Australia Businesses Under Cyber Attack
On June 19, Prime Minister Scott Morrison shared alarming news that Australia businesses and government are under cyber attack. While these attacks aren’t new, the increase in frequency is something that should be taken very seriously.
What do we know about the attacks so far?
An advisory on the government’s Australian Cyber Security Centre website describes the attack as a “cyber campaign targeting Australian networks”.
It says the attacks are primarily using “remote code execution vulnerability” to target Australian networks and systems. This is a common type of cyber attack in which an attacker attempts to insert their own software codes into a vulnerable system such as a server or database.
The attackers would not only try to steal information but also attempt to run malicious codes that could damage or disable the systems under attack.
Detecting this is hard, and would require advanced defensive measures such as penetration testing, where trained security professionals, known as “ethical hackers”, try to hack into a system in an attempt to find potential vulnerabilities.
To inquire about Penetration Testing, contact Xari Group.
What systems have been affected?
The advisory linked the attack to three specific vulnerabilities in particular systems, detailed below. Businesses that use any of these systems are vulnerable to attacks. We cannot tell for sure whether other systems are also vulnerable; other vulnerabilities may emerge in the coming weeks.
Check if any of your systems are vulnerable to attacks. Contact Xari Group today.
How can businesses protect themselves?
Even though specific details of the threats are not fully disclosed, there are measures that businesses can take in the meantime to improve overall cybersecurity posture. These include:
1> Use available government resources – The federal government has provided extensive cyber safety guidelines for Australian businesses, featuring advice on cybersecurity and data protection, and information on the various types of cyber threat. More comprehensive cybersecurity guidelines can be found at the ACSC website.
2> Watch out for spam – Phishing is not just limited to email. These scams can be executed via text messages, social media such as Facebook, and VOIP messaging services such as WhatTargeted App.
As a general guide:
– do not open messages or attachments from unknown senders
– remember that genuine organisations such as banks, government departments and online retailers never ask for personal information via email, and you should always check with them directly (such as by calling them) if in doubt.
Learn how to identify Phishing emails here.
3> Beware DDoS attacks – A “distributed denial of service” (DDoS) attack is the most common type of cyber attack. It works by flooding your website with traffic, preventing genuine customers from reaching your website. Think of it like a traffic jam clogging up a highway and preventing cars from reaching their destinations.
Luckily, there are ways to reduce the impact of DDoS attacks, such as by using intrusion detection and prevention systems. If you are concerned about DoS attacks speak with your internet provider about developing a DDoS response plan.
4> Have a backup plan – A “continuity plan” ensures important assets such as personnel records, customer databases and network configurations are protected and can be restored quickly in the event of a cyberattack.
Want to set-up a Business Continuity Plan, or assess your current one? Contact Xari Group.
Businesses should also follow sensible IT security procedures.
Regardless of the details, the latest announcement is a reminder that we should not lower our guard against cyber attacks. The latest round of cyber attacks are likely the result of previous “reconnaissance attacks”, which revealed existing vulnerabilities in Australian networks.
Taking the steps outlined above could help prevent hackers mounting similar attacks in the future.
Want to make sure that you are protected against a cyber attack? Get a free assessment today.