The government warns that Australia is under sustained cyberattack. So now, the question that we all have is What is going on, and what should businesses do?
Prime Minister Scott Morrison had some distressing news for Australians on Friday morning. He said that we are under cyberattack. He informed the nation that these attacks hadn’t just started, and that Australian businesses and governments are being extensively targeted.
As of now, it is unclear as to why the government chose Friday, of all days to make the announcement, or what exactly is going on indeed.
The attack is labelled as “state-sponsored”, which in general means that a foreign government is believed to be behind the attack. When he was asked who that might be, Morrison said that there is a high threshold for drawing that kind of conclusion, but he added:
“…there are not a large number of state-based actors that can engage in this type of activity.”
Many prominent people have interpreted this sentence as a coded reference to China, which the Australian government reportedly suspects of being behind the cyberattacks.
An advisory note was posted on the government’s Australian Cyber Security Centre website, which described the attack as a “cyber campaign targeting Australian networks”.
The advisory says the attackers are mainly using “remote code execution vulnerability” to target Australian networks and systems. Remote code execution is a very common type of cyberattack. In this type of attack, an attacker attempts to insert their own piece of software codes into a vulnerable system such as a server or database.
The attackers won’t just try to steal your valuable information but they also attempt to run malicious codes which could damage or disable the systems under attack.
Detecting this type of attacks are hard, as you would require advanced defensive procedures such as penetration testing, which is a process of trained security professionals known as “ethical hackers” trying to hack into a system in an attempt to find potential vulnerabilities.
The advisory linked the attack to three specific vulnerabilities in particular systems, which are detailed below. It is alarming to know that any business that uses any of these systems is susceptible to a cyberattack. It is still too early to tell whether other systems are also vulnerable since other vulnerabilities may emerge as the investigations continue.
Microsoft Internet Information Services (IIS) – IIS is a general-purpose webserver offered by Microsoft that runs on Windows systems. The most common use this is to host web-based applications and simple static websites.
SharePoint – A SharePoint Server is used by various organisations to manage Office 365 Enterprise accounts within their own organisation.
Citrix – The affected Citrix products are primarily Citrix gateways and servers. These products are used to support web, cloud and mobile application services.
• Make sure that you are running the latest version of the software
• Ensure that all the latest patches and updates are installed
• Ask your team to change all passwords and log off from all devices
• Make sure that a multifactor authentication is set up
• Be sure to scan and remove any malicious codes which you don’t recognise.
ProITS clients who are all on a support plan will already be protected by the latest software versions, patches and updates. Other clients should contact us to check on any vulnerabilities they might have.
All clients should ensure to change passwords and if you’re not already using a password manager, I would strongly advise you to start using one.
If you don’t have a two-factor authentication in place already for critical logins, including Office 365, you need to get that set up now.
Even though the extent of the nature of these specific threats are not fully known to the public, there is a wide range of measures businesses could take in the meantime. These include:
The federal government has provided widespread cyber safety guidelines for Australian businesses, highlighting guidance on cyber security and data protection, and information on the various types of cyber threat one could come across.
More extensive cyber security guidelines can be found at the ACSC website, including thorough advice on secure management of databases, email systems and physical computer assets, among others.
Some people think that phishing is limited to email but it not true. These scams could very well be executed through text messages, social media apps such as Facebook, and VOIP messaging services such as WhatsApp.
• never open messages or attachments from unknown senders
• never forget that genuine organisations such as banks, government departments and online retailers would never ask for personal information via email, and ensure that you always check with the respective genuine organisations directly (such as by calling them) if and when you are in doubt.
DDoS attack means “distributed denial of service”. This is the most common type of cyberattack there is. It prevents genuine customers from reaching your website by flooding your website with unwanted traffic. This could be compared with a traffic jam as traffic jams clog up a highway and prevent cars from reaching their intended destinations.
Fortunately, there are ways to minimise the impact of DDoS attacks, such as by using intrusion detection and prevention systems. If you are concerned about DoS attacks consult with your internet provider about developing a DDoS response plan.
A “continuity plan” safeguards important assets such as personnel records, customer databases and network configurations. Continuity plan protects that data and in the event of a cyberattack, it ensures that the data can be restored quickly.
Proposed plans are available through the federal and Queensland governments.
To prevent any malicious threats, businesses should also follow sensible IT security procedures, which include the following:
• The first and vital point will always be making sure that your antivirus is up to date. Also, make sure that you are using the latest version of all the software you use
• Quick patching of software, operating systems and devices
• Make a note to change your password regularly and always use multi-factor authentication across all services
• Restrict the use of administrative privileges as Admin accounts are the digital keys to your business
• User application hardening: disable Flash and any unneeded features. E.g, unused features in Microsoft Office, PDF software, web browsers etc. could be disabled.
• Take daily backup and if possible automatic backup.
Regardless of the details of what we know so far, the latest announcement is a reminder that we should never lower our guard against cyberattacks. The latest round of cyberattacks are likely to be the result of the previous “reconnaissance attacks”, which revealed prevailing vulnerabilities in Australian networks.
Taking the steps outlined above could aid in averting the hackers from mounting similar attacks in the future.