Major Cyber Attack Underway – What Should I Do?

Ashleigh Green — 22 June, 2020

As you may have read on the news today, Australia is currently being hit with a massive cyber-attack. It is of paramount importance that Australian businesses are alert to this and be more resilient in the face of adversity and threat.

What’s Happening

I’m here today to advise you that, based on advice provided to me by our cyber experts, Australian organisations are currently being targeted by a sophisticated State-based cyber actor. This activity is targeting Australian organisations across a range of sectors, including all levels of Government, industry, political organisations, education, health, essential service providers and operators of other critical infrastructure.”

The Australian Cyber Security Centre (ACSC) has released a public advisory 2020-008 detailing a summary of the attacks underway including detection and mitigation recommendations.

What Is Being Targeted?

Summarised from ACSC advisory 2020-008

The campaign attempts to utilise exploits in:

  • Unpatched versions of Telerik UI

  • A deserialization vulnerability in Microsoft Internet Information Services (IIS)

  • 2019 SharePoint vulnerability

  • 2019 Citrix vulnerability

The campaign also utilises spear-phishing techniques in the form of:

  • Links to credential harvesting websites

  • Emails with links to malicious files, or with the malicious file directly attached

  • Links prompting users to grant Office 365 OAuth tokens to the actor

  • Use of email tracking services to identify the email opening and lure click-through events

What Should I Do?

ACSC recommends two key mitigations to protect against:

  • Prompt patching of internet-facing software, operating systems and devices

  • Use of multi-factor authentication across all remote access services

  • Read our recent blog to learn more about multi-factor authentication.

  • Get in touch today to discover how Chamonix Managed Services can assist you.