Australian businesses are facing increasingly sophisticated attacks by cyber criminals, according to the first unclassified threat report by the federal government's Australian Cyber Security Centre (ACSC).
The release of Threat Report 2015 comes as a prominent printing industry equipment supplier in Sydney revealed this week that his entire computer system had been locked up by hackers demanding money.
The so-called ‘ransomware’ encrypted all data files on the supplier’s system - including accounts, sales and history - before the hackers demanded payment in bitcoin for the files to be decrypted. The victim, who has chosen to remain anonymous, resisted the demands but has been forced to install a new computer system.
“The cyber threat to Australian organisations is undeniable, unrelenting and continues to grow,” warns the ACSC’s report. “If an organisation is connected to the internet, it is vulnerable. The incidents in the public eye are just the tip of the iceberg. Compromise is expensive. It can include financial losses, damage to reputation, loss of intellectual property and disruption to business.
“The number, type and sophistication of cyber security threats to Australians are increasing. Due to the varied nature of motivations for cyber adversaries, organisations could be a target for malicious activities even if they do not think the information held on their networks is valuable, or that their business would be of interest to cyber adversaries.
“The ACSC’s ability to detect and defend against sophisticated cyber threats continues to improve. But there are gaps in our understanding of the extent and nature of malicious activity, particularly against the business sector. The ACSC is reaching out to industry to build partnerships to improve our collective understanding."
PREVENTION
The report says 85 per cent of targeted cyber attacks can be prevented by following these ‘Top 4 Mitigation Strategies”:
- Use application whitelisting to help prevent malicious software and unapproved programs from running.
- Patch applications such as Java, PDF viewers, Flash, web browsers and Microsoft Office.
- Patch operating system vulnerabilities.
- Restrict administrative privileges to operating systems and applications based on user duties.
Mitigation strategies for malware
The ACSC recommends Australian government and businesses defend against malware infections by implementing the Strategies to Mitigate Targeted Cyber Intrusions, with particular attention to the Top 4 strategies. In addition:
- educating staff about cyber security can assist in preventing and identifying an initial system infection.
- using up-to-date antivirus software configured to perform internet-based reputation checking can help detect malware if it does make its way onto the system
- disabling AutoRun and AutoPlay features may help to prevent malware from propagating through a network via removable media.
Mitigation strategies for ransomware
Avoid paying a ransom if you experience this type of infection, as this perpetuates the incentive for the cyber adversary to continue their activities. Data loss can be minimised by taking the appropriate steps to prevent this type of infection from occurring in the first place.
The ACSC recommends the following to avoid falling victim to ransomware:
- implement the Top 4 Strategies to Mitigate Targeted Cyber Intrusions.
- block executable files from entering a corporate network through email or web downloads.
- inspect compressed file formats for executable content.
- create regular offline backups, including backups of peripheral data storage devices.
If you do experience a cyber security incident involving encrypting ransomware, the ACSC offers the following remediation advice:
- identify any compromised workstations and remove them from the network.
- block known indicators to prevent an immediate re-compromise, check for profile-resident malware and clean profiles
- restore from backup.
The full ACSC Threat Report 2015 is available here.