The federal government has published emergency cyber security guidelines for businesses after Prime Minister Scott Morrison revealed a wide-ranging cyber attack targeting Australia.
Speaking on Friday morning, Morrison said a state-based actor was likely behind the hack, which has targeted Australian government organisations, operators of critical infrastructure and private sector companies.
“The actions that we are taking are the actions that we need to take and we will continue to be as vigilant as we possibly can be.”
The government run Australian Cyber Security Centre (ACSC) has published a series of guidelines overnight to help firms protect themselves from the attack.
What we know about the attacks
Here’s what the ACSC said about the nature of the attack, which has been dubbed as ‘Copy-paste compromises’:
“The title ‘Copy-paste compromises’ is derived from the actor’s heavy use of proof-of-concept exploit code, web shells and other tools copied almost identically from open source,” the ACSC said.
“The actor has been identified leveraging a number of initial access vectors, with the most prevalent being the exploitation of public-facing infrastructure — primarily through the use of remote code execution vulnerability in unpatched versions of Telerik UI.
“Other vulnerabilities in public-facing infrastructure leveraged by the actor include exploitation of a deserialisation vulnerability in Microsoft Internet Information Services (IIS), a 2019 SharePoint vulnerability and the 2019 Citrix vulnerability.”
The attackers have also started using phishing techniques, including sending out links to credential harvesting websites, sending emails with links to malicious files, links promoting users to grant them Office 365 authentication codes, and email trackers to lure people to “click-through events”.
How to protect your business
“Once initial access is achieved, the actor utilised a mixture of open source and custom tools to persist on, and interact with, the victim network,” the ACSC said.
The government has identified two mitigation strategies it is advising businesses to consider:
- Patching of internet-facing software, operating systems and devices; and
- Using multi-factor authentication across all remote access services.
Firms looking to utilise multi-factor authentication should enable it on all web and cloud-based email services, any collaboration platforms like Slack, virtual private network (VPN) connections and remote desktop services.
Additionally, firms are being advised to implement the entirety of the ACSC’s eight cyber attack mitigation strategies, which include measures to protect against malicious malware and other scripts.
This article was updated at 14:30 June 19 to clarify cyber attacks are not ongoing.