For the first time, the Federal Government has used its cyber sanctions powers over the hacking of a government system by a foreign player.
On Tuesday (23 January), Australia imposed a targeted financial sanction and a travel ban on Russian citizen Aleksandr Ermakov for his role in the breach of the Medibank Private network in 2022.
This is the first use of Australia’s autonomous cyber sanctions framework, following an 18-month investigation into the cyber hack in which 9.7 million records were stolen.
These records included names, dates of birth, Medicare numbers and sensitive medical information, some of which was published on the dark web.
The Australian Signals Directorate and the Australian Federal Police, under Operation Aquila, together with other Commonwealth agencies and international partners, worked to link the Russian cyber criminal to the attack.
The sanction imposed on Ermakov makes it a criminal offence, punishable by up to 10 years’ imprisonment and heavy fines, to provide assets to him or to use or deal with his assets.
This includes through cryptocurrency wallets or ransomware payments.
Deputy Prime Minister Richard Marles said more leads were being pursued over the 2022 cyber attack.
“The Australian Signals Directorate and the Australian Federal Police have worked tirelessly over the past 18 months to unmask those responsible for the cyber attack on Medibank Private and to ensure Australians are protected from malicious cyber activity,” he said.
“We continue to work with our friends and partners around the world to ensure cyber criminals are held to account for their actions, and we will relentlessly pursue activities which disrupt their capability to target Australians in cyberspace.”
Foreign Minister Penny Wong said using the cyber sanctions should send a strong signal to malicious players.
“The use of these powers sends a clear message – there are costs and consequences for targeting Australia and Australians,” Senator Wong said.
“This is an incredible effort from our cyber and intelligence teams. We are using all elements of our national power to make Australia more secure at home and to keep Australians safe.”
Monash University cyber security expert Nigel Phair congratulated the government for such a complex investigation but noted no arrests were likely to result from it.
Nor would it likely deter other foreign cyber criminals from attacking Australia.
“Attribution of cyber criminals is one of the hardest things to do,” Professor Phair said.
“It is also the first time Australia has used sanctions and while it most likely won’t result in the arrest of this individual (or probably any others), it puts sand in the gears of the cyber criminals by degrading their efforts to work with others in future criminal pursuits.
“This is unlikely to dissuade other internationally based cyber criminals from targeting Australian organisations or individuals, but it is a step in the right direction.
“Australian organisations need to continue to protect their information holdings, the systems where these reside and the people who access it. This includes undertaking fundamental risk management and introducing a competent control framework.
“Given the steady rise in cyber attacks for the past few years, there is an increasing need to build our cyber security capabilities by embedding more cyber awareness education in our educational institutions and organisations and training more professionals so we can grow our national expertise to collectively safeguard our ‘cyber borders’.”
The Australian Government discourages businesses and individuals from paying ransom or extortion claims to cyber criminals.
Cyber Security Minister Clare O’Neil said the sanctions against Ermakov proved the government was committed to its cyber security strategy and will “do everything in our power” to punish individuals who attempt to perpetrate cyber crime in this country.
“Through the 2023-2030 Australian Cyber Security Strategy, we are hardening our defences and putting layers of protection around Australians and Australian businesses,” she said.
“This includes working with industry to break the ransomware business model.
“Our strong advice to businesses is never pay the ransom. Paying a ransom does not guarantee sensitive data will be recovered, prevent it from being sold or leaked online or prevent further attacks. It also makes Australia a more attractive target for criminal groups.”
Original Article published by Chris Johnson on Riotact.