June 2020 Cyber Attack Against Australian Assets
On 19th June 2020, the Australian Government announced the detection of an increase in cyber attacks against Australian businesses and Government. Although cyber attacks are happening all the time, the increase is significant due to its size, scale and the apparent involvement of a “nation-state actor”. This attracted a lot of mainstream media attention (ABC.)
Cadzow TECH has reviewed the information published by the Australian Cyber Security Centre (Advisory 2020-008) and provides the following information for its clients.
This document begins with some simple advice for all users and continues with more detail — please read the first section if nothing else.
What Can I Do?
The simple, immediate actions everyone can take are:
Less simple and more time-consuming but extremely valuable:
What Is The Attack?
Reportedly, the attack uses a variety of techniques to gain foothold in systems, from phishing (to obtain credentials), malware-laden emails to run code on the user's system and attacks against vulnerable servers. Once the attacker has gained entrance to a system, they use a variety of techniques to spread across the network and gain further traction. It's not clear what the point of the intrusion is, as it is does not seem to be ransomware, which would provide a financial reason. But due to the presence of the “nation-state”, the point may be to simply gain footholds in many systems or cause disruption.
A lot of the attack vectors are well-known and the ACSC makes a lot of mentions of techniques being “not novel”. There are attempts to exploit known vulnerabilities, social-engineering using phishing emails and stolen credentials.
What Is Cadzow TECH Doing?
Organisations on management plans by Cadzow TECH are already in a good position to stay safe. We employ a number of techniques to improve safety, including:
It is important to note that while Cadzow TECH applies various techniques to reduce attack surfaces, they cannot be eliminated. There are always attack surfaces. Additionally, the settings we use are not necessarily as tight as possible. Some organisations run their IT systems in an extremely locked-down manner. Our default management style is to reduce attack surface while enabling users to perform their work without much hindrance. However we continually monitor this and make changes from time to time.