The Australian Government is currently aware of and responding to, a sustained targeting of Australian governments and companies by a sophisticated state-based actor.
The title ‘Copy-paste compromises’ is derived from the actor’s heavy use of proof-of-concept exploit code, web shells and other tools copied almost identically from open source.
The Australian Cyber Security Centre’s Advisory 2020-008 details the tactics, techniques and procedures (TTPs) identified during the ACSC investigation of a cyber campaign targeting Australian networks. These TTPs are captured in the frame of tactics and techniques outlined in the MITRE ATT&CK framework.
While no single mitigation strategy is guaranteed to prevent cyber security incidents, implementing the ACSC’s Essential Eight provides baseline protection.
How Vectra can assist you
Advice from the Australian Cyber Security Centre this morning advised:
- All Australian companies to ensure ALL Operating Systems, and Applications to be patched to the latest version.
- Multi-factor Authentication MUST be used on ALL external/public-facing applications at the least, and to use Multi-factor authentication on all internal access systems as well.
- Implement Security Incident and Event Monitoring (SIEM). Vectra can rapidly deploy the world leading SIEM, IBM QRadar, to identify attacks and prevent exploits within an organisation.
Vectra is well versed in managing cyber security mitigation strategies and can assist you in implementing both of these.
To ensure a higher level of cyber security maturity, the Australian Cyber Security Centre also recommends reviewing the ASD Essential Eight. Vectra can assist you in aligning with this framework.