Prime Minister: Australia is Under State-Sponsored Cyberattack
At a press conference on Friday, June 19, Australian Prime Minister Scott Morrison warned that the country's public sector is under cyberattack from a state backed actor. The attacks have targeted organizations in a range of sectors including government, private industry, education, health and essential services, and operators of critical infrastructure. Morrison declined to identify the country he believes is responsible for the attacks. A technical advisory from the Australian Signals Directorate (ASD) describes the "tactics, techniques and procedures used to target multiple Australian networks."
Two telling quotes from the ASD alert: (1) "The Australian Government is currently aware of, and responding to, a sustained targeting of Australian governments and companies by a sophisticated state-based actor" and (2) "ACSC Recommended Prioritised Mitigations ... Prompt patching of internet facing software, operating systems and devices. All exploits utilised by the actor in the course of this campaign were publicly known and had patches or mitigations available." The attacks were sophisticated, but basic security hygiene (patching) would have disabled those attacks. The ASD has shown data on how the "Top 4" basic security hygiene control alone mitigate 85% of sophisticated, targeted cyber attacks.
While attribution is a nice to have, ensuring sufficient security is in place for systems as well as recovery from attacks are critical activities. The ASD/ACSC advisory below provides prioritized mitigations, starting with patching and implementing MFA, followed by their essential 8 controls (https://www.cyber.gov.au/sites/default/files/2020-04/PROTECT%20-%20Essential%20Eight%20Explained%20%28April%202020%29.pdf). Those are common sense changes which will dramatically reduce the attack surface.