Threat Advisory: Sustained, State-Sponsored Cyber Attack on Australian Government and Businesses

This morning the Australian Prime Minister, Scott Morrison, announced that the Australian Cyber Security Centre (ACSC) had been tracking a sustained, state-sponsored cyber-attack on the Government and Private sector.

The finer details are still coming to light, but here are a few Incident Response best practices and prudent measures you should consider as an answer to questions likely being asked by your Executive suite and Board, such as:

Has our business been impacted by this attack and what should we do?

The Australian Cyber Security Centre (ACSC) is reporting that the attack techniques being used are proof-of-concept exploit code, webshells and other tools copied from open-source software. There are a number of access vectors, with the most prevalent being the exploitation of public-facing infrastructure.

InfoTrust is advising its customers to consider:

  • Your basic security controls are configured to best practice to prevent misuse of any data that may have been stolen. For example, enforcing MFA on remotely accessible servers or applications. Enforcing a password change for your staff and backing up your systems.
  • Ensure all your internet-facing software, operating systems and devices are patched. The vulnerabilities exploited by the actor in this campaign were publicly known with available patches and mitigations.
  • Transparency and clarity of communication is key at this time. It’s worthwhile providing your Executive suite or Board with proactive communication interim update as to this incident to put minds at ease that this is being dealt with.
  • A further step would be to perform a compromise assessment of your own environment, by analysing your forensic logs to see whether ‘bread crumbs’ are found to suggest malicious activity has occurred. However, this can be time-consuming and requires specialist software, so we only recommend doing this if you have strong suspicions of malicious activity or you believe your business is a likely target.

To read the ACSC advisory article you can click here.

If you have any questions or concerns please don’t hesitate to reach out to the InfoTrust team.