(AAP Image/Mick Tsikas)
An advisory from the Australian Cyber Security Centre (published on 24 June 2020) details a current and sustained targeting of Australian governments and companies by a sophisticated state-based actor.
The ACSC’s Advisory 2020-008 details the tactics, techniques and procedures (TTPs) identified during the investigation of a cyber campaign targeting Australian networks. These TTPs are captured in the frame of tactics and techniques outlined in the MITRE ATT&CK framework.
Some of the main recommendations from the ACSC include:
- Prompt patching of internet-facing software, operating systems and devices
- All exploits utilised by the actor in the course of this campaign were publicly known and had patches or mitigations available. Organisations should ensure that security patches or mitigations are applied to internet-facing infrastructure within 48 hours. Additionally, organisations, where possible, should use the latest versions of software and operating systems.
- Use of multi-factor authentication across all remote access services
- Multi-factor authentication should be applied to all internet-accessible remote access services, including web and cloud-based email, collaboration platforms, virtual private network connections, and remote desktop services.
As this is a Critical Alert, we strongly recommend organisations to read the Advisory available HERE and review their existing cyber security protocols.