Security experts say it is unlikely new financial sanctions placed on Russia will prompt a direct retaliation, but they warn there is a significant risk Australian firms could be caught up as collateral damage.
Key points:
- Cyber agencies war businesses not to be complacent as Russian attacks escalate
- Experts do not expect Australia to be a target of Russian retaliation for sanctions
- But agencies warn attacks on Ukraine may spill over to Australia
And they warn Russian-linked criminal gangs might be encouraged to target all sorts of Western targets, prompting a possible surge in ransomware and other attacks across the globe.
Australia's lead cyber agency has issued a warning to Australian organisations that a wave of cyber attacks on Ukraine and NATO countries could spill over in coming months.
Russian agencies significantly increased the volume of cyber attacks on Ukraine in recent months, prompting Australia to offer Ukraine assistance in countering the strikes.
But Australian agencies and experts are now warning local companies should prepare for a further increase in both the number and severity of such attacks.
It is considered highly unlikely that Australia would be the target of direct Russian cyber-aggression, despite Australia's move to follow allies in placing financial sanctions on Russia.
Instead the Australian Cyber Security Centre (ACSC) is warning the attacks on Ukraine could have global ramifications that reach Australia.
"There has been a historical pattern of cyber attacks against Ukraine that have had international consequences," it said in a new alert.
"Malicious cyber activity could impact Australian organisations through unintended disruption or uncontained malicious cyber activities."
Experts point to examples like the NotPetya attack on Ukraine in 2017, which spread and disrupted government and corporate agencies around the world, as an example of the sort of damage that can be done.
Earlier, Home Affairs Minister Karen Andrews warned Russia may hit Australian critical infrastructure through cyber attacks.
But the ACSC said there is no intelligence yet indicating such an attack is looming.
"While the ACSC is not aware of any current or specific threats to Australian organisations, adopting an enhanced cybersecurity posture and increased monitoring for threats will help to reduce the impacts to Australian organisations," it said.
Spill-over attacks and cyber-extortionists the biggest threat
Australian cybersecurity firm CyberCX issued a new threat advisory warning that the threat to Australian and New Zealand firms has "materially increased" due to the conflict in Europe.
It said there are two primary risks: that Russian attacks would "spill over" and affect Australian firms, particularly those with a footprint in Ukraine or NATO countries, and that Russian-linked gangs might target Australian firms as part of a broader hit on Western assets.
CyberCX chief strategy officer Alistair MacGibbon said while Australia might not be on Russia's immediate radar there is little room for complacency.
"I think there is a consensus both in government and the private sector that there is no direct threat to Australian businesses, but that doesn't mean there is no threat at all," he said.
"And that's because we have seen the state of Russia be quite irresponsible in how it uses cyber activities against places like the Ukraine when they have territorial disputes, and we have seen them spill over to other countries — including Australia."
CyberCX sees the potential for Russia to target critical assets across Europe, including power grids and gas pipelines, in response to global economic sanctions.
But it also warns that Russian intelligence agencies might influence cyber-extortion groups to up their activity and target a much broader group of Western targets.
Mr MacGibbon said that sort of cyber threat poses a real danger to Australia.
"You have this coalition of criminal and nationalist groups that loosely operate underneath the direction, or at least the sanction, of the Russian government," he said.
"We have seen them also in past years get involved when there are these territorial disputes.
"Because Australia is acting, along with other Western nations, there is no doubt that some of them therefore could target Australia."
CyberCX said it has already seen a rise in cyber extortion attacks on Australian and New Zealand targets in recent weeks, where attackers lock up digital assets and demand ransoms.
It has recommended both governments and businesses prepare for the likelihood that those sorts of attacks will increase further if the situation in Ukraine continues to escalate.