Telstra Fends Off Vaccine Cyber Threats
“We are very, very attuned to it because it is a critical supply chain to protect,” said Andy Penn, chief executive, Telstra.
A supply chain for a vaccine starts with the pharmaceutical company and extends through to transport and hospitals, and clinics.
“There is malicious activity around all of those organizations all of the time,” he said.
Penn declined to go into detail about Telstra’s efforts.
He said the attacker’s motivation was often unknown, and it was unclear whether it was specifically targeted at the vaccine supply chain itself or whether it was malicious activity targeted at a particular operator such as Australian logistics giant Toll Group.
The toll was infected with ransomware twice last year, which disrupted goods and service delivery across the country.
Telstra, Optus, and Woolworths were among those whose shipments were stopped when Toll was taken offline by cybercriminals.
The hackers also stole data before encrypting Toll’s data and publishing it on the dark web, which Penn warned was the new modus operandi of cybercriminals.
Penn could not rule out a successful attack on Australia’s Covid-19 vaccine supply chain.
“I think it is likely that there will continue to be a malicious activity that may or may not affect companies,” he said.
In 2019, several hospitals and clinics in Australia, often made vulnerable by old systems stitched together, were targeted by ransomware.
Access to patient records and contacts, as well as scheduling and financial management systems, were significantly impacted.
Asked whether Telstra was itself a target, Penn said they detected malicious activity across their networks all of the time by cybercriminals and foreign countries.
According to the Government’s Australian Cyber Security Centre, some of the threats to Australia’s cybersecurity include cyber espionage that gathers intelligence in support of state-sponsored activities; cyberattacks that aim to destroy critical infrastructure; and criminals using online environments to defraud or steal individual identities.
“As a government policy issue, concerns about Australia’s cyber resilience were initially raised in the Howard Government’s 2000 Defense White Paper, Defense 2000: Our Future Defense Force,” said the Parliament of Australia in a statement.
“A number of initiatives flowed from this policy, including cooperation among key national security agencies to assess and deal with emerging threats. In the 2009 Defense White Paper, Defending Australia in the Asia Pacific Century: Force 2030, the Rudd Government elevated investment in cyber capabilities to a national security priority, and in 2010, established the Cyber Security Operations Centre within the Defense Signals Directorate (now the Australian Signals Directorate).”
(Edited by Vaibhav Pawar and Saptak Datta)