In the face of a global malware infection spreading from computer to computer with wormlike efficiency, Australia’s time zone proved to be a saving grace for our unprotected Windows users with most able to plug system weak spots.
As staff of the UK’s NHS were being locked out of their computers by the malicious WannaCry virus, Australia was in the early hours of Saturday morning and many of the nation’s vulnerable machines were lying idle.
In those first few hours, as Australia slept, the ransomware’s spread infected victims in at least 74 countries and was estimated to be spreading at a rate of five million emails per hour.
On Saturday Prime Minister Malcolm Turnbull said the government was closely watching the impact on Australia.
"We are continuing to monitor the situation closely and stand ready to deal with any cyber-security threat to Australia's critical infrastructure,” Turnbull said.
Meanwhile, Minister Assisting the Prime Minister for Cyber Security Dan Tehan said Australia’s healthcare system remained unscathed, unlike the UK’s and Indonesia’s.
“There has been no impact on the Australian health system at this stage,” he told the ABC.
By Tuesday, the Prime Minister’s cybersecurity adviser Alastair MacGibbon was confident that Australia’s critical infrastructure had been spared the chaos seen elsewhere.
“It’s always bad for any business to be a victim of crime but as a whole of nation we can be confident so far that we missed the worst of this. We have seen no impact in the health system, which is important. We’ve had no reports of any government agencies impacted by this,” MacGibbon said.
John Ellis, co-founder of Andgiet Security, said the weekend was key to the nation avoiding the levels of disruption seen in countries such as Russia, China, Spain and the Philippines.
“A combination of time of the attack (early hours Saturday morning for Australia) and that a kill switch was discovered over the weekend, meant that there will be minimal infections,” Ellis said.
The timing gave infosec experts the opportunity to patch their systems before the sinister software, which locks down machines and demands digital ransoms, breached Australia’s cyber borders.
So far 12 known victims have been reported country with small businesses particularly vulnerable.
According to professor of cybersecurity at Deakin University Matthew Warren, the luck of timing and the federal government’s cyber security preparedness planning were two reasons for WannaCry’s diminished local momentum.
“The role that the government played in preparing the nation. [And] the weekend – it gave businesses an extra two days to patch and prepare,” Warren said.
The government has pledged around $230 million to the Cyber Security Strategy over four years, up to $400 million over ten years to improve Defence’s cyber capabilities, and $10.7 million over four years to create a Cyber Security Advisory Office (CSAO) following the hacking attack that brought down the Census, but Tehan also called on Australians to take the risk of ransomware seriously and implement steps to secure their devices.
“People have to be aware that the impact of ransomware at the moment on the Australian economy each year we estimate conservatively at around a billion dollars,” he said.
Head of the Australian Criminal Intelligence Commission Chris Dawson said between January 2015 and January 2017 the Australian Cybercrime Online Reporting Network (ACORN) received more than 4000 reports of ransomware.
“Australia is an attractive target for cybercriminals due to our high use of technology and our relative wealth. This means there are many people to target and large illicit profits to be potentially obtained,” Dawson said.
Cybercriminals can reach into our lives more than ever, he said, and malicious campaigns are constantly evolving and highly successful. Credential harvesting malware and ransomware have been the most serious types of cybercrime impacting Australia over recent years.
He said healthcare facilities, like other institutions managing sensitive customer data, need to ensure they have invested in security measures.
“Relatively few organisations sufficiently plan or prepare for a significant cyber security incident. The effective management of an incident can greatly decrease the severity, scope, amount of damage and therefore cost of a cyber security incident,” Dawson said.
“Prevention is always better than a cure as the costs of compromise can be more expensive than preventative measures.”