News campusreview . com . au
Some smaller universities are still developing their cyber capabilities .
Prime target
Warning for universities over potential Russian cyber attacks .
By Eleanor Campbell
Russia ’ s invasion of Ukraine has made Australia increasingly vulnerable to cyber attacks , and the university sector is a prime target , cyber security experts have warned .
The federal government issued a cyber threat warning to businesses early in the conflict after NATO allies ramped up sanctions against Russia and its President Vladimir Putin .
Director of RMIT ’ s Centre for Cyber Security Research and Innovation Professor Matt Warren said there are a number of ways universities could be impacted . “ The reason why the university sector could be a potential target is that they ’ ve been deemed a part of Australia ’ s critical infrastructure , so they become a target by association ,” he told Campus Review .
“ Any impact or cyber attack on an Australian university would be reported in the media , so it would reinforce the Russian perspective of punishing Australia .”
The Australian Cyber Security Centre ( ACSC ) has said it is not aware of any current or specific threats facing Australian organisations .
In a recent statement , the federal agency urged businesses to “ improve their cyber security resilience in light of the heightened threat environment ”.
In the event of a targeted cyber hit , smaller and local tertiary institutions would be the most vulnerable , according to Warren .
“ You ’ ve got some very large universities that have very mature cyber security operations , and you have some smaller universities that are still developing their cyber capabilities ,” he said .
“ What an attacker would be looking at is which has the weakest link .”
Based on Russia ’ s past strategies , statesponsored cyber attacks fall into four key approaches .
A denial of service attack , or DoS , happens when servers are forced offline after being bombarded with floods of data .
This was seen in the most recent wave of cyber attacks against Ukraine , which crashed 70 government websites .
Other forms include hacking websites to spread political messages , a tactic used by Russia to influence the 2016 US election .
Ransomware attacks , typically carried out by criminal gangs , happens when a system is infected with malware to lock down access until a ransom is paid .
The fourth strategy sees hackers break into an organisation ’ s online systems to steal data and publish it , often to cause public embarrassment .
One of the core phases of a cyber attack is the ‘ reconnaissance stage ’, where an attacker infiltrates a system and does nothing but monitor it to identify any weaknesses .
“ This is part of the issue around cybersecurity ,” said Warren .
“ Organisations could already be compromised , but because the attacker hasn ’ t launched an attack , they won ’ t know about it until it occurs .”
An area where Russia is becoming increasingly sophisticated is information warfare , where online propaganda and digital manipulation are used to change the population ’ s point of view and opinions .
Warren said that information warfare campaigns are typically ramped up in the months before an election .
“ What you are seeing over time is an increasing capability from the Russian perspective , and an increase of their capability to attack different aspects .
“ What the attacker would want to do is impact as much of Australia as they could ,” he said .
“ It ’ s really that issue around improving cyber posture and making sure that every citizen can do as much as they can to protect their systems to make sure it ’ s updated and patched , and that they are doing the appropriate things online .”
The ACSC has recommended that Australian organisations implement the ‘ essential eight ’ mitigation strategies from the Strategies to Mitigate Cyber Security Incidents .
However , anyone from individual citizens , small businesses , large organisations and governments all have the potential to fall victim of cyber assaults .
Warren said individuals should protect themselves by having multi-factor authentication set up on their online accounts and consistently updating their operating systems . ■
8