As Australia is rocked by another “enormously damaging” data hack, the Australian Bureau of Statistics has announced it has stopped nearly a billion cyberattacks on the census.
Australian statistician Dr. Speaking at the Melbourne Business Analytics Conference last week, David Gruen said that after the 2016 distributed denial of service attacks that caused the first digital census to be taken offline by the ABS for 40 hours, every effort was being made to Census to protect and its data.
“Nevertheless, everything went smoothly despite the fact that on census day, August 10, 2021, there were just under a billion cyberattacks on our digital census system,” he said.
“Billion is not a misprint.”
A spokesman for the ABS said the census systems were open from July 28, 2021 to October 1, 2021 and during that time the systems open to the public were under constant attack.
“While it’s difficult to quantify what an attack is, in our case, these were connections that were obviously malicious and that we blocked either automatically or manually,” they said.
“On census day alone, we blocked 308,735 malicious connections, and in investigating those connections, we blocked 130,000 IP addresses that were the source of this attack traffic.”
In response to the recent Australian ransomware attack, which has left Medibank customers concerned about their health information being made public, Cybersecurity Minister Clare O’Neil said cyberattacks are part of “this new world”.
“There is an element here that cybercrime is increasing very rapidly around the world – there was an Interpol conference yesterday that brought together the kind of police chiefs from armed forces from around the world and their message to the community was that cybercrime is now their primary crime of international concern,” she said.
“And this is the new world we live in. We will be subject to relentless cyber attacks from now on.”
Medibank is the second major data hack in less than a month after Optus’ systems were breached in September.
One of two Australians who responded to an Essential survey earlier this month said he would like stricter privacy laws in light of the Optus hack. O’Neil has signaled that the government is working on new legislation.
“I find [Medibank] Combined with Optus, this is a huge wake-up call for the country,” she said.
“And it certainly gives the government a really clear mandate to do some things that honestly probably should have been done five years ago but are still very important in my opinion.”
O’Neil said she was particularly concerned about the sensitive nature of the information held by Medibank.
“A lot of cybercrime is related to financial or identity information, which is very problematic when it gets out to the public – what we have here is information held by this organization, which is health information, and it’s just of its own accord published can cause immense harm to Australians,” she said.
The ABS initiated its census security strategy in 2018 but said it was an ongoing project. Ahead of the census, it prepared with DDoS tests, operational simulations, and penetration tests from private and public organizations to ensure the system was fit.
The ABS said it will continue to prepare for malicious cyberattacks and has taken additional steps to protect the data it holds, including testing its systems with information security assessors accredited by the Australian CyberSecurity Centre.
“After data collection and processing, names and addresses are removed from other personal and household data,” the ABS spokesman said.
“Names and addresses are separated from other census data to protect privacy. We store names and addresses securely and separately from each other.
“For the 2021 census, the ABS clears all names within 18 months of the census and addresses within three years. All paper forms from the 2021 census have been destroyed.”
AFP has launched an investigation into the Medicare hack.
#Census #website #hit #billion #attempted #cyberattacks #Australian #Bureau #Statistics #reveals