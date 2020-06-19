Infosecurity Group Websites
Latest
News

Sophisticated State-Backed Attack Rocks Australia

Australian Prime Minister Scott Morrison today warned of a major state-sponsored cyber-espionage campaign targeting government and private sector businesses.

He urged domestic organizations to take steps to improve their resilience, including the use of multi-factor authentication to access cloud and internet-facing systems, and to patch online devices promptly.

“This activity is targeting Australian organizations across a range of sectors, including all levels of government, industry, political organizations, education, health, essential service providers and operators of other critical infrastructure,” Morrison warned.

“We know it is a sophisticated state-based cyber-actor because of the scale and nature of the targeting and the tradecraft used.”

In a technical advisory yesterday, the Australian Cyber Security Centre (ACSC) referred to the state actor’s “copy-paste compromises” — in other words, its heavy use of proof-of-concept exploits, web shells and other elements “copied almost identically from open source.”

The attackers specifically targeted remote code execution vulnerabilities in development tool Telerik UI, Microsoft Internet Information Services (IIS), SharePoint and Citrix.

“The actor has shown the capability to quickly leverage public exploit proof-of-concepts to target networks of interest and regularly conducts reconnaissance of target networks looking for vulnerable services, potentially maintaining a list of public-facing services to quickly target following future vulnerability releases,” the ACSC continued.

“The actor has also shown an aptitude for identifying development, test and orphaned services that are not well known or maintained by victim organizations.”

When exploits don’t work, the hackers use spear-phishing plus open source and custom tools to achieve persistence. They’ve also been spotted using compromised legitimate Australian websites for command-and-control, in an attempt to hide their activity.

Michael Sentonas, global CTO at CrowdStrike, said his firm had seen a 330% spike in malicious activity in the first half of 2020 versus a year ago, and warned that the lines between e-crime and state-backed attacks are blurring due to increased sophistication of the former.

Having a front line perspective of the rampant threat activity in Australia that occurs every day, including the number of high-profile breaches in recent months, demonstrates the country is not as prepared as we would like to believe,” he added.

“It is positive that this issue is being raised, and governments and organizations must now take action and harden their defenses against an advanced pool of adversaries”.

Given Australia’s recent geopolitical disputes with its larger neighbor to the north, China will be top of the list of suspects in these attacks.

Related to This Story

What’s Hot on Infosecurity Magazine?

1
News

Widespread Security Vulnerabilities in Mobile Banking Apps

2
News

Zoom Will Offer End-to-End Encryption for All Users

3
News

Ripple20 Vulnerabilities Affect Hundreds of Millions of IoT Devices

4
News

Pandemic Popularity Forces Dark Web Forums to Recruit

5
News

Global DDoS Attack Dismissed as T-Mobile Misconfiguration

6
News

Malicious Chrome Extensions Downloaded Over 33 Million Times

1
News

FEMA Employee Indicted for Hacking Medical Center

2
News

Video Game Creator Battles Racist Bots

3
News

US Deports NeverQuest Cyber-Thief

4
Blog

The Shifting Sands of Data End-of-Life Destruction

5
News

Facebook Pulls Trump Campaign Ad Featuring Nazi Symbol

6
News

Malicious Chrome Extensions Downloaded Over 33 Million Times

1
Webinar

Advanced Protection Against Zero Day Threats and Malware

2
Webinar

Attack Yourself Before They Do: Strengthen Security Through Breach and Attack Simulation

3
Webinar

Zero-Trust Security: Making Remote Working, Work

4
Webinar

Building Remote Resilience: A Secure by Design Approach to Remote Working

5
Webinar

From Governance to Implementation to Results

6
Webinar

The Impact of Artificial Intelligence on Cyber-Resilience

1
Interview

Interview: Balaji Parimi, Founder and CEO, CloudKnox Security

2
News Feature

Have Contact Tracing Scam Opportunities Been Easily Enabled?

3
Blog

A Country in Crisis: Data Privacy in the US

4
Webinar

Role of the CISO During a Turbulent Year

5
Blog

Cybercrime is Winning – What Are You Going to Do About It?

6
Opinion

#HowTo Secure the Supply Chain