CyberCX Security Report | June 2021
There’s no shortage of cyber news making the headlines, but what does it mean for you?
At CyberCX, we keep a close eye on the news to identify reports of the latest trends, issues and exploits.
Here we present a selection of recent news stories that caught our attention, and the important lessons we can learn to keep secure.
Securing OT and Critical Infrastructure
At a time when Australia is focusing on what can be done to secure Operational Technology (OT) and critical infrastructure, it’s worth paying attention to similar discussions in other parts of the world.
In the United States, the recent Colonial Pipeline breach saw gas supplies disrupted for up to a week and payment of a $5 million ransom. The incident was followed by the Biden Administration’s Executive Order mandating stricter controls, including the adoption of zero-trust security models in Federal Government agencies and their suppliers.
However, when it comes to securing aging operational infrastructure and industrial controls, there are no quick fixes. In many cases, such legacy systems were developed before the emergence of the digital age.
Organisations have been forced to overlay connected IT systems and Internet of Things (IoT) devices. In many cases, these pipelines and facilities have hundreds or even thousands of potential entry points for attackers, making it an extremely challenging problem.
Despite the challenges facing the OT sector, other industries have managed to enhance the security controls around legacy infrastructure, notably the banking sector. For example, ATMs have been adapted so that they work with IT devices and remain highly resilient
Some of the initiatives the OT sector should be considering include:
- Establishing a strong zero-trust, multilayered defence, including MFA.
- Segmenting networks and setting configuration restore points.
- Reliable backups residing on multiple and disconnected systems.
- Contingency plans for how to deal with an attack.
CyberCX has extensive expertise assisting OT and critical infrastructure operators uplifting their cyber security capabilities, to ensure they are in-line with current best practices. View our recent webinar on securing critical infrastructure or contact us for further information and advice.
Government Considering Mandatory Cyber Crime Reporting
The Australian Government may consider implementing a mandatory reporting requirement on organisations that are attacked or extorted by cyber criminals.
The Secretary of the Home Affairs Department, Mike Pezzullo, told a Senate committee that mandatory reporting may be considered in order to achieve a “much more active defence posture” in response to the increasing prevalence of cyber incidents.
Presently, breaches of personally identifiable information (PII) must be reported through the notifiable data breaches (NDB) scheme. Furthermore, high-profile ransomware attacks and other cyber incidents resulting in major operational disruptions are difficult to hide. However, it is thought many lower-level cyber incidents are not being disclosed.
Greater transparency around cyber incidents will help authorities understand the full extent of the challenges Australia faces. Furthermore, it can pave the way for sharing information about attack vectors, helping other organisations defend themselves.
Even though reporting cyber incidents is not currently mandatory in all circumstances, we strongly urge all organisation to advise the Australian Cyber Security Centre in the event of an attack. Doing so provides invaluable information that can help strengthen Australia’s cyber defences.
SolarWinds Phishing Campaign
Microsoft is warning it has uncovered a new spearphishing campaign by the same hacking group believed to be behind the devastating SolarWinds supply chain attacks. They are believed to be targeting a large number of organisations across many countries.
Spearphishing involves highly targeted phishing attacks against high-value targets. In this case, it appears the spearphishing is targeted towards government agencies involved with foreign policy, and international development organisations. Around 3000 email accounts used by over 150 organisations in 24 countries are affected.
The emails contain malicious HTML that executes a JavaScript code. That code writes an ISO disc image file to a computer’s storage, with the target being encouraged to open it. Once opened, a .LNK shortcut is executed, which runs a DLL file. This in turn runs the Cobalt Strike Beacon command and control module.
According to Microsoft, the attacks were focused on intelligence gathering, as opposed to being financially motivated. This is a further indication that nation-state actors are likely to be behind this and the earlier SolarWinds exploit.
This is a reminder of the importance of having training measures in place so the people in your organisation are equipped with the skills they need to identify phishing emails.
Phriendly Phishing, CyberCX’s proprietary phishing training system, is designed for all levels of staff within an organisation. Using interactive modules, users gain a strong understanding over time of the methods used when conducting phishing attacks and how suspected phishing emails should be handled.
Contact us today for further information on phishing awareness training for your organisation.
Securing DevOps Pipelines
When developing applications, one of the main security challenges stems from the proliferation of tools and services involved in this process. With more than one hundred CI/CD tools, as well as hundreds of associated plugins and services, DevOps teams struggle to ensure their applications are adequately secured.
The complexity of application development makes it an easy target for attackers. They can take advantage of vulnerabilities and misconfigurations within pipeline tools, plugins and services. This can lead to them hijacking updates, injecting malicious code and gaining a backdoor to your and your customers’ environments.
DevOps teams need to watch their pipeline dependencies closely to identify and respond to vulnerabilities and attacks against these tools, plugins and services. Whenever connecting a new service to your pipeline, check and monitor it constantly for any vulnerabilities or suspicious activity. Any suspicious activities should automatically trigger an alert to the appropriate security personnel for further investigations.
CyberCX offers dedicated application security training, specifically designed for DevOps teams developing both web and mobile applications. Our two-day module helps ensure your DevOps team is equipped with the skills they need to release software efficiently and securely.