Tag Archives: Australia

Australia Fights Sophisticated State-Backed Copy-Paste Attack with The Essential Eight!

20 June 2020

Reports on a wave of sophisticated nation state sponsored cyber-attacks against Australian government agencies and critical infrastructure operators spread like wild-fire through international media the day before yesterday.

From an IT security point of view, the access vector is really interesting. In Advisory 2020-008 (1) , the Australian Cyber Security Centre (ACSC) states that the actor leverages mainly a remote code execution vulnerability in unpatched versions of Telerik UI, a deserialization vulnerability in Microsoft Internet Information Services (IIS), a 2019 SharePoint vulnerability, and the 2019 Citrix vulnerability.

The name Copy-Paste for the attacks comes from the actor’s “capability to quickly leverage public exploit proof-of-concepts to target networks of interest and regularly conducts reconnaissance of target networks looking for vulnerable services, potentially maintaining a list of public-facing services to quickly target following future vulnerability releases. The actor has also shown an aptitude for identifying development, test and orphaned services that are not well known or maintained by victim organizations.” (1)

The Essential Eight

The Essential Eight (Click to enlarge)

In the advisory the ACSC recommends some really basic preventive measures like patching or multi-factor authentication. These are two controls of “The Essential Eight”(2). I like the name “The Essential Eight”. It reminds me on the 1960 Western-film “The Magnificent Seven”, reinforced by Chuck Norris 😉

The Essential Eight focus on very basic strategies to reduce the likelihood and the impact of an attack. Without them, UEBA, SIEM, Threat Intelligence, Deep Packet Inspection, PAM, etc. make few sense.

Except of multi-factor authentication, The Essential Eight are part of the feature-rich Windows and Linux OS or already (backup solution) in place. So, only some internal effort and leadership is required to dramatically increase the resilience against cyber-attacks.

The Essential Eight are a prefect weekend reading. Have fun.

References

  1. Advisory 2020-008: Copy-paste compromises – tactics, techniques and procedures used to target multiple Australian networks | Cyber.gov.au [Internet]. [cited 2020 Jun 19]. Available from: https://www.cyber.gov.au/threats/advisory-2020-008-copy-paste-compromises-tactics-techniques-and-procedures-used-target-multiple-australian-networks
  2. Australian Cyber Security Center. Essential Eight Explained | Cyber.gov.au [Internet]. Australian Signals Directorate. 2020 [cited 2020 Jun 19]. Available from: https://www.cyber.gov.au/publications/essential-eight-explained

Top secret information about Australia’s military hacked – SME’s overstretched with Cyber Security Frameworks

15 October 2017

Lisa Martins report Top secret information about Australias military hacked, published on October 12th, 2017 at news.com.au, about a one year old attack on an Australian defense contractor is another example that small businesses are technically and organizationally overstretched with the challenges of cyber security.

The best approach for SMEs would be to set up a cyber security framework like the NIST Cyber Security Framework or an ISO 27001 based framework. But the effort to do this is for small businesses just too high.

For SMEs to stay ahead of the cyber security curve a light version of such frameworks is required, with focus put on actively managing the risk.

The Strategies to Mitigate Cyber Security Incidents of the Australian Signals Directorate (ASD) puts focus on the basics. If carefully implemented and regularly assessed, the security level goes up and this kind of attacks are no longer possible. Even large businesses can raise their security level when implementing the ASDs recommendations.

But when it comes to critical infrastructures a full implementation of a cyber security frameworks is the only way to survive in the long-term. By the way, the first task in the NIST CSF core is asset management…

Have a great week.