On June 19, Australian Prime Minister Scott Morrison reported that businesses are targeted by a sophisticated, state-based cyber actor. In recent months, there has been a prominent increase in attacks targeting all levels of government, political organisations, the private sector, essential services, education, medical research and development. Other countries are also detecting a similar pattern.
The alarming aspect of this issue is that the PM confirmed cyber intrusions like these are not new, only becoming increasingly frequent. "This is the world that we live in. These are the threats that we have to deal with" says the PM. Businesses and targeted sectors should be vigilant and take action to protect themselves. The Australian Cyber Security Centre (ACSC) outlined the 'Copy-paste compromises' tactics, techniques and procedures used by the attacker to target Australian networks.
What systems are affected?
Official warning has outlined how businesses who utilise the following systems are vulnerable to attacks: Microsoft Internet Information Services (IIS), SharePoint and Citrix.
How can businesses secure their networks and data?
There are various measures that businesses can implement to protect themselves. The Australian government advises on cyber security, data protection and informs on the differing types of cyber attacks. The ACSC also provides an in-depth Information Security Manual and a cyber security framework for businesses to implement which includes network and system management, email management, personnel security and more.
Be wary of phishing
These can be executed via text messages, social media, and messaging services such as WhatsApp. As a general rule of thumb, do not click on messages from unknown senders and always check carefully the address from which it is sent. Sometimes, attackers have access to contacts within your company and will send you "personalised" spam, that is, adapting a colleague's name on the sender email address. Note also that institutions such as the bank or government do not ask for personal details via email, double check with them directly if ever in doubt.
Have a contingency plan
Businesses should implement the following IT security measures:
1. Update your antivirus software
2. Regularly change passwords and use multi-factor authentication
3. Place restrictions on administrative privileges
4. Have daily and automatic backup of data
For more information on how to protect your business, refer to our '4 Essential Strategies for IT Security' blog with ACSC-advised solutions to mitigate cyber security incidents.
Want to learn more about Managing Microsoft Defender Antivirus?
Listen to our latest webinar on-demand where we explain how Microsoft Defender Antivirus provides essential protection against malware on endpoints and how we provide simple and centralised configuration that is consistent across the enterprise.
'Microsoft Defender Antivirus Management with DriveLock' - free to download here.