Story image

ACSC Threat Report highlights real-world effects of cyber attacks

16 Oct 17

Ransomware, credential theft, IoT security and state-sponsored cyber attacks still reign supreme in Australia’s cyber threat world, according to ACSC’s Threat Report 2017.

The organisation says that amongst all the usual security culprits, Distributed Denial of Service (DDoS) attacks have set new records due to the sheer volume of attacks, both through traditional approaches and through newer methods such as compromising IoT devices.

Other notable parts of the report include the breakdowns of self-reported incident types across both the private and government sector. Spearphishing accounted for 47% of attacks in government organisations and 56% of private sector organisations cited ‘compromised systems’ as their top reported incident type.

The report also attracted attention from experts for its case study from November 2016 in which a small Australian defence contractor was compromised by a cyber attacker.

“ACSC analysis confirmed that the adversary had sustained access to the network for an extended period of time and had stolen a significant amount of data. The adversary remained active on the network at the time,” the report says.

The attacker has used an internet-facing server to gain access to a network and used webshells to allow remote machine administration and gain further access.

“The lesson is that users and administrators should never run their computer with administrative privileges unless they are required to do a specific task. This is where the ‘Least Privilege’ model is important: It assigns users and administrators with privileges on a temporary basis to perform specific tasks on specific machines,” comments Centrify senior director of APAC Sales, Niall King.

According to ACSC, cyber attackers continue to target defence contractors because they want access to information that would be harder to get from secure government networks.

“The ACSC provided an analysis of contextual cyber security threats affecting Australia’s defence industry, and preventative strategies and resources to raise awareness of the threat to over 150 businesses in the sector. Establishing this dialogue builds on the relationship the ACSC and Australian Government have with the defence industry to strengthen the sector’s cyber security awareness and posture over time,” the report says.

Other case studies included an incident in which the Australian branch of a multinational construction services company was breached through its managed service provider (MSP).

An attacker breached the MSP’s account and installed malware on the victim’s network. The account was specifically created so that the MSP could gain access to its network, a common setup amongst many MSP-customer relationships and indicative of the risks of outsourcing certain activities, the ACSC says.

“When you enable other organisations access to your network, your network is exposed to their security posture – you are effectively increasing your own risk. And when you don’t know the risks associated with a connected network, it is much more difficult to mitigate them.”

Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.
Stepping up to sell security services in A/NZ
WatchGuard Technologies A/NZ regional director gives his top tips on how to make a move into the increasingly lucrative cybersecurity services market.
Huawei founder publically denies spying allegations
“After all the evidence is made public, we will rely on the justice system.”
Malware downloader on the rise in Check Point’s latest Threat Index
Organisations continue to be targeted by cryptominers, despite an overall drop in value across all cryptocurrencies in 2018.
IoT breaches: Nearly half of businesses still can’t detect them
The Internet of Thing’s (IoT’s) rapid rise to prominence may have compromised its security, if a new report from Gemalto is anything to go by.