When the Prime Minister fronted the media on 19 June and announced that Australia is facing sustained sophisticated cyber-attacks, it was a timely reminder that all organisations need to take cyber-security seriously.
According to the Australian Cyber Security Centre, the main attack vector involves ‘copy-paste’ attacks.
Such attacks are relatively simple. Unlike a zero-day, where the attacker discovers a previously unknown vulnerability, copy-paste attacks make use of known open-source exploits. These are all available in the public domain. Put simply, attackers are copying malicious code, then pasting it into the code of internet-facing infrastructure in order to compromise credentials and gain access.
The Australian Cyber Security Centre (ACSC) is warning that attackers are primarily exploiting remote code execution and deserialisation vulnerabilities. It appears Telerik UI, Microsoft IIS, SharePoint and Citrix systems are bearing the brunt of most of the attacks.
Whilst copy-paste attacks are relatively simple, the challenge for attackers comes in knowing exactly which malicious code to paste into which target system. Attackers also need to find ways to bypass an organisation’s detection system and how to conduct the exploit from outside a secure environment.
The fact that attackers are rapidly overcoming these challenges on a regular basis, points to their level of sophistication.
The good news is that because copy-paste attacks make use of known vulnerabilities, organisations can take precautions to avoid becoming victims. The ACSC recommends organisations focus on patching and implementing Multi-Factor Authentication (MFA) as the best ways to stay secure.
Few cyber security activities are as important as regular patching.
With most attackers exploiting known vulnerabilities, some of which have had fixes available for many years, there’s simply no excuse to neglect keeping your systems updated.
My approach to patching is pretty straight forward – JUST DO IT!
This means that organisations should apply patches aggressively. Aggressive patching involves running regular updates on an ad-hoc basis. In most cases it is preferable to ensure patches are rolled out in a timely manner whenever an update is released, rather than waiting and running large batches of patches according to a cyclical timetable.
The latter approach may lead to various difficulties. Managing the roll-out of a large number of patches at one time can be more challenging than regularly implementing one or two updates.
It’s also important that when vendors prompt you to run automatic updates, you do actually run them.
Interestingly, it seems fixes for the copy-paste vulnerabilities currently being exploited may require manually applying updates to computers rather than running fixes using network-wide tools. So, this is something to bear in mind that could make keeping up to date with patches more time-consuming.
CLICK HERE for our 8 Step Guide to Effective Patch Management
MULTI-FACTOR AUTHENTICATION (MFA)
Relying solely on passwords to protect your digital assets is a risky strategy as attackers have well-developed strategies for compromising login credentials. That’s why I strongly urge all our clients to implement Multi-Factor Authentication (MFA) on all their systems as a top priority.
There are a range of ways you can implement MFA including one-time passwords, SMS verification codes, hardware tokens or biometrics. Different MFA options offer different levels of security, but they all offer a significant improvement over the basic login and password.
Increasingly, organisations are making use of Two-Factor Authentication (2FA), which makes use of a password and one other verification method. Whilst this is definitely superior to password-only security, MFA offers even greater protection.
With MFA, you would be using a password as well as a minimum of two additional verification methods.
For example, you would use a password, as well as an SMS verification code and a fingerprint. Even if a hacker had compromised your password and had access to your mobile device to get the SMS code, replicating your fingerprint would be all but impossible. That’s not to say that biometric verification systems cannot be compromised, but the more layers of security you implement, the harder it is for attackers to gain access to your systems.
Whichever MFA strategy you adopt, it’s important to understand that they do not replace passwords. They offer additional layers of protection, making it considerably harder for attackers to breach your systems. This is particularly the case with so many staff working remotely. The extension of the corporate environment to your employee’s homes makes them more vulnerable. MFA is one of the most effective ways you can take back control.
You can utilize the service of a number of MFA providers, many of whom offer Single Sign-On (SSO) facilities. With SSO, once a staff-member successfully logins into a device using MFA, that device becomes trusted. The staff member can then access a range of other systems from the same device without having to go through the MFA login process every time.
How Shearwater Can Help
Contact Shearwater for advice and assistance when it comes to patching strategies or implementing MFA in your organisation. Once you have the right strategies implemented, your organisation will be well placed to prevent the types of attacks identified by the Prime Minister on 19 June. Whilst the attackers are sophisticated in their approach, it is definitely possible to make their lives more difficult and help ensure you’re better protected.