On Friday 19 June 2020, the Australian Prime Minister Scott Morrison announced that Australia was in the midst of a cyber attack targeting Australian organisations across a range of sectors, including all levels of government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure.
He confirmed that Australian organisations were being targeted by a “sophisticated state-based cyber-actor” because of the scale and nature of the targeting and the tradecraft used.
As well as unsuccessfully attempting to exploit public-facing infrastructure, the Australian Cyber Security Centre (ACSC) identified the use of various ‘spearphishing’ techniques taking the form of:
- links to credential harvesting websites
- emails with links to malicious files, or with the malicious file directly attached
- links prompting users to grant Office 365 OAuth tokens to the actor
- use of email tracking services to identify the email opening and lure click-through events.
Once this initial access was achieved, the actor could then utilise a mixture of open source and custom tolls to persist on and interact with the victim network, even migrating to legitimate remote access using stolen credentials.
How Your Business Can Respond
It’s important that Australian companies are alert to this threat and take steps to enhance the resilience of their networks. The ACSC recommends the following:
1. Promptly patch internet-facing software, operating systems and devices
Every exploit undertaken by this cyber attack was publicly known and had patches or mitigations available. You should ensure that security patches or mitigations are always applied to internet-facing infrastructure within 48 hours. You should also use the latest versions of software and operating systems.
2. Use multi-factor authentication across all remote access services
Multi-factor authentication should be applied to all internet-accessible remote access services, including:
- web and cloud-based email
- collaboration platforms
- virtual private network connections
- remote desktop services.
How to Reduce the Risk of a Cyber Attack in Your Business
With cyber attacks against business becoming more and more common, there are many things you can (and should!) do to prepare your business.
Develop A Cyber Security Strategy
Implement the Essential Eight
The ACSC has a prioritised list of mitigation Strategies to Mitigate Cyber Security Incidents to assist organisations in protecting their systems against a range of adversaries. These strategies can be customised to fit your business requirements.
While no single mitigation strategy is guaranteed to prevent cyber security incidents, organisations are recommended to implement eight essential mitigation strategies as a baseline. This baseline, known as the Essential Eight, can be incorporated into your cyber security strategy.
Educate Your Staff
Implement Secure Remote Work Cyber Security Measures
With more and more staff working from home in Australia, cyber criminals are taking advantage of vulnerabilities arising from the use of remote access technologies. This means it’s essential to incorporate good cyber security measures into your contingency and business continuity planning.
Implementing a proactive and robust cyber security strategy can be more cost-effective in terms of time, money and effort than having to respond to a large-scale cyber security incident.
How to Report an Incident
If you have indications that your environment has been compromised, contact the ACSC by emailing email@example.com or calling 1300 CYBER1 (1300 292 371).