Australia's cyber attack by state actors: what you should do now

22 Jun 2020

Australia has been the subject of a campaign of cyber-attacks by a state-based actor. What does this mean for Australian businesses?

Protection from the threat

Alerts released by the ACSC will provide your security staff with key intelligence to protect your organisation from state actors.

The data released about the recent nation-state campaign indicate a tried and tested strategy: targeting known vulnerabilities of Enterprise Infrastructure. The techniques used aren't new, but they are employed at scale.

The ACSC advises prioritising the following mitigations:

  • Prompt patching of internet-facing software, operating systems and devices.
  • Use of multi-factor authentication across all remote access services.

Based on further analysis of the tactics employed you can reduce the risk more to your organisation by:

  • Limiting remote access to your network where it isn't necessary.
  • Disabling advanced and rarely necessary features such as Powershell.
  • Ensure your organisation employs an application whitelist where possible.
  • Disable Microsoft Office macros where possible.

The above mitigations won't necessarily stop an attacker using a vulnerability, but they will disrupt their campaign by limiting their options.

In addition, as always, a special focus on email security is a necessity. Attackers will often resort to email phishing attacks when their advanced strategies are exhausted. Regular training for your staff, robust security platforms and intelligence, and proper financial and information controls will limit the damage an attacker can do using these methods.

Work from home users and Incident Response

Working from home raises further concerns in response to these threats.

Having users working outside of the office raises obstacles for effective and appropriate Cyber Incident Response Investigations. Where possible, staff should be working on company hardware and using company software. Several advisories have been released to this end.

Ensure your security staff are ready and prepared to investigate an incident involving a home user with protocols for data collection and communication with that user. If an advanced threat is not properly contained within a staff member's home, it could leave your business network vulnerable to further exploitation.

Ultimately the Prime Minister's announcement references an ongoing threat rather than a new one and, while the usual mitigations apply, it is a reminder for us all to stay diligent.

Disclaimer
Clayton Utz communications are intended to provide commentary and general information. They should not be relied upon as legal advice. Formal legal advice should be sought in particular transactions or on matters of interest arising from this communication. Persons listed may not be admitted in all States and Territories.