Jazmin Wright | Cyber & Tech Fellow
There’s a new type of big game hunting — a virtual kind involving malicious actors in the digital sphere. Just like their real world namesake, virtual big game hunters look for targets with the biggest payoff.
Since COVID-19, the importance of critical infrastructure and digital technology has been launched into the public eye, as both have enabled Australia to become resilient during times of crisis. This shift in reliance should not just focus on the technology industry in a microcosm. The increasing connection between technology and critical infrastructure will have profound impacts on Australia’s security.
As more businesses and entities rely on technology, the opportunity for malicious actors to attack Australia’s critical infrastructure also increases. According to the Australian Cyber Security Centre, ransomware is a common and dangerous form of malware, where malicious actors will encrypt files and demand a ransom for the encryption key or to prevent data from being sold.
It is also the biggest cyber threat facing Australia.
Ransomware can impact any entity that is connected to the digital sphere, whether it be public sector or private corporations. However, this form of malware can do significant damage to high-profile entities and this is something malicious actors have noted.
These ideal victims have data or services with high criticality, or data that is sensitive for corporations or has the potential to impact the functioning of critical infrastructure. Depending on the value of the data or the critical functions the attack affects, a business that has fallen victim to an attack may be inclined to pay the ransom, regardless of the ransom sum. When it comes to high-profile entities like healthcare providers or telecommunication services, the larger the potential impact, the larger the potential prize.
This phenomenon is known as big game hunting, an indiscriminate and potentially high reward form of ransomware, and is something Australia must be cautious of in order to become more secure.
This phenomenon has previously been seen in Australia with the attack against one of Australia’s largest telecommunication companies, Optus. On September 22 2022, Optus fell victim to a large data breach causing the personally identifiable information (PII) of approximately 11 million customers to be compromised. While lines of communication were not impacted, the PII that was accessed included customers’ names, phone numbers, email addresses, driver’s licenses, and passport numbers. The information taken from the malicious actors was then used for phishing attacks and fraud attempts against the victims of the Optus attack.
Prior to the attack, Optus considered itself a significant target for malicious actors, given its position in Australia's market and its role in making part of Australia’s critical infrastructure. This instance of big game hunting did not directly harm Australia’s critical infrastructure in its traditional sense, but it did exploit a key player in Australia’s network of critical infrastructure and put Australians, and their data, at risk. In the aftermath of the attack, Optus’s chief executive Kelly Bayer Rosmarin said that the Optus breach “is not similar to anything we've seen before, and unfortunately it was successful”. This suggests both an increase in severity and impact of attacks, and Australia’s general underpreparedness to cyber threats and big game hunting.
It is important to not see big game hunting attacks as businesses merely falling victim to a cyber attack, as the ramification of an attack can be significant for society. For sectors that facilitate essential services for the nation, such as banks, water and electricity management, and health care, the stakes are even higher, given the increased likelihood that the victim would pay the ransom to restore critical operations.
One of the most notable and damaging instances of an attack of critical infrastructure, and one that directly affected the functioning of services, was the May 2021 Colonial Pipeline ransomware attack in the United States. Colonial Pipeline plays a key part in the United States’ critical infrastructure by providing nearly half of the fuel of the East Coast of the United States through over 8,000 kilometres of pipeline. The ransomware attack crippled Colonial Pipeline’s digital systems, causing the organisation to shut down operations for several days, and consequently hindered the country's access to gasoline. This prompted President Joe Biden to declare a state of emergency.
Despite not taking place in Australia, many important lessons can be learnt from the attack. The Colonial Pipeline attack directly demonstrates the ramifications of an attack on critical infrastructure and the potential to weaken the entity’s and Australia’s resilience.
Particularly with indiscriminate attacks, malicious actors can leverage current disturbances, such as a pandemic, to conduct a ransomware attack on critical infrastructure like healthcare. The critical nature of both the disturbance and the infrastructure makes it an ideal opportunity for big game hunters looking to make a profit. Thus, it is critical to perceive ransomware attacks as a significant threat to national security, as the potential scale of impact is paramount to Australia’s security and resilience.
Big game hunting, and ransomware as a whole, has the potential to significantly weaken Australia’s security. Given the growing reliance of technology and the consequent increasing risk associated with it, it is imperative that Australia proactively secures itself on the digital front. The high rewards of big game hunting mean that Australia’s critical infrastructure is a prime target for malicious actors.
Australia should prioritise instilling digital resilience in all entities that make up Australia’s web of critical infrastructure and prepare for the ‘worst-case scenarios’. The stakes are too high to be complacent with the digital security of Australia’s critical infrastructure.
Jazmin Wright is the Cyber and Technology Fellow for Young Australians in International Affairs and is currently working in digital and technology risk. She is currently the Vice President at the Young Diplomats Society and the Editor-In-Chief at the Australia-Pacific Youth Dialogue.
The views expressed in this article are those of the author and do not reflect those of any other entity.