Today the Australian Government has announced that Australian organisations are being targeted in a widespread “sophisticated state-based” cyber-attack. Prime Minister, Scott Morrison, has revealed the activity is “targeting Australian organisations across a range of sectors” including Government, Education, and Health.
While I would like to say that I’m surprised or shocked, I am not. In recent months we have seen an escalating number of local cyber-attacks with the likes of Toll Group, BlueScope and Service NSW and I believe the trend will continue. Today’s announcement is a sobering wake up call that I hope all organisations pay attention to.
The Australian Cyber Security Centre (ACSC) has reported the attacks are ‘copy-paste compromises’, which are leveraging “proof-of-concept exploit code, web shells and other tools copied almost identically from open source.”
The Australian Government highly recommends implementing the ASD Essential 8 strategies which promise to mitigate up to 85% of targeted attacks. ASD 8 is considered the most effective way to protect your organisations from cyber threats.
What is the ASD Essential 8?
The ASD Essential 8 provides mitigation strategies to effectively:
- Prevent malware delivery and execution
- Limit the extent of cyber security incidents
- Recover data and system availability.
The ASD Essential 8 strategies consist of:
1. Application whitelisting: A list of approved and trusted programs to prevent execution of unapproved/malicious programs including exe, DLL, scripts (e.g. Windows Script Host, PowerShell and HTA) and installers.
2. Patching applications: E.g. Flash, web browsers, Microsoft Office, Java and PDF viewers.
3. Configure Microsoft Office macro settings: To block macros from the Internet, and only allow vetted macros either in ‘trusted locations’ with limited write access or digitally signed with a trusted certificate.
4. User application hardening: Configure web browsers to block Flash (ideally uninstall it), ads and Java on the Internet. Also consider disabling unneeded features in Microsoft Office (e.g.OLE), web browsers and PDF viewers.
5. Restricting administrative privileges: Operating systems and applications should be assigned on specific user duties, and these privileges need to be regularly revalidated. Privileged accounts also shouldn’t be used for reading email and web browsing.
6. Patching operating systems: Thorough patching and updates should be regularly carried out on your own operating systems.
7. Multi-factor authentication: Including for VPNs, RDP, SSH and other remote access, and for all users when they perform a privileged action or access an important (sensitive/high-availability) data repository.
8. Daily backups: For important, new, or altered data, software and configuration settings need to be stored, disconnected, and retained for at least three months.
Our ASD Essential 8 Timeline
We have been talking about the ASD Essential 8 even before it was called that and was instead referred to as the earlier version of the ASD Top 4. We took the first steps, back in 2016, to launch the first ASD as a Service model offered in the country. To see a quick timeline of just some of the events and announcements we have made over those years, see below:
- 2016-10-19 “Top 4 Strategies to Mitigate Cyber Security Incidents” – Eureka 89, Melbourne.
- 2017-03-02 “Top 4 Strategies to Mitigate Cyber Security Incidents” – Park Hyatt Hotel, Sydney.
- 2019-11-20 FST Media Government Series: "ASD Essential 8” – National Convention Centre, Canberra.
- 2019-07-24 FST Media Government Series: “ASD Essential 8” – Crown Casino, Melbourne.
- 2019-05-29 FST Media Government Series: “ASD Essential 8” – International Convention Centre, Sydney.
- 2019-11-27 Local Government IT Conference – Opal Cove Resort, Coffs Harbour.
We have been consistent in our messaging for such a long time because quite simply, it works.
It is the best possible advice in promoting cyber resiliency for any organisation with constant vulnerability assessment and regular patching, a positive security model and the principal of least privilege. In the few rare cases that we have seen organisations embrace this strategy with gusto, it has become a very difficult challenge for our Red Team to gain a persistent foothold.
How can we help?
Cyber-attacks in Australia are not new; however, they are becoming more frequent and malicious. Today’s announcement from the Australian Government is very alarming and highlights that businesses need to implement robust security controls to mitigate against these attacks. By being ASD Essential 8 compliant, you can protect your business for the future.
Identify where you may be at risk with our ASD Essential 8 interactive tool, click here.
Get in touch with one of our cyber security specialists to learn how:
- We can provide security assessments to detect vulnerabilities and provide examples of compromise through Penetration Testing and Red Teaming.
- We can help map your maturity against the ASD Essential 8 to build a roadmap for remediation to rapidly improve.
- We can provide better visibility, constant advice and rapid incident response through our 24/7 SOC.