Daily Bulletin


News

  • Written by Mahmoud Elkhodr, Lecturer in Information and Communication Technologies, CQUniversity Australia

Prime Minister Scott Morrison had some alarming news for Australians this morning: we are under cyber attack. He informed the nation the attacks “hadn’t just started”, and that Australian businesses and governments are being widely targeted.

It is unclear why the government chose today to make the announcement, or indeed what exactly is going on.

The attack is described as “state-sponsored”, which means a foreign government is believed to be behind it. When asked who that might be, Morrison said there is a high threshold for drawing that kind of conclusion, but added:

…there are not a large number of state-based actors that can engage in this type of activity.

This has been interpreted as a coded reference to China, which the Australian government reportedly suspects of being behind the attacks.

Read more: Why international law is failing to keep pace with technology in preventing cyber attacks

What do we know about the attack so far?

An advisory note posted on the government’s Australian Cyber Security Centre website describes the attack as a “cyber campaign targeting Australian networks”.

The advisory says the attackers are primarily using “remote code execution vulnerability” to target Australian networks and systems. Remote code execution is a common type of cyber attack in which an attacker attempts to insert their own software codes into a vulnerable system such as a server or database.

The attackers would not only try to steal information but also attempt to run malicious codes that could damage or disable the systems under attack.

Detecting this is hard, and would require advanced defensive measures such as penetration testing, in which trained security professionals known as “ethical hackers” try to hack into a system in an attempt to find potential vulnerabilities.

What systems have been affected?

The advisory linked the attack to three specific vulnerabilities in particular systems, detailed in the table below. Any business that uses any of these systems is vulnerable to attack. It is too early to tell whether other systems are also vulnerable; other vulnerabilities may emerge as investigations continue.

Affected system

Description

Action required

Microsoft Internet Information Services (IIS)

This is a general-purpose webserver from Microsoft that runs on Windows systems. The most common use of an IIS is to host web-based applications and simple static websites.

For all three systems:

  • Ensure you are running the    latest version of the software
  • Install the latest patches and updates
  • Change all passwords, log off from all devices
  • Set up multifactor authentication, more details can be found here
  • Scan and remove any malicious codes which you don’t recognise

    

 

 

SharePoint

A SharePoint Server is used by organisations to manage Office 365 Enterprise accounts within their own organisation.

Citrix

The affected Citrix products are mainly Citrix gateways and servers. These are used to support web, cloud and mobile application services.  

How can businesses protect themselves?

Even though the specific threats are not fully known to the public, there is a range of measures businesses can take in the meantime. These include:

Use available government resources

The federal government has provided extensive cyber safety guidelines for Australian businesses, featuring advice on cyber security and data protection, and information on the various types of cyber threat.

More comprehensive cyber security guidelines can be found at the ACSC website, including detailed advice on secure management of databases, email systems and physical computer assets, among others.

Watch out for spam

Phishing is not just limited to email. These scams can be executed via text messages, social media such as Facebook, and VOIP messaging services such as WhatsApp.

As a general guide:

  • do not open messages or attachments from unknown senders

  • remember that genuine organisations such as banks, government departments and online retailers never ask for personal information via email, and you should always check with them directly (such as by calling them) if in doubt.

Read more: Everyone falls for fake emails: lessons from cybersecurity summer school

Beware DDoS attacks

A “distributed denial of service” (DDoS) attack is the most common type of cyber attack. It works by flooding your website with traffic, preventing genuine customers from reaching your website. Think of it like a traffic jam clogging up a highway and preventing cars from reaching their destinations.

Luckily, there are ways to reduce the impact of DDoS attacks, such as by using intrusion detection and prevention systems. If you are concerned about DoS attacks speak with your internet provider about developing a DDoS response plan.

Have a backup plan

A “continuity plan” ensures important assets such as personnel records, customer databases and network configurations are protected and can be restored quickly in the event of a cyberattack.

Suggested plans are available via the federal and Queensland governments.

Businesses should also follow sensible IT security procedures, which include the following:

Australia is under sustained cyber attack, warns the government. What's going on, and what should businesses do? What businesses should be doing to minimise their cyber security risks. Mahmoud Elkhodr, Author provided

Regardless of the details, the latest announcement is a reminder that we should not lower our guard against cyber attacks. The latest round of cyber attacks are likely the result of previous “reconnaissance attacks”, which revealed existing vulnerabilities in Australian networks.

Taking the steps outlined above could help prevent hackers mounting similar attacks in the future.

Authors: Mahmoud Elkhodr, Lecturer in Information and Communication Technologies, CQUniversity Australia

Read more https://theconversation.com/australia-is-under-sustained-cyber-attack-warns-the-government-whats-going-on-and-what-should-businesses-do-141119

Writers Wanted

How the stunning abstract art of Hilma af Klint opens our eyes to new ways of seeing

arrow_forward

Home quarantine for vaccinated returned travellers is extremely low risk, and won't damage their mental health

arrow_forward

Boom in Aussies buying up restaurants, pubs, hotels and bars in regional centres

arrow_forward

The Conversation
INTERWEBS DIGITAL AGENCY

Politics

Prime Minister interview with Karl Stefanovic and Allison Langdon

Karl Stefanovic: PM, good morning to you. Do you have blood on your hands?   PRIME MINISTER: No, it's obviously absurd. What we're doing here is we've got a temporary pause in place because we'v...

Karl Stefanovic and Allison Langdon - avatar Karl Stefanovic and Allison Langdon

Prime Minister Scott Morrison delivered Keynote Address at AFR Business Summit

Well, thank you all for the opportunity to come and be with you here today. Can I also acknowledge the Gadigal people, the Eora Nation, the elders past and present and future. Can I also acknowled...

Scott Morrison - avatar Scott Morrison

Morrison Government commits record $9B to social security safety net

The Morrison Government is enhancing our social security safety net by increasing support for unemployed Australians while strengthening their obligations to search for work.   From March the ...

Scott Morrison - avatar Scott Morrison

Business News

Boom in Aussies buying up restaurants, pubs, hotels and bars in regional centres

With international borders closed, regional Australia is seeing a dramatic surge in popularity as people move out of the cities and into their quaint communities. City slickers are looking for new...

Tess Sanders Lazarus - avatar Tess Sanders Lazarus

5 Signs Your Business Needs Onboarding Software

Onboarding software is the technology that automates a smooth transition for new hires from before the interview to the first day on the job. High-quality onboarding platforms feature a digital da...

Onboarded - avatar Onboarded

What Is COVID 19 Risk Assessment for Vulnerable Workers and Why Your Business Needs it

During the height of the COVID-19 pandemic, governments strongly advised people to just stay at home as a critical effort to stop the spread of the virus. This led to many businesses temporarily s...

NewsServices.com - avatar NewsServices.com