting to a particular group or country that maybe doesn't want to do that research. Or if you're a think tank that is working on, for example, Chinese economic policy, what if you want to know what that think tank is researching?"
The Russian cyber actor Fancy Bear, which was active in the lead-up to the US election in 2016, has also been busy.
"That group is continuing to be very, very active, and they are looking at essentially destabilising our democratic institutional legitimacy. They are trying to do misdirection etc," Sentonas said.
The rise of such cyber disinformation was predicted by David Irvine, former director-general of the Australian Security Intelligence Organisation (ASIO), and former head of the Australian Secret Intelligence Service (ASIS), in late 2016.
CrowdStrike reports that ransomware will continue to be a major trend for nation-state and criminal actors. They also point to a cyber trickle-down effect.
"These techniques are reused. Once they've been used once, they do get reused, and they get shared, and it adds complexity to the average organisation around the world," Sentonas said.
Australian Home Affairs thinks its IT is safe because it has a cybermoat
For a department that is focused on protecting borders, it seems virtual border protection is missing in action.
Australian decryption legislation will not undermine 'legitimate encryption': Home Affairs
Calling government proposals to seek decryption of communications a "backdoor" is a cartoon-like assumption, according to Secretary of the Department of Home Affairs Michael Pezzullo.
ASD gives Dimension Data protected-level cloud certification
The multinational is the first overseas player awarded the certification from the agency responsible for foreign signals intelligence and information security in Australia.
US-CERT recently issued a major cybersecurity warning for the Olympic Games (TechRepublic)
Hackers may capitalize on the Olympics to spread messages and steal personally identifiable information. Fans and athletes must remember that they are responsible for their own cybersecurity.
Unsecured Amazon S3 buckets are prime cloud target for ransomware attacks (TechRepublic)
Thousands of S3 buckets are incorrectly configured as being publicly writable, making them easy to exploit.