Australia under cyber attack

This morning, our Prime Minister Scott Morrison called an emergency media conference to raise awareness of a cyber-attack targeting Australian organisations.

A range of different organisations are being targeted: all levels of government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure.

Importantly, this attack is against businesses big and small, and there are actions you should take immediately to protect your business:

  1. Patch or update all of your systems and software.

  2. Enable and always use multi-factor authentication wherever available.

  3. Take extra care with emails containing Dropbox, OneDrive links or attached office documents.

Visit www.cyber.gov.au for more information on the technical advisory.

Cyber attacks are unfortunately part of the world we live in today. At Cynch, we’re dedicated to helping small businesses deal with this reality. For advice and updates tailored to your own business as this situation evolves, sign-up to our Cyber Fitness Platform.

 

What’s happening?

Cyber criminals are taking advantage of known issues in software and using this to target and access the systems of Australian companies.

These attacks have been ongoing for some time now, but have recently become more active.

 

How does this cyber attack affect Small Businesses?

Cyber criminals often prey on small businesses as a way to get into the larger company networks that they are targeting. Large corporate organisations rely on small companies to supply services and cyber criminals know this.

Usually these small companies don’t have a dedicated cybersecurity or IT department and may have less security controls in place, making them an ideal way to get in.

If your business works with larger organisations or government departments the chances of you being a target of this attack are higher and we strongly recommend paying close attention to the advice being shared by the government.

 

Why is it called Copy and Paste Compromise?

The cyber criminals have been making use of a number of pre-written scripts and tools that are available from publicly available forums. In essence, attacking businesses with ‘copy and paste’.

 

Why is this different to any other cyber-attack?

The reason this has hit the news and is different to other attacks, is because of the increasing surge in malicious activity, the level of sophistication and the types of targeted companies.

 

Were there any personal data breaches from these cyber attacks?

At this stage nothing indicates that any personal or corporate information has been leaked.

 

What are the criminals after?

It is currently unknown exactly what they are after, but they are aggressively trying to get into companies that are the backbone to Australia - government, critical infrastructure, medical service providers, political organisations. 

Initial indications show that they may be after Intellectual Property or other sensitive data and are seeking to build capacity to launch further attacks in the future.

 

What can I do to protect my small business from this cyber attack?

There are currently two key recommendations for Australian small businesses:

  1. Patch or update all of your systems and software.

  2. Enable and always use multi-factor authentication wherever available

  3. Take extra care with emails containing Dropbox, OneDrive links or attached office documents.

It’s also possible that your business may be targeted as a way to gain access to a larger organisation. To avoid this we also recommend:

  • Evaluating the risk you might pose to your customers.

  • Reviewing the security of your business website.

  • Enhancing the security of your email and anything else you might use to communicate externally.

You can find more recommendations in our Cyber Fitness Platform.

 

What do I need to patch?

The main priority is to install security updates for anything you connect to from the Internet. This includes software and any hardware your business relies on. Eg. Web servers and services such as Wordpress. 

  • Anything your team use to access your business remotely (e.g. Citrix, VPN software, Remote Desktop)

  • Operating systems, particularly on any servers, devices that are external facing. (e.g. Windows and Apple)

  • Devices - mobile phones, laptops at home and in the office

  • Website software and hardware such as IIS, Wordpress or CPanel

 

What should I prioritise for Multi-factor Authentication

The main priority is to implement multi-factor authentication for anything you connect to from the Internet. This includes any remote access services as well as

  • Web and cloud-based email (e.g. Office 365, Gmail, Yahoo, Hotmail)

  • Collaboration platforms (e.g. Slack, Sharepoint)

  • Virtual Private Network (VPN) connections 

  • Remote desktop services (e.g. Citrix, Microsoft Remote Desktop)

 

What should I look out for in dodgy emails?

Businesses caught up in this attack have received emails with links and attachments that could give cyber criminals access to your systems. Specific things to watch out for include:

  • Links to documents stored in Dropbox and OneDrive.

  • Office document attachments, particularly PowerPoint presentations.

  • Emails sent from mailguardonline.net or cybersecuritiesinc.net

 

What can ask my employees to do to protect themselves from this cyber attack?

Start by encouraging your team to implement the guidance which we have outlined in our free working securely from home checklist.

As anyone in your team could potentially receive a dodgy email as part of this attack, encourage everyone in your team to keep an eye out and report anything suspicious. You can find more advice on this in our page on spotting fake emails.

 

What is the Essential 8 and does it apply to my small business for this cyber attack?

The Essential 8 is a list of high priority cybersecurity measures a company should take to protect themselves against cyber attacks, published by the Australian Cyber Security Centre (ACSC). 

The Essential 8 are described in plain-language and prioritised for small business in our Cyber Fitness Platform.

You can find more information about the Essential 8 here: https://www.cyber.gov.au/publications/essential-eight-explained

 

What to do if you think you have been compromised?

  1. Contact your IT service provider 

  2. Report it to: https://www.cyber.gov.au/report

If you have questions about this situation or have indications that your environment has been compromised, contact the ACSC by emailing asd.assist@defence.gov.au or calling 1300 CYBER1 (1300 292 371).

For more information on how to report scams, read our advice here: https://cynch.com.au/resources/how-to-report-a-small-business-online-scam

 

How can Cynch help?

Practical Advice and Updates

When situations like this arise, our first goal is always to raise awareness amongst the community and provide practical, straight-forward advice to small businesses unsure about what’s happening.

We have already notified our Cyber Fitness members via email and the page you’re on has been set up for this purpose and will be updated as things evolve.

We’ll be updating our social media accounts when things update here, so please consider following us on Twitter, LinkedIn and Facebook if you’re keen to stay up to date.

Cyber Risk Management

Our members are able to proactively manage and reduce their cyber risks by using our Cyber Fitness Platform. We don’t use tech-speak, we just give small businesses what they need. 

Re-assessing Member Risks

Our team has completed an initial assessment of the concerns associated with this situation and updated our platform to ensure our members have the latest, most important things they can do prioritised for them.

Many of the relevant concerns had previously been prioritised for our members as were recommended actions, helping ensure our members are well-positioned to respond.

Proactively Notifying Members

Where we’ve identified specific technologies or risks in our member businesses, we’ve proactively notified them of the steps they should consider taking and will continue providing assistance as they work with their IT support providers to address any security gaps.

 

What else can I do?

While the specific targets of the attack have not been shared, it is likely that larger organisations and government departments are the main targets. Smaller businesses may become a target if they have a relationship with their ultimate target. Our advice on how to protect your business from online scams is a good starting point for reducing the chances of being targeted in this way.

The Australian Cyber Security Centre (ACSC) has suggested that if your business was to be targeted in one of these attacks it could be very difficult to figure out what’s going on if you aren’t collecting the right data.

To give you the best chance of knowing what’s going on, it’s recommended you enable extra security event logging in your systems and on your computers. You can find more information about this on the ACSC website or sign-up to our platform for more plain-language guidance for your business.

Team Cynch