Updated 5:18pm Thursday 12th october 2017
Patrick Durrant | Sydney
Australian Cyber Security Centre (ACSC) coordinator Clive Lines says many computer networks are still being compromised via publicly known vulnerabilities that have known mitigations.
In the foreward to the Centre's Annual Threat Report released on Tuesday, Lines wrote “too many of the incidents the ACSC responds to could have been prevented had organisations employed established and relatively straightforward cyber security measures”.
When even ICT security providers are being compromised and exploited, it is a clear wake-up call for everyone
Lines cited the WanaCry ransomware as an example: “[It] used a publicly known vulnerability that had been patched months before and that the ACSC had publicly reported”.
Australia had not been significantly impacted by this relatively low level threat but another disturbing trend the ACSC highlighted in the report was of increasingly sophisticated exploits being developed and deployed against well-protected networks.
“Also worthy of highlighting has been the global campaign by advanced adversaries to compromise some private sector providers of ICT services, including ICT security.” Through these compromises, Lines explained that adversaries have been able to access the networks of some of these companies’ clients.
“When even ICT security providers are being compromised and exploited, it is a clear wake-up call for everyone to be conscious of contemporary cyber security risks and best practice mitigations.”
During a speech given at The National Press Club on Tuesday Assistant Minister for Cyber Security Dan Tehan alluded to a particular case where the computer system of a national securtity contractor had been penetrated late last year.
According to a report by ZDNet, restricted technical information on the F-35 Joint Strike Fighter, the P-8 Poseidon maritime patrol aircraft, the C-130 transport aircraft, the Joint Direct Attack Munition (JDAM) smart bomb kit, and future warships for the Royal Australian Navy was among the sensitive data stolen.
“The thing that is most concerning is that what we're seeing is a growing sophistication in these attacks,” Tehan said.
Current challenges detailed by the report included:
- Ransomware continues to grow as a method of extorting funds from a wide range of victims.
- Credential-harvesting malware poses an increasing threat to Australians by facilitating the theft of credentials, such as login details and account numbers.
- Social engineering is growing in sophistication and is likely to be increasingly employed by malicious adversaries to disguise their illicit activities as genuine.
- Adversaries have increased their targeting of trusted third parties, particularly service providers.
- The increased integration into the ecosystem Internet of Things (IoT) devices, such as smartphones and tablets, introduces significant risks as security is not always a top priority during their creation.
- The scale and impact of Distributed Denial of Service (DDoS) activity has set new records for volume.
- Malicious, sophisticated adversaries were using automated scanning to identify vulnerable Australian routers before extracting configuration files, thereby enabling control of internet communications that transit the device.
According to the report, the more advanced adversaries were continuing to invest in their capabilities so staying ahead of them remains an enduring challenge. Foreign states still possess the greatest capability to compromise Australian networks, with the ACSC having detected “extensive state-sponsored activity against Australian government and private sector networks in support of economic, foreign policy and national security objectives”.
Motherboard reported Tuesday that many large US defence contractors have not enabled the standard web encryption HTTPS by default, which leaves visitors of these sites exposed to common cyberattacks that could potentially allow hackers to infect them with malware.
Cyber security firm FireEye has released an alert following observations of several high-volume FormBook malware distribution campaigns primarily taking aim at the aerospace, defence contractor and manufacturing sectors.