On Sunday, August 2nd Telstra users from Australia’s eastern states suffered from an internet outage as a result of a “malicious” cyber-attack against the telecommunications giant.
Melbourne, Sydney and Brisbane headlined as the hot spots that were affected the most from the outage with tens of thousands of users affected by the cyber-attack. The peak of the outage happened right before 11am and it targeted home internet and some NBN services.
Although home networks were the most affected, hackers froze the operations of thousands of businesses with the attack through the denial of service (DOS).
However all was not what it seemed.
A Claytons Cyber-Attack: The Attack You Have When You’re Not Having An Attack
Telstra later confirmed the outage was not a cyber-attack but an issue with their DNS servers > https://ia.acs.org.au/article/2020/telstra-outage-was-not-a-cyber-attack.html
To address the issue, Telstra apologised via social media and went on to post on Twitter “Your info isn’t at risk”, causing little peace of mind to concerned users and victims of the “attack”.
Telstra had communicated that the outage came as a result of “malicious traffic attacking some of our services”, yet they claimed, “we are confident we have blocked all of this malicious traffic and are working to get you back up and running again.”
So it was all a little confusing.
Australia: The Sixth Most Hacked Country
However it should be noted that Australia and Ukraine currently hold the sixth place in the list of the most targeted countries for cyber-attacks in the world.
This means real cyber-attacks are very common such as the recent hits on Telstra’s servers which are normally executed for the purpose of denying services to legitimate users and trigger a crash in the network cutting off vital communications.
These cyber-attacks have raised concerns as Telstra is just one of many different large-scale companies and organizations in Australia that has been targeted in the course of 2020. These recent attacks have shown how vulnerable Australian networks are to being brought down by Russian, Chinese, North Korean and Iranian hackers. (A fun bunch of guys).
This year has been particularly tough, as many organizations in Australia and New Zealand have fallen victim to state based bad actors specifically Russia and China, including the Australian government.
By “bad actors” we simply mean hackers, not thespians Nicholas Cage, Mark Wahlberg, Steven Seagal, etc. No government intervention could ever prevent these kinds of bad actors.
The most recent attack in May 2020 targeted the Home Affairs Department in Australia, which affected nearly 800,000 individuals whose personal information was released to the Dark Web without the Australian government having even identified the breach.
How We Protect Clients from Outages
Our lead cybersecurity engineer at Kaesim Cybersecurity explains how we protect our clients from this particular DNS issue as follows (warning: cyber-speak ahead):
“By default, ISP provided equipment uses ISP DNS servers. The DNS servers are essentially phone books that tie domains and human readable words to IP addresses. ISP DNS servers are generally slow and a big privacy concern because they allow the ISP to see everything that you’re searching on.”
“The ISP can control access to what sites you’re reaching because an ISP returns more than the IP address of the site you are searching for. It can essentially block you accessing the site even though you still have an internet connection. So we use DNS servers from Google or Cloudflare to avoid that issue.”
“To make the change we access our client’s network and reconfigure the DNS settings on the router to point to either one of those DNS servers making every device on the network connect through Google or Cloudflare. If we only control individual devices then we reconfigure those devices manually.”
“Whenever we install our cybersecurity software we actually have it use proxy settings specific to the application so it runs through a public DNS server which means even if the machine isn’t able to access the internet because of an ISP issue we still have access to the machine for cloud monitoring and security purposes.”
In plain-english this means your Sunday would have been interruption free and you stayed blissfully unaware of the interminable loss of internet that others were experiencing over the weekend.
Government Spending Coming: $1.6B Over 10 Years
The attack on Telstra is worrisome for government officials as much as it is for home users.
A lack of internet access disconnects mission critical IP security cameras and would cut off nearly all internet-based communications across a wide area instantly.
Prime Minister Scott Morrison has warned Australians about cyber criminals, stating how easily hackers could create damage, death and destruction by simply disrupting vital computer systems of government agencies and other types of businesses.
In order to fight cyber criminals, the Australian government has proposed some mandated requirements that must be implemented towards the cybersecurity of critical infrastructure providers. This includes food and grocery producers and providers, banks, utilities companies, pharmaceutical companies and defense contractors.
The proposed requirements include meeting certain cybersecurity rules and building up stockpiles of goods in case of a cyber-attack that may knock out production and would slow down or postpone production or distribution of essential goods and services.
Failing of businesses to comply with such requirements would result in hefty government penalties.
The exact details of the cyber security policies that will be implemented by Australian officials are meant to enable and enhance the agency’s capabilities and will receive an investment of $1.67 billion that will be spent over the course of the next 10 years.
These newly proposed government implementations would help to protect the Australian infrastructure in case of a wide-range attack and would safeguard the integrity of Australians whose personal information can be found on the networks of businesses or organizations who may have their details.
Australia is attempting to amp up its cybersecurity policies as war with China looms over the world’s internet. Most large-scale cyber attacks in recent years have been carried out by Russian and Chinese hackers and have caused losses in the range of hundreds of millions of dollars.
Whilst we cannot stop all state based bad actors (Ben Affleck?) we can mitigate the risks posed by them.