Prime Minister Scott Morrison says Australia is being hacked. AAP/Sam Mooy.
The federal government has published emergency cyber security guidelines for businesses after Prime Minister Scott Morrison revealed a wide-ranging cyber attack targeting Australia.
Speaking on Friday morning, Morrison said a state-based actor was likely behind the hack, which has targeted Australian government organisations, operators of critical infrastructure and private sector companies.
“There are not a large number of state-based actors that can engage in this type of activity and it is clear, based on the advice that we have received, that this has been done by a state-based actor with very significant capabilities,” Morrison said.
“The actions that we are taking are the actions that we need to take and we will continue to be as vigilant as we possibly can be.”
The government run Australian Cyber Security Centre (ACSC) has published a series of guidelines overnight to help firms protect themselves from the attack.
What we know about the attacks
Here’s what the ACSC said about the nature of the attack, which has been dubbed as ‘Copy-paste compromises’:
“The title ‘Copy-paste compromises’ is derived from the actor’s heavy use of proof-of-concept exploit code, web shells and other tools copied almost identically from open source,” the ACSC said.
“The actor has been identified leveraging a number of initial access vectors, with the most prevalent being the exploitation of public-facing infrastructure — primarily through the use of remote code execution vulnerability in unpatched versions of Telerik UI.
“Other vulnerabilities in public-facing infrastructure leveraged by the actor include exploitation of a deserialisation vulnerability in Microsoft Internet Information Services (IIS), a 2019 SharePoint vulnerability and the 2019 Citrix vulnerability.”
The attackers have also started using phishing techniques, including sending out links to credential harvesting websites, sending emails with links to malicious files, links promoting users to grant them Office 365 authentication codes, and email trackers to lure people to “click-through events”.
How to protect your business
“Once initial access is achieved, the actor utilised a mixture of open source and custom tools to persist on, and interact with, the victim network,” the ACSC said.
The government has identified two mitigation strategies it is advising businesses to consider:
- Patching of internet-facing software, operating systems and devices; and
- Using multi-factor authentication across all remote access services.
Firms looking to utilise multi-factor authentication should enable it on all web and cloud-based email services, any collaboration platforms like Slack, virtual private network (VPN) connections and remote desktop services.
Additionally, firms are being advised to implement the entirety of the ACSC’s eight cyber attack mitigation strategies, which include measures to protect against malicious malware and other scripts.
This article was updated at 14:30 June 19 to clarify cyber attacks are not ongoing.
NOW READ: Aussie cybersecurity startup Kasada raises $14 million amid COVID-19 online crime spike
NOW READ: Why cyber security startup HackHunter will be worth “over $100 million” in five years
ABOUT THE AUTHOR
COMMENTS
SmartCompany is committed to hosting lively discussions. Help us keep the conversation useful, interesting and welcoming. We aim to publish comments quickly in the interest of promoting robust conversation, but we’re a small team and we deploy filters to protect against legal risk. Occasionally your comment may be held up while it is being reviewed, but we’re working as fast as we can to keep the conversation rolling.
The SmartCompany comment section is members-only content. Please subscribe to leave a comment.
The SmartCompany comment section is members-only content. Please login to leave a comment.