Parliament House attack a tough lesson on credential security

Credit: ID 128782397 © Alexander Yakimov |

The high-profile breach of Australia’s Parliament House highlights a rising climate of nation-state attacks that will drive a cybersecurity reckoning across both public and private sectors, experts have argued as the fallout from the attack continues to emerge.

A growing threat of nation-state attack has long had security advisors warning companies to be aware as state-sponsored cybercriminals pursue new strategies and refine their tactics. Recent analyses have, for example, linked state-sponsored attackers to an exploit against Twitter and identified a new nation-state actor suspected to be from the Middle East.

The government has been tight-lipped about the scope of the attack and the information assets that may have been compromised, only suggesting that China may be to blame.

However, its move to quickly reset all passwords meant authorities “should be lauded for their efforts to quickly identify the breach and take precautionary steps to avert any leakage of data,” Forcepoint ANZ senior director Sam Ghebranious said, highlighting the importance of baselining ‘normal’ user behaviour on corporate networks.

“The precautions taken suggest that nefarious actors may be looking to steal the digital identities/credentials of approved users to operate within the parliamentary computer network without being identified.”