Written by staff writer.
Ventia says a cyberattack on the weekend of July 8 and 9 is contained. The attack on the Sydney-headquartered essential infrastructure services provider caused it to take key systems offline. However, in a July 12 statement, Ventia says its key internal systems have been safely re-enabled and external-facing networks are systematically being restored.
The company provides a range of services at 400-plus locations across Australia, including waste management, asset management, telecommunications, engineering services and environmental management services. One of its biggest clients is the Western Australian government, with whom it recently signed an AUD229 million four-year contract. It signed a five-year AUD393 million services contract with the Department of Defence in late June.
Ventia is giving little away about the nature of the cyberattack, but the company’s decision to shut down its systems is a characteristic response to a ransomware-style attack. Perth-based media reported that the Department of Justice resorted to manual paper-based operations for a period, including at the secure sections at Perth hospitals.
“Operations are continuing,” says the Ventia statement. “We are working with external cyber security experts to facilitate verification and continuous improvement of our network security.”
Oakley Cox, APAC Analyst Technical Director at DarkTrace says some of Ventia’s systems were offline for at least three days and switching off services would significantly impact customers. “Ventia are an important pillar in the management of critical infrastructure. They operate sites across Australia and New Zealand on behalf of defence, electricity, gas, and water companies,” he said.
“Even if the impacted systems are peripheral services such as management databases or file storage servers, any long-term disruption is going to have a massive impact on the day-to-day running of these sites. The company faces millions of dollars of lost revenue each day the shutdown continues.”
Cox says Australia-based entities are increasingly seen as soft targets for ransomware-style extortion attempts. “The (Ventia) cyber-attack is yet another in a series of attacks targeting businesses in ANZ, with Optus, Medibank and HWL Ebsworth having all been high-profile victims of cyber incidents in the last 12 months.”
The cyberattack comes in the wake of the Australian government appointing Air Marshal Darren Goldie to oversee a whole of government response to significant cyberattacks. Goldie has recently said investigating the attack on HWL Ebsworth was a top priority, but he has not commented on the Ventia incident, even though that entity counts federal government agencies amount its clients.
This week, Cybersecurity Minister Clare O’Neil said the “scale and intensity” of cybersecurity threat actors “far outstrips the recent cases we have seen.” She told a Sydney event that Australians should brace themselves for a “dystopian future” where state-backed hackers would resemble apex predators and private hackers would continue to attack entities for financial gain. So far, there is no word on who is behind the Ventia cyberattack.
Ventia says it will provide further information to customers, regulators, and enforcement agencies as it becomes available, adding that the company “understands” and apologise for the inconvenience and concern that the cyberattack and the subsequent shut-down may have caused.