ACSC Issues Cybersecurity Alert For Australian Organisations Following Ukraine Invasion

Cybersecurity

Following on from Prime Minister Scott Morrison’s warning on 23rd February that Australian organisations should brace for cyberattacks, the Australian Cyber Security Centre (ACSC) has released its own alert and advisory on cyber threats in the wake of Russia’s invasion of Ukraine.

The ACSC warns that while there are no specific or credible threats currently facing Australian companies, organisations should nevertheless be aware of a heightened risk of cyberattacks. The ACSC has also stated that while there is no specific intelligence relating to cyberattacks in Australia, the situation may rapidly change.

What does this mean for Australian organisations and their cybersecurity infrastructure? This guide will cover everything you need to know, from the context of the ACSC’s alert to the mitigation strategies that organisations should prioritise to protect their business.

Why Has The Alert Been Issued?

While no specific threat to Australia has been identified so far, Russia’s invasion of Ukraine has heightened the global risk of cybersecurity threats due to the sustained pattern of cyberattacks against Ukraine. These attacks have the potential to indirectly or inadvertently affect global organisations outside of Ukraine.

The ACSC warns that there is a “historical pattern” of Russian cyberattacks against Ukraine, which have had international effects. For instance, the NotPetya cyberattack that began in Ukraine rapidly spread across the globe, causing massive operational disruptions and costing organisations across the world an estimated $10 billion.

Despite there being no specific threat against Australia as yet, Australian organisations may still find themselves under threat as collateral damage from attacks against Ukraine. The ACSC, therefore, warns that organisations should increase cybersecurity monitoring and strengthen their security posture to limit the risk of disruption.

What Threats Should Organisations Be On The Lookout For?

In the ACSC’s cybersecurity advisory accompanying the alert, several major threats are identified. These include:

Spear phishing emails with malicious HTML attachments – these are intended to gain initial access to IT infrastructure and may be tailored to a specific organisation.

Spear phishing emails with malicious links – similarly, these aim to gain access to systems by using malicious links, which may be shortened to disguise the URL destination and increase the chances that a victim will click the link.

Brute force attacks – another method for initial access which aims to identify valid credentials and gain access to secure systems.

Harvested credentials – attackers may use known vulnerabilities in VPNs and other public-facing applications to find valid credentials and access secure systems.

While these are some of the main threats identified by the ACSC, organisations should be prepared to prevent and mitigate threats from other types of cyberattacks, such as malware, man-in-the-middle attacks and DOS attacks.

How Can Organisations Mitigate Possible Cyber Attacks?

The ACSC recommends that Australian organisations should “urgently adopt an enhanced cyber security posture”. This means organisations should prioritise a comprehensive review of their cybersecurity measures in addition to bolstering detection measures and developing strong plans for cyberattack response and mitigation.

The ACSC’s main recommendation to face the heightened threat of cyberattacks is to implement its Essential Eight mitigation strategies, a set of baseline measures designed to make systems harder to compromise.

Further actions that organisations can undertake to improve their cyberattack preparedness include the following:

Staff training – All employees should be made aware of the risks posed by cyberattacks and the importance of preventing them. In particular, staff should be trained to spot phishing exercises to prevent cyberattackers from gaining access through employee negligence.

Keep systems updated – Outdated systems and software leave your organisation open to known exploits and vulnerabilities which attackers can use to gain access. Ensure all systems and software are regularly updated and automate updates if possible to reduce the risk of human error.

Install robust firewalls – Firewalls can identify and intercept malicious activity on your network before attackers have chance to access secure systems.

Implement a robust backup strategy – Data backups are an essential mitigation strategy that can drastically reduce the operational impact of a successful data breach. Backing up data ensures that businesses can resume full operations much faster in the wake of an attack, and means that attackers can’t hold valuable business data to ransom.

Undergo a cybersecurity assessment – External cybersecurity assessments can help you to identify vulnerabilities in your infrastructure and advise you on measures to improve your cybersecurity preparedness.

Stay up to date on new developments – The current situation in Ukraine means that the landscape of cyberattacks may change and escalate rapidly. As such, it’s important to keep track of new developments via news networks and cybersecurity experts.

Conclusion

The ACSC’s alert means that Australian organisations should prioritise their cybersecurity preparedness and urgently review their current response and mitigation strategies. Doing so will help to protect organisations from any possible threat arising from the situation in Ukraine and limit the impact of new cyber threats on their operational capacity.

If your organisation needs further guidance on how to identify, prevent and mitigate cybersecurity threats, contact FocusNet today. We can help you to evaluate your current cybersecurity measures, give business it support, identify potential vulnerabilities, strengthen preventive measures, and develop a robust response plan that will limit operational disruption in the event of a successful attack.