In light of the recent events that have turned the Australian public eye to cybersecurity matters, we want to help you understand what the persisting threats have been and what practical steps to take right now. It’s important here to understand that the cyber threat landscape has existed and evolved for quite some time now. In fact, the Australian economy loses $1 billion on an annual basis as a result of cyber attacks. This is a complex and continually shifting issue, so unfortunately there isn’t a silver bullet solution that prevents future attacks from happening – it takes consistent and active cyber threat monitoring to maintain cybersecurity.
As a player in the security industry for eleven years, CTRL Group has seen hackers take advantage of all kinds of scenarios. Most recently it’s the uncertainty, chaos, and remote working situations that have allowed attackers to enact social engineering methods and other strategic attacks to gain access to an organisation’s systems and information. Therefore, we cannot stress enough that staying on the watch is undoubtedly a key priority for organisations.
We’ve also spotted common script patterns and have formulated a strategy to mitigate risks.
From a macro-scale we see that attackers are using three broad strategies to gain access to business and information systems: vulnerabilities in software versions, social engineering attacks on staff, and placing remote or backdoor tools on your network.
Attacking vulnerable versions of software and services
Patches exist because software isn’t perfect, so when vulnerabilities are found developers will immediately address them with a new version. It’s extremely important to keep all your software patched as these vulnerabilities are easy for attackers to automatically detect and take advantage of. Scan your external attack surfaces for vulnerable versions of software or services. If any of the following services are deployed on your network and not patched, they need to be patched immediately:
- Microsoft IIS – 2019 Vulnerability
- Microsoft SharePoint – 2019 Vulnerability
- Citrix – 2019 Vulnerability
- Tereric UI – Remote Execution Vulnerability
Targeted phishing and credential attacks
Attackers will often target staff members in order to steal their login details and gain access to your network. Ensure that all staff are aware of these types of attacks:
- Spear Phishing Attacks
- Credential Attacks
- Leaked Credential Usage
Urgently advise your staff to never provide any passwords online or over the phone and to change their passwords often. Update password complexity requirements to meet the Australian Signals Directorate’s new standards, which is now: three random words, uppercase, lowercase, and special characters with a minimum length of 14 characters. Consider adopting password managers such as LastPass Enterprise to automatically manage unique complex passwords for your staff. They must stay vigilant in cyber threat monitoring – after all, they are the first line of defense of the organisation’s systems.
Implement multi-factor authentication (MFA) for privileged accounts first then deploy MFA for all accounts. Make use of authenticator applications such as Microsoft Authenticator to streamline the process. MFA is a critical security control for remote work and for many environments the only control protecting your organisation from a notifiable breach after a successful phishing attack.
Tools that enable attackers remote or backdoor access
There are existing tools that can create entry points for attackers into your business network. It takes advanced monitoring to be able to detect these tools in your system. These tools include:
- Remote Access
- Backdoor Network Deployment
- Network Monitoring Tool Deployment
Monitoring, SIEM, and endpoint security services can be provided by cybersecurity experts such as CTRL Group. This consists of deploying monitoring that utilises a mixture of CTRL security analysts and machine learning software. We will work with you to get your devices, including BYOD devices, to have endpoint security installed and patched. Consider deploying control systems over devices including BYOD such as Microsoft Intune. This will allow effective cyber threat monitoring in the long term.
In addition to this, conducting yearly penetration tests on your internal environment and external facing systems gives you a strong understanding of your network and systems risk exposure. Addressing the risks identified by penetration tests will add another layer of cyber protection that will substantially increase your security posture and lower the chances of critical breaches occurring.
In times of uncertainty and rapid changes, it is obvious that risk exposures for organisations have increased as well. Approach cybersecurity holistically, consistently, and intelligently by collaborating with cybersecurity experts like CTRL Group. Our aim is to help you address cyber risks that you’re exposed to methodically and efficiently.