ACSC Threat Report highlights real-world effects of cyber attacks
Ransomware, credential theft, IoT security and state-sponsored cyber attacks still reign supreme in Australia’s cyber threat world, according to ACSC’s Threat Report 2017.
The organisation says that amongst all the usual security culprits, Distributed Denial of Service (DDoS) attacks have set new records due to the sheer volume of attacks, both through traditional approaches and through newer methods such as compromising IoT devices.
Other notable parts of the report include the breakdowns of self-reported incident types across both the private and government sector. Spearphishing accounted for 47% of attacks in government organisations and 56% of private sector organisations cited ‘compromised systems’ as their top reported incident type.
The report also attracted attention from experts for its case study from November 2016 in which a small Australian defence contractor was compromised by a cyber attacker.
“ACSC analysis confirmed that the adversary had sustained access to the network for an extended period of time and had stolen a significant amount of data. The adversary remained active on the network at the time,” the report says.
The attacker has used an internet-facing server to gain access to a network and used webshells to allow remote machine administration and gain further access.
“The lesson is that users and administrators should never run their computer with administrative privileges unless they are required to do a specific task. This is where the ‘Least Privilege’ model is important: It assigns users and administrators with privileges on a temporary basis to perform specific tasks on specific machines,” comments Centrify senior director of APAC Sales, Niall King.
According to ACSC, cyber attackers continue to target defence contractors because they want access to information that would be harder to get from secure government networks.
“The ACSC provided an analysis of contextual cyber security threats affecting Australia’s defence industry, and preventative strategies and resources to raise awareness of the threat to over 150 businesses in the sector. Establishing this dialogue builds on the relationship the ACSC and Australian Government have with the defence industry to strengthen the sector’s cyber security awareness and posture over time,” the report says.
Other case studies included an incident in which the Australian branch of a multinational construction services company was breached through its managed service provider (MSP).
An attacker breached the MSP’s account and installed malware on the victim’s network. The account was specifically created so that the MSP could gain access to its network, a common setup amongst many MSP-customer relationships and indicative of the risks of outsourcing certain activities, the ACSC says.
“When you enable other organisations access to your network, your network is exposed to their security posture – you are effectively increasing your own risk. And when you don’t know the risks associated with a connected network, it is much more difficult to mitigate them.”