Australia is Under State-Sponsored Cyberattack; 269 GB of US Law Enforcement Data Published

Two telling quotes from the ASD alert: (1) "The Australian Government is currently aware of, and responding to, a sustained targeting of Australian governments and companies by a sophisticated state-based actor" and (2) "ACSC Recommended Prioritised Mitigations ... Prompt patching of internet facing software, operating systems and devices. All exploits utilised by the actor in the course of this campaign were publicly known and had patches or mitigations available." The attacks were sophisticated, but basic security hygiene (patching) would have disabled those attacks. The ASD has shown data on how the "Top 4" basic security hygiene control alone mitigate 85% of sophisticated, targeted cyber attacks.

John Pescatore

While attribution is a nice to have, ensuring sufficient security is in place for systems as well as recovery from attacks are critical activities. The ASD/ACSC advisory below provides prioritized mitigations, starting with patching and implementing MFA, followed by their essential 8 controls (https://www.cyber.gov.au/sites/default/files/2020-04/PROTECT%20-%20Essential%20Eight%20Explained%20%28April%202020%29.pdf). Those are common sense changes which will dramatically reduce the attack surface.

Lee Neely

Check the version of VMware tools in your environment; you may need to download this version of VMware Tools explicitly even after using the built-in check for updates features.

Lee Neely

They are now confirming this was the REvil malware family whose operators are known for publishing exfiltrated data to ensure the ransom is paid. In this case about $800,000USD. Lion has implemented measures to prevent added attacks as well as analyzed what data was accessed to make the determination not to pay the ransom. The process is further complicated by a takeover bid from Chinese dairy giant Mengniu. When faced with multiple factors like this, management needs to determine what to prioritize and then support those decisions. In this case, the priority remains getting beverage production online with improved security posture, and hiring external security firms to support those goals as well as standing behind the decision not to pay ransom.

Lee Neely

In this case the UPMC HR system was not sufficiently protected from access to prevent a hacker exploiting bugs to access data. Protect information systems containing sensitive data though multi-factor authentication and by limiting direct access to APIs and databases to trusted systems, supported with monitoring to detect attempted unauthorized access and data exfiltration.

Lee Neely

Most enterprises, including all municipalities and healthcare institutions, should, by now, have measures in place to resist breaches and mitigate damage to their data and applications. Failure to do so is at best negligent, probably reckless.

William Hugh Murray

This will apply to new .gov domains. Existing domains have been converting to HSTS since May 2017, and can submit themselves to the HSTS preload list. For .gov domain holders, GSA hosts a DotGov HSTS listserv (dotgovhttps@listserv.gsa.gov) for comments, questions and feedback. Users of that mailing list must subscribe from a .gov email address.

Lee Neely