Businesses are being urged to step up their cyber security in light of the evolving situation in Ukraine.
The Australian Cyber Security Centre (ACSC) reports there has been a pattern of cyber attacks against Ukraine with potential international consequences.
These impacts could potentially spread to Australian organisations through unintended disruption or uncontained, malicious cyber activities.
It means now is the time to act, cyber security expert Matt Carling said at our webinar on the issue on Monday.
Mr Carling, National Cybersecurity Advisor, Cisco Systems Australia, shared analysis from Cisco’s own security intelligence organisation, Talos. Strategic goals of attacking forces may inlcude:
Talos, which has been working with national cyber security entities in Ukraine since 2015, has made a number of operational observations in Ukraine.
These include:
"In past incidents, we have seen some of the targeted attacks (limited to a certain target, country or organisation) spread wider and cause global damage,” Mr Carling said.
"This is one of the potential collateral damage scenarios. It is foreseeable that we could see offensive cyber operations on a more widespread scale against nations participating in sanctions on Russia.”
Attacks against critical infrastructure similar to the Colonial Pipeline ransomware attack in the US are becoming more common, according to that country’s Cybersecurity and Infrastructure Security Agency (CISA).
“Complex systems can be exploited,” Mr Carling said.
“You can have a lot of impact if you can attack a supply chain and get malware pushed out that way.
“Whilst Australian organisations may not be directly targeted by Russian cyber operations, activist organisations – criminal or otherwise – might choose to do so.
“It’s all lifting the likelihood of threats that we are facing.”
Lifting your cyber posture and addressing any gaps or weaknesses is the first step to preparedness.The goal is to reduce the likelihood of a successful cyber attack against your organisation, Mr Carling says.
“Take some steps to quickly identify that potentially you are being attacked. Ensure that you are able to respond and make sure that you can recover.
“Ideally, you are not going to get targeted but if you do, you want to detect it. If it is in process, you want to be able to respond and ultimately, you might need to recover.”
Prepare your business with these steps:
“Most organisations have a cadence for how often they do patch windows,” Mr Carling adds.
“Given the heightened risk environment, you might want to bring forward some of those patches, especially those that are being exploited at the moment, in terms of vulnerabilities.”
“Key infection vectors (means of initial access) are spear phishing emails and anything to do with trying to capture credentials,” Mr Carling says.
Recent OAIC Notifiable Data Breaches Reports reveal about 75 per cent of breaches stem from these kinds of attacks.
“Regardless of who you are using as a security vendor, you need to make sure you are receiving the latest rule sets, signatures and updates and that you are looking for the alerts that come out of those so you can detect breaches as early as possible.”
“If you are under attack, you need to invoke your IR processes and potentially, your business continuity plans, as you move into the data recovery phase.
“Your risk position from 12 months ago might need to be revisited under today’s risk environment. Determine if that drives a prioritisation of security projects that need to be brought forward.”
Click here for the ACSC’s Cyber Incidence Response Plan checklist to determine how prepared you are for responding to an incident.
You can tick your way through and identify any gaps,” Mr Carling said.
“Now is the time to treat those gaps, rather than waiting until you are under attack or experiencing a security incident.”
Advice from the ACSC includes considering Incident Response retainer arrangements to provide external help if you do not have these skills inhouse.
Vigilance is key — even when you are working from home. Individuals might be targeted simply because they work for a particular company.
“Just because you are at home, it doesn't mean that your corporate security mindset doesn’t apply,” Mr Carling said.
“Potentially, there is a greater mix of personal/business-use on our PCs at home. Whilst you may not use your work laptop for social media in the office, you may be tempted at home.
“There needs to be heightened awareness among staff at the moment regarding opening emails and attachments.
“No matter where you are — in the office or at home — ensure your security products are updating and be on the lookout for alerts. Focus on end-point security, anything to do with identity.”
To sum up, Talos says: ‘Tech debt, poor cyber security hygiene and out-of-date systems and software will have catastrophic impacts on your organisation.
“On the flipside, network segmentation, visibility, asset inventories, prioritised patching and intelligence programs that actively drive changes in your defences are key to successfully weathering attacks.”
Head to Talos or ACSC for the latest advice on cybersecurity.
In other cyber-related news, the ACSC has recently issued an alert regarding new domain changes that could leave your business or organisation at risk. For additional help with these domain changes, read our blog post.
The Cyber and Infrastructure Security Centre (CISC) has also issued an action alert in light of the current evolving global situation for the attention of Australia’s critical infrastructure owners and operators.
Through Ai Group’s advocacy and policy work, we have been engaged with the Australian Government and other stakeholders regarding cyber security matters including recent reforms to the Security of Critical Infrastructure Act 2018 (Cth). If you are interested in these activities, please reach out to Ai Group at info@aigroup.com.au.
Further information about the critical infrastructure security reforms can be found here.
Wendy Larter is Communications Manager at the Australian Industry Group. She has more than 20 years’ experience as a reporter, features writer, contributor and sub-editor for newspapers and magazines including The Courier-Mail in Brisbane and Metro, the News of the World, The Times and Elle in the UK.
