Cyber War Loading… Cyber War Launched

Background

Russia’s recent attack on Ukraine began on foot and simultaneously in the metaverse, targeting internet networks and systems, military communications and financial and energy providers. This parallel attack was met by an independent Iranian Ministry of Intelligence global cyber campaign called ‘MuddyWaters’, targeting the majority of Europe and parts of America and Britain. In light of the Australian Government’s decision to support Ukraine, Australia may be next in line for a cyber-attack. The Australian Government Cyber Security Centre has warned Australian organisations to ‘arm up’, as the risk of an Australian cyber-attack intensifies.[1]  

International Cyber Breaches

With a reported 800% increase in cyber-attacks immediately after the conflict between Russia and Ukraine commenced, it has been reported that the attacks are multi-faceted. For instance, ‘MuddyWaters’ is using a combination of data exfiltration, spear phishing, ransomware, and extortion in order to steal people’s critical information.

What are the most common types of Cyber Attacks?

In a report prepared by CrowdStrike Global, it was highlighted that the most common types of cyber-attacks today, are ransomware attacks. Ransomware is a type of malware that denies legitimate users access to their own system, and in order to get access back a ransom must be paid. As an example, in May 2021, Colonial Pipeline, who supplies gasoline and jet fuel to the south-eastern U.S., was the target of a ransomware attack brought by a criminal hacking group called ‘Darkside’. This group temporarily disrupted gas and fuel supply throughout the region, and demanded a ransom of US $4.4 million, which Colonial Pipeline ended up paying.[2]

An example of a cyber-attack closer to home was where several regional Victorian hospitals and health services were hit with a ransomware attack in March 2021. In this instance many departments operated by Eastern Health were significantly disrupted for up to a month, and their entire network needed to be shut down to protect critical systems. This resulted in elective surgeries being paused, and treatments and appointments being postponed.[3]

This is an example of just one of the many types of possible cyber-attacks. Some of the others are listed below:

• Malware
• Malware as a Service (MaaS)
• Denial-of-Service (DoS) attacks
• Phishing
• Man-in-the-middle (MITM) attacks
• Cross-site Scripting (XSS)
• SQL Injections
• DNS Tunneling
• Password Attacks
• Birthday Attacks
• Drive By Attacks
• Cryptojacking
• IoT-Based Attacks

How can I protect my business?

The Australian Government Cyber Security Centre (ACSC) is encouraging Australian organisations to “urgently adopt an enhanced cyber security position”. In relation to businesses there is the emphasis in adopting a baseline that is known as the ‘Essential Eight Maturity Model’. This model is based on the ACSC’s experience in producing cyber threat intelligence, responding to cyber security incidents, conducting penetration testing and assisting organisations to implement this model.

What does the Essential Eight Model cover?

1. Application control – to restrict the execution of specific malicious application types on workstations and servers. Ensuring that there is centralised logging and protection from the unauthorised modification and deletion, and the ability to monitor for any signs of compromise which can be actioned when a cyber security event is detected.
2. Patching of applications – patches are regularly release by vendors to help mitigate security vulnerabilities in their software. It has been recommended by the Essential Eight that organisations implement good patching procedures to handle these software vulnerabilities, by using a vulnerability scanner tool and deploying patches to internet-facing services at least every two weeks from the date of the patch release.
3. Configure Microsoft Office macro settings – ensure that Microsoft Office macros are disabled for users that do not have a demonstrated business requirement. If there is a business requirement, ensure that only privileged users who can validate that the macros are free from malicious code can write and modify its content and it is placed in a Trusted Location.
4. User application hardening – this includes the hardening of Web browsers, Microsoft Office, PowerShell and PDF software from the ability to run certain executables, including any Java, and web advertisements to prevent the injection of malicious code onto the system. Restrictions should be put in place to ensure that users cannot change the security settings of these applications.
5. Restrict administrative privileges – privileged access to systems and applications should be limited to only what is required for users and services to undertake their duties. Privileged accounts should be prevented from accessing the internet, email and web services. User privileged access should be centrally logged and monitored for any signs of compromise.
6. Patch operating systems – ensure that the latest release, or the previous release, of the operating systems are used for all workstations, servers and network devices. This is done to mitigate the security vulnerabilities in the operating system and to patch any exploits that have been found by the vendor. By using a vulnerability scanner tool and deploying patches to internet-facing services at least every two weeks from the date of the patch release.
7. Multi-factor authentication – multi-factor authentication is used by an organisation’s users where they need to authenticate to their organisation’s internet-facing services. This should be used where users are accessing any important data and adds an additional layer of security when accessing an organisation's system.
8. Regular Backups – Backups of important data, software and configuration settings are performed regularly, and retained in a coordinated and resilient manner in accordance with business continuity requirements.

What kind of cyberattacks we could expect?

With the increasing sanctions being imposed on Russia by Australia,[4] and the rest of the world, the likelihood is that there will be increasing cyber-attacks against Australian organisations. These will come in the form of emails sent to your employees,  via text messages or even phone calls.

The aim of these attacks is either to send some type of malicious payload via an email attachment or link to gain access to your system with ransomware, or malware, or to gather some personally identifiable information. This includes information such as passwords or bank information via what is known as phishing attacks, and would give an attacker access to privileged systems and/or an organisations financial data.

Lavan comment

In light of the recent conflicts between Russia and Ukraine, particularly in consideration of Australia’s support of Ukraine, tensions are building globally. Further imposed sanctions put in place by Australia makes us a potential target through association. It can be said that Russian cyber-attacks are a consequence of Australia’s political stance.

To help protect not only the organisation you work for, but also your personal information, it is always recommended to use strong passwords both inside and outside of your organisation. Do not use the same passwords between work and personal accounts.

Organisations need to continue to educate their employees in what to watch out for, and it is recommended that if you are unsure to contact your IT department before going any further.

Remember your organisation's information can be worth a lot of money in the wrong hands, so be vigilant!