LIAM BARTLETT: Now in the last financial year alone, the new figures released by the Australian Cyber Security Centre show that more than 67,500 cyber crimes were reported here in Australia. That's one cybercrime being reported in this country every eight minutes, and the criminals are winning big riches too, victim reported losses during that timeframe total $33 billion. Significantly, the attackers have also been busy exploiting the embattled health system of various states during the pandemic with a surge in ransom attacks, demanding hospitals and health networks pay them big money to get their data back. All up there were nearly 500 ransomware attacks reported that's more than one every day, ransom demands ranging from thousands to millions of dollars. Now, with a total of $33 billion being extracted by crooks, it's little wonder that the criminal element has latched on to this like limpet mine. The Assistant Defence Minister Andrew Hastie calls it Australia's new battleground and he joins us this morning. Minister, good morning to you.
THE HON ANDREW HASTIE MP, ASSISTANT MINISTER FOR DEFENCE: Good morning, Liam. Good to be with you and your listeners.
LIAM BARTLETT: You too. Minister, do we know if these cyber criminals are mostly based in country or overseas?
ANDREW HASTIE: It's a mixture, Liam. There are sophisticated state-based actors who act on behalf of governments or as proxies for governments. There are sophisticated criminal syndicates who operate for financial reasons, or indeed political reasons. For example, they might attempt to destabilise democracies as we've seen in a number of different countries. And then, finally, there might be onshore hackers who, you know, run petty scams and try to defraud Australian. So it's a mixed bag. But I guess the point that you made in the introduction is this: the pandemic has accelerated the virtualisation of Australian life and many of the things that we would normally do in person – whether it be education, shopping, banking – is now done online. And what that means is that collectively, we've created a much bigger attack surface for cyber criminals and cyber spies. And so this report is about alerting the Australian people to the threat, and then telling them how we can actually counter it.
LIAM BARTLETT: It's incredible, when you look at those figures, what they're getting away with, and I take it the majority of that money would end up somehow, somewhere in overseas accounts?
ANDREW HASTIE: That's right, on the dark web, particularly, this is why encrypted currency has been on the rise. And certainly, it's very, very difficult to recover money once it's lost, which is why we need Australian people doing very basic things. And it's not that difficult: complex passphrases; patching your security updates on your phone – yesterday, for example, Apple put out an iPhone iOS update, if you haven't done so, please do, it's a really important one; backing up your data; and, of course, using multi-factor authentication, which is simply asking for another bit of information before you hand over some of your important details or indeed access to your bank account.
LIAM BARTLETT: Minister, when you say state-based actors. So we know that years ago, you know, when this first started out, most of those state-based actors were sourced in and around the old Soviet satellites, places like Belarus, that sort of thing. Now, since then, of course, there's been a lot of press about things expanding to our Asian neighbors, particularly in China. Do we have any idea apart from China and maybe parts of Russia, are there other places we should be worried about?
ANDREW HASTIE: Well, since 2017, the Australian Government has made attribution or called out countries like North Korea, Iran, Russia and China, for cyber activity against Australians and our organisations. You would remember, only a few months ago that the Australian Government joined more than 30 nations from Five Eyes, EU and beyond, to call out China for exploiting the Microsoft Exchange vulnerability, which we became aware of earlier this year. So part of, I suppose, countering this threat is bringing transparency. These things thrive in the shadows, and we're calling on all countries, not just the ones I've mentioned, to act responsibly in the cyber domain.
LIAM BARTLETT: Yeah that attack obviously also affected this network, the Nine Network as you will know, no money involved, but just basic disruption, which is an interesting one, isn't it?
ANDREW HASTIE: That's right, and you rattled off a number of statistics from the Report at the start of the interview. But one really important one is that one in four cyber attacks last year were conducted on critical infrastructure. So essential services that we rely upon. So think electricity, think water, think health services, think telecommunications. Without those things, Australian society would very quickly find itself in a very difficult situation. So it's a point of leverage for malicious cyber actors to attack, and that's why they go after to those things. There's plenty of examples – you will you'll recall, of course, the Colonial Pipeline ransomware attack earlier this year in the United States, and back in 2015, Ukraine had its power cut off in the middle of winter, allegedly by Russia. And so a lot of people went, it got very cold very quickly. So you can see why it's so important that we're protecting our critical infrastructure in this country.
LIAM BARTLETT: And that infrastructure is becoming more and more technologically dependent, isn't it? I mean, just through the way that the world progresses, we can't do much about that. That's just the way that the way it is. So here's the question for you, as the Minister in charge of these things, what are we doing to go after these people proactively? I mean, can we be in a position where we are hunting the hunter?
ANDREW HASTIE: We sure are, Liam. We are not just the hunted but we are hunting every single day through the Australian Signals Directorate based in Canberra. Their mission includes offensive operations, and their job is to disrupt cyber adversaries offshore. You might recall some years ago, the ASD put a virtual spear through the heart of ISIS and their online operations, sowing discord, confusion, and this is the point you make: with the rise of the Internet of Things we're more connected than ever before. So if you can attack someone, virtually, particularly in a period of conflict, you may not even have to fire a bullet or drop a bomb, you can effectively disable an opponent through attacking their cyber and their connectivity. So to bring it back, it's really, really important and the ASD is going after those who would cause us issues and problems. The Australian Federal Police acting in concert with state police are also disrupting cybercriminals as well, and as a government we're investing $15 billion over the next decade in cyber and defence capability. So this is a new front, we've recognised that and we're acting and getting on with the job.
LIAM BARTLETT: So that's the point I mean, you're in a unique position because of your military background. You understand the strategy behind these things. So what sort of extra resources can you bring to bear for the AFP and, and for the Signals Directorate. I mean, the AFP for example, I've got their bottom hanging out just chasing after other internet problems, haven't they like sexual abusers and things like that? I mean, apart from what's already been stated in the Budget, though, Minister?
ANDREW HASTIE: Well, that's right. I mean, look, I do want to mention what the Australian Cyber Security Centre does in Canberra. They are our standing 24/7 taskforce looking at the problem of cyber for the Australian people. And just to give you some stats, which are in the Report, last year, they undertook 25 high priority operational taskings in response to identified or potential cyber threats. They removed from the internet over 7700 websites hosting cybercrime activity, Liam. I was present in the ACSC, watching these cyber warriors disrupt a plot to steal credit card information from Australians on the dark web. So every single day, Australians get up, they go to work, and they go after our adversaries. But sure, we're spending a lot of money, building a cyber capability with the AFP, this is a whole of government problem – so we need Defence, we need AFP, we need ASIO, everyone working together. And that's what we're doing. And, of course, this problem continues to evolve. So we can never rest on our laurels. That's why it's so important to patch your software and stay up to date with the latest security updates.
LIAM BARTLETT: And that just brings us full circle Minister, so final question and here’s a text message from one of our listeners, John, who hits the nail on the head, I think he says cybercriminals hacking the health system and other bits and pieces and yet, we're all told to sign up to the MyHealth, MyGov, you know, etc, etc. No wonder people don't have confidence in it. So we are becoming more and more dependent on these sort of centralised sites, aren't we? And yet, one cybercrime every eight minutes? That's just incredible.
ANDREW HASTIE: It is, and, look, Liam, I got my second jab yesterday at Kwinana and I got my certificate and my email, that's private and confidential information we need to protect privacy, which is what we're doing, which is why this Report is so significant because yes, we have centralised systems and we're putting state of the art technology around them to protect from cyber threats - but it also comes down to every day Australians doing the right thing and improving their own cyber security: complex passphrases; multi-factor authentication; backing up their data; and updating their software – those things make you a hard target, which is why I encourage your listeners to do all those things if they haven't done so.
LIAM BARTLETT: Alright, Minister. Thanks a lot for your time this morning. Good to talk.
ANDREW HASTIE: My pleasure, Liam, and thank you.