A Greater Threat: The Government’s Warning About Cyber Attacks

Australian organisations beware. You are now more at risk of cyber attacks. The latest news from the Australian Signals Directorate, the government agency in charge of cyber security, warns us that sophisticated, state-based actors are committing sustained attacks against government and business networks.

In a bold statement from the government, it’s now businesses as well as governmental agencies that have been determined to be in the cross-hairs of an extensive data-gathering exercise regarding cyber attacks. 

What activity is involved in these cyber attacks?

The cyber attacks have been dubbed ‘Copy-paste compromises.’ They have been given this name because much of the code behind the attacks has been lifted from open source (aka widely available) code on the internet.

The attackers have been getting into systems through known vulnerabilities in well-known and widely-used software, such as Microsoft IIS, Sharepoint and Citrix.

When software companies go public with a known vulnerability they release a patch. The cyber attack then takes advantage of organisations who don’t apply the patch quickly, by using this vulnerability to get into their systems.

When the attacker is not able to get into systems via one of these vulnerabilities, then they go to a second, fall back approach of phishing or whaling; trying to get in via social engineering attacks. Company credentials are stolen so that the attackers have free access to get into systems.

The effects of the attack seem to be more about data reconnaissance rather than things like blackmail. Any organisation that doesn’t think their IP is precious may be seriously in danger in the future.

A sustained threat

The fact that this attacker is exploiting known vulnerabilities almost as soon as they are disclosed makes it imperative that organisations keep up to date with their software patching. As soon as a vulnerability is announced, you need to either patch or lock down your systems to prevent the threats coming in. It is imperative that you are aware of these vulnerabilities (and phishing threat) and act accordingly. 

The second threat, or the attackers gaining stolen credentials, can be mitigated by adding Multi-Factor Authentication (MFA) to all your password-enabled systems – including cloud logins. This way, even if attackers gain a password, they will not have the backup method to confirm logins.

You can read the entire advice for the threat at Advisory 2020-008: Copy-Paste Compromises –tactics, techniques and procedures used to target multiple Australian networks.

Towards more secure organisational data

For many organisations, an entire cyber security team just isn’t in the budget, or your systems admins are stretched too thin (or not skilled enough) to respond to everything. That’s why more people are choosing a managed service provider to take the wheel as the cyber security team. 

A1 Technologies are skilled at managing cyber security within Australian organisations. If you need some extra help in remaining vigilant against ongoing threats to your organisation then get in touch for a consultation.

Julia Sinclair-Jones

Tech writer and ex-software developer with a penchant for travel, techno, and data. Spreading the word of secure, manageable, optimised IT solutions for everyone.