Joseph Carson, chief security scientist and advisory chief information and security officer for Thycotic, a privileged account management solution provider, said in a statement that at the moment it was "really hard" to tell if there was nation state involvement in the attack due to the lack of public evidence or details.
“Any attack on the government is typically either political or hacktivism," Carson said.
"However the announcement that this was a nation state cyber attack leaves more questions than answers. Most nation state cyber attacks are typically stealthier than this one which was a very noisy one, using techniques such as phishing to target politicians’ email accounts.
"A nation state’s primary goal is to not be detected and this one did not appear to have that priority."
As iTWire reported on Tuesday, the attackers appear to have used Web shells – scripts that can be uploaded to a Web server to enable remote administration of a machine.
Carson said the attack was clearly not a sophisticated one as suggested. "[Not] unless we are going to learn that they lead to another one being uncovered, lurking within the networks, which would be a more likely scenario," he added.
"We typically find, when investigating a cyber attack, that when you are focused on gathering evidence you might find more than one attacker on your network when you are really looking at it in more detail.
“One thing is absolutely clear, however. Cyber attacks are going to continue: both loud cyber attacks that bring down services and disrupt society, and stealth cyber attacks that remain hidden lurking within networks, stealing sensitive information or waiting for the right moment to bring down the network.”
Kevin Bocek, vice-president of Security Strategy and Threat Intelligence at certificate and key management specialist Venafi, said it was somewhat paradoxical that at a time when the government was looking to control the cyber security protections that businesses could use, it had been attacked itself.
"The government should instead be spending all its energy on protecting the public sector and assisting business, rather than placing restrictions and possible backdoors in the use of encryption and machine identities," he said.
“This follows research showing that 93% of IT security professionals, including those in Australia, expect more attacks on political infrastructure. The adversary wants to increase the level of chaos and distrust in government.
"The recent uncertainty of immigration votes and the new rules on use of encryption and machine identities are exactly what enemies want. And just as we saw with attacks on the German Bundestag, the adversary will leave us guessing about the next move while politicians and cyber security experts are deservedly concerned.
“Hopefully this attack will demonstrate to the government that hackers won’t abide by restrictions on encryption and machine identities, and the government must focus on defeating cyber adversaries and not limiting Australian business.“
Leroy Terrelonge, director of Intelligence and Operations at business risk intelligence company Flashpoint, said one question unanswered about the attack was whether data had been stolen.
He advocated the use of deep and dark web monitoring services by organisations, particularly after a breach, so they could be alerted when data on their clients, employees, suppliers, contractors, etc was found in criminal online communities.
“It is important to highlight that nation state actors typically have different motivations from the archetypal financially motivated actors that dominate the underground economy. Nation state actors are mostly interested in espionage and intelligence gathering. Consequently, information stolen by nation state actors is much less likely to show up in deep and dark web communities," Terrelonge said.
“However, credible reports have shown overlap between cyber criminals and intelligence services, most notably in Russia where in 2014 investigators observed a cyber criminal cooperating with Russian intelligence to steal classified information from Turkey, Ukraine, Georgia, and other countries that have had a tense relationship with Russia.
“Thus, while nation state actors are suspected of being behind the Australian attack, monitoring criminal communities for mentions of the impacted organisations and their people/assets is an important component of the response to this potential data theft.”