VIDEO: ABC News Mornings
Read the ASD Cyber Threat Report 2022-2023 here
More Australians are reporting being targeted by cybercriminals, as the nation's digital spy agency points the finger at China as the major backer of serious hacking against Australian companies and critical infrastructure. The Australian Signals Directorate has released its annual cyber threat report, revealing 94 ,000 reports of cybercrime in the past financial year.
Transcript:
Interviewer: Richard Buckland, thank you so much for being here. So more people are reporting being targeted by cyber criminals. Does that mean it's happening more often, or are people more comfortable with reporting it these days?
Richard: I think both. Certainly, we feel less silly about reporting it now. It's less as though we're a bit of an idiot if we're scammed or tricked. But still, I think most crimes aren't reported - most small crimes aren't reported, so what we're seeing is still just the tip of the iceberg.
Interviewer: Can you give us an example of what those small crimes against individuals might be, given that we know when it comes to big companies like Optus and Medibank Private, we've seen what those data breaches look like?
Richard: Yes, yes, because they're compelled to report those by the legislation brought in by the government, which is great. Yeah, I was thinking of things like dating scams. Someone who is tricked into thinking they're dating someone and actually it's someone overseas who's just taking them for money. They often don't get reported because people feel rightly foolish. I mean, not rightly, people naturally feel foolish and like an idiot, but actually it's completely human to fall for things like that.
Interviewer: Prevention. What more can we do as individuals and small businesses to protect ourselves? Is there enough of that in the conversation?
Richard: I think the main and first thing we can do is just to be a bit more aware. It's a new threat that we're not used to. It might seem a bit scary and might make us want to not think about it, but actually just thinking about a little can improve our security posture a lot.
Interview: And the Australian Signals Directorate has pointed the finger squarely at China, that's been the case for some time. Has China's activity in this space changed at all? Has it become more bold?
Richard: So, I mean it's not just China, Russia as well, but yeah, we're seeing and for a long time no one wanted to confirm who was doing the attacks, but this report that's just out now confirms that an attack or an investigation carried out in the US, by jointly Australia and America and presumably other countries as well, has correctly as clearly identified China as a culprit. Have their strategies changed a lot, or the volume? No, but their strategies are evolving and move very stealthily. We're seeing they do ‘living off the land’ type attacks, which are very cunning attacks like commandos used to do in the old days. They don't need to bring elaborate equipment with them. They use what's available on the target systems to attack the target systems themselves. That's very sophisticated and quite hard to track down because the software being used is the bad guy software. it's your own software, so you can't fingerprint them that way.
Interviewer: The Deputy Prime Minister Richard Miles, he's been talking about this this morning. He's noted the relationship with China is complex, but it's also our largest trading partner. How delicate a balancing act is that for governments? '
Richard: That must be very hard. I don't envy them at all. But I think it's right to push back and speak firmly. I don't know if you remember that scene in Love Actually, where the American president comes out and the British PM finally just stands up and says, okay, we are good friends, but friends speak firmly to each other.
Interviewer: Hugh Grant and Billy Bob.
Richard: That's exactly right. You know the film. It's a great film. But yeah, so absolutely, that's what we need to see more of. So maybe Richard Miles is now the new Hugh Grant for us. Let's hope so.
Interviewer: Right now, the Port Operator DP world is dealing with an attack which will affect supply chains in the lead-up to Christmas. Have businesses and governments gotten any better at responding to these cyber attacks?
Richard: Yes, the governments... I mean, yes and no. Businesses not necessarily, but the government's now doing some action in this space. We've appointed the Air Marshall to coordinate responses. So we've started thinking more and more about how to respond. But of course, the next step, I'd like to see not just talking about response. The next step now is to think about prevention. Let's not just be reacting to these things all the time. But yeah.
Interviewer: What are the new powers that could be flagged, and are they likely to go to the Australian Signals Directorate?
Richard: There are many new powers and I'd be nervous to suggest any speculatively in case no one had thought of them and they're added to the list. I don't necessarily think that...
Interviewer: You are an expert. Please add to the conversation.
Richard: It's natural for governments to think about controlling things and fixing things through legislation. But really what I really liked about Richard Miles' introduction to the report was he talks about collaboration and cooperation, and I think that's a far more productive thing. Rather than the government telling businesses what to do, absolutely there should be threats and punishments if people do the wrong thing, but working with them collaboratively and working with universities and end users and business groups, I think all together we're very strong. It's a bit like COVID all over again and I think mandates from the centre aren't really the way to go.
Interviewer: Richard Buckland, thanks so much for your time.
Richard: Thank you.
