Cyber Attack on Australia, how prepared are we?

The attack is described as “state-sponsored”, which means a foreign government is believed to be behind it. When asked who that might be, Morrison said there is a high threshold for drawing that kind of conclusion, but added: This has been interpreted as a coded reference to China, which the Australian government reportedly suspects of being behind the attacks.

What do we know about the attack so far?

An advisory note posted on the government’s Australian Cyber Security Centre website describes the attack as a “cyber campaign targeting Australian networks”.

The advisory says the attackers are primarily using “remote code execution vulnerability” to target Australian networks and systems. Remote code execution is a common type of cyber-attack in which an attacker attempts to insert their own software codes into a vulnerable system such as a server or database.

The attackers would not only try to steal information but also attempt to run malicious codes that could damage or disable the systems under attack.

Detecting this is hard, and would require advanced defensive measures such as penetration testing, in which trained security professionals known as “ethical hackers” try to hack into a system in an attempt to find potential vulnerabilities.

What systems have been affected?

The advisory linked the attack to three specific vulnerabilities in particular systems, detailed in the table below. Any business that uses any of these systems is vulnerable to attack. It is too early to tell whether other systems are also vulnerable; other vulnerabilities may emerge as investigations continue.

Affected system Description Action required
Microsoft Internet Information Services (IIS) This is a general-purpose webserver from Microsoft that runs on Windows systems. The most common use of an IIS is to host web-based applications and simple static websites. For all three systems:

·        Ensure you are running the    latest version of the software

·        Install the latest patches and updates

·        Change all passwords, log off from all devices

·        Set up multifactor authentication, more details can be found here

·        Scan and remove any malicious codes which you don’t recognise

 

 

 

SharePoint A SharePoint Server is used by organisations to manage Office 365 Enterprise accounts within their own organisation.
Citrix The affected Citrix products are mainly Citrix gateways and servers. These are used to support web, cloud and mobile application services.

Implications on India:

If this stands true, the hacking would further worsen the relations between the two countries which are already strained around the origin of Covid-19 and sentencing to death of an Australian drug smuggler. Morrison, however, did not name China.

“I can only say what I have said. We know it is a sophisticated, state-based cyber actor because of the scale and nature of the targeting and the tradecraft used. Regrettably, this activity is not new. Frequency has been increasing,” he was quoted as saying.

According to the Council on Foreign Relations, China, Russia and Iran are the top three states suspected of sponsoring cyber operations.

Is India prepared?

At present, we are witnessing a paradigm shift within our country. The advent of smartphones in India is familiarizing everyone with digital tools, technologies, and approaches. This includes UPI (Unified Payments Interface), Aadhaar Pay, e-commerce, smart appliances, and so on. Perhaps, a truly digital lifestyle. The nation is inching closer to its ultramodern future and, by the coming decade, will also be unveiling 100 Smart Cities – much in line with its digital vision. But this also leaves the nation vulnerable to wide-ranging threats that underlie the digital domain. For instance, back in 2016, right before demonetization, 32 lakh debit cards were recalled by 19 national banks as a protective measure. It was later revealed that it happened because of a malware present in the payment systems. And this is where things get a bit tricky.

As our IT systems are gradually evolving, so are the TTPs (Tactics, Techniques, and Procedures) of the modern attackers. Today, it is too late to address threats after they have taken place. They have to be addressed pre-emptively. The criticality of such cybersecurity measures rises further as IoT (Internet of Things) – something that is used in offices (aka the endpoint), residential settings (smart appliances), and is an integral part of our upcoming smart cities (sensors, surveillance cameras, etc.) – is gaining prevalence. OT security needs to be a prime focus to protect nation’s critical infrastructure like Oil & Gas industry, Airports, transportation sector (Airlines, Railways), Power grids, Nuclear sites etc. To date, more than 70,000 known-CVEs (Common Vulnerabilities and Exposures) have been discovered within the IoT technology.

Facts: –

  • In 2015, USA couldn’t stop the theft of 2 crore 57 lakh account details from government records.
  • Cyber-attacks are from mainly Russia, China, Romania, Brazil, Eastern Europe, Vietnam & Nigeria.
  • According to Akamai Technologies, India is among the top targets for web application attacks.
  • National Technical Research organization (NRTO), which was formed in 2004, provides technical intelligence to internal and external security.
  • Computer Emergency Response Team(CERT)-India notifies concerned regarding cyber-attacks, analyses the vulnerability.
  • National Cyber Security Policy, 2013 aims at protecting the public and private infrastructure from cyber-attacks.
  • India is working with US on cyber security.

Here are some approaches to ensure that nation’s bright digital future is not over clouded by imminent cyber threats:

  • Train incident response teams in simulated cyberattack environments: Most security professionals experience their first real life malware attack on the job. And hence in many incidences that have occurred, it is observed that the respective cybersecurity team could not handle the incidents effectively. Therefore, SOC analysts and incidence response teams need to be trained using simulation, that mirrors real attacks pre-emptively, otherwise they will be experiencing their first cyberattack on the job and obviously will not be able to handle it effectively.
  • Invest in Detection and Response Capabilities: The biggest lesson learned from some of the big recent financial attacks is that they are advanced and evasive and cannot be detected using conventional tools like antivirus or firewalls.
  • India manufacturing firms and critical infrastructures: As novel methodologies begin to surface in India, including Logistics 4.0 and Industry 4.0, companies must invest in advanced solutions to counter the related OT & IoT attacks. Companies should implement a mix of IT and OT security to protect the ICS (Industrial Control System) and mitigate multi-vector attacks in hybrid networks by equipping them with layered, multi-technology solutions.

Conclusion: –

Though India is taking steps towards strengthening cyber security, India needs to invest more in cyber security on a war-footing. As we are working on digital India, we should work more on cyber safety. Government, private institutions along with educational institutions must work together to strengthen the cybersecurity of our country. Much more are yet to be discovered. Cyber Sabotage is a reality today.