As you’re already aware, several entities of Australian government and some organisations across a variety of industries are currently under a state sponsored attack by a foreign government.
Although this is a large scale attack, we want to assure you that this is not an uncommon event and you have reason to remain calm. As Information Security specialists with over 20 years of experience, we remind all our clients to ensure that basic security processes are in place.
The Australian Cyber Security Centre (ACSC) has released an advisory campaign containing recommended mitigations. The ACSC recommends swift patching of all internet-facing infrastructure and operating systems, as well as the use of multi-factor authentication as prioritised measures of mitigation.
In order to take comprehensive precautions, we recommend that all organisations align their security operations with the entirety of ASD Essential 8 controls.
In addition to the ASD 8 framework, we suggest the following additional measures of protection:
- Ensure your firewalls rules are secure and block any untrusted connections: Make sure firewall rules are up to date and blocking all non-essential traffic. As an added layer of protection, ensure there are no legacy rules opening up access to your internal network.
- Ensure your email protection platform is configured in accordance with best practices and has all necessary features turned on to detect phishing emails.
- Ensure all your employees are aware of the attack and are vigilant when clicking links in emails they are receiving.
- Implement active Intrusion Prevention Systems (IPS) feature in your firewalls: If possible, deploy IPS on critical internal networks to identify any suspicious or malicious activity.
- Make sure you are collecting all important logs from critical systems: In the case that Incident Response is required, there should be sufficient data to analyse and contain the attack.
- Ensure your cloud environments are set-up securely by running cloud configuration audits.
If you need guidance regarding these processes, please do not hesitate to contact the Content Security team: https://www.contentsecurity.com.au/contact