The Australian Signals Directorate has released new details of what appears to be justification for the use of its offensive capabilities after its public facing arm, the Australian Cyber Security Centre (ACSC), revealed it expects COVID-19 vaccine and virus response and research to be hit.
In a long but tightly worded sequel to last week’s jocular yet vague ministerial announcement referencing the use of ASD’s offensive capability – essentially knocking boxes outside of Australia – the ACSC has for the first time alluded to what tipped ASD’s offensive hand.
“The Australian Signals Directorate is committed to protecting Australians from malicious cyber activity during this difficult time, including by striking back at these cyber criminals operating offshore,” the agency said in an update.
“Sophisticated adversaries will also be focused on covertly obtaining COVID-19 information such as details of Australia’s pandemic responses and research on vaccines and treatments, broadening the types of information they typically target.”
The release of the statement sheds new light on why ASD has been conspicuously mentioned in reference to the Australian government’s forthcoming release of a Coronavirus tracing app.
The federal government has, with little effect, sought to assure Australians their personal data will be safe under its proposal.
That's probably true of local threat actors.
However, the ACSC and its mother agency ASD have less of a rosy view.
“The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) continues to receive reports from individuals, businesses and government departments about a range of different COVID-19 themed scams, online frauds and phishing campaigns,” the agency said.
“Cybercrime actors are registering COVID-19 themed websites to conduct widespread phishing campaigns that distribute malicious software (malware) or harvest personal information from unsuspecting Australians.”
Aside from showboating some pretty decent fakery upcycled from Westpac, ACSC revealed crooks are, perhaps predictably, following the money.
“ACSC is aware of a range of payment themed scams targeting Australians that use official Australian Government branding. The fraudulent emails come from addresses that very closely resemble or spoof official Australian Government email accounts.”
Can’t wait for the spoof tracing app emails …