Yesterday's (19th June 2020) announcement from the PM about a major Cyber Attack on Australia has many businesses confused and concerned. Here is a summary in plain English.
The Australian Cyber Security Centre (ACSC) detected a new type of hacking attempt. This is not unusual but this one raised the alarm because there was evidence that it was run by a foreign government and that they had taken over legitimate well-known Australian websites, company servers, and email accounts.
HOW DID THEY DO IT?
First, the hackers tried to take control of a website or server by using a mix of known vulnerabilities. If they couldn't get into the website or server, they reverted to sending Phishing emails to employees in the targeted company which some employees clicked and gave access to the hacker.
WHAT DOES THIS MEAN?
If a website, server, or email account was compromised, the hacker is using their access to browse the network and look for valuable information that they can use to benefit the country they are working for.
WHAT DO I NEED TO DO?
1. Make sure your websites, company portals, servers, firewalls, and routers, are fully patched with the latest update.
2. Setup Multi-Factor Authentication (MFA) on your email account and any website you use. This is where it sends you a code to your phone so that even if the hacker knows your username and password they won't be able to login without the code sent to your mobile.
HOW CAN I CHECK IF I HAVE BEEN HACKED?
There is a long list of things to check on a technical level which can be downloaded from the ACSC website here. At the most basic level, you can search your emails for anything from the following senders and ensure that you haven't clicked on the link or attachment:-
WHAT CAN I DO IF I THINK I HAVE BEEN HACKED?
First, don't panic! Contact your IT provider and let them know that you suspect you have been hacked and explain why. If you don't have a current IT Managed Services Provider, reach out to our team at HD IT on 1300 688 020, or firstname.lastname@example.org for help.
HOW CAN I PROTECT MYSELF AND MY BUSINESS FROM FUTURE CYBER ATTACKS?
Simple steps include:-
Enable Multi-Factor Authentication on your email and website accounts.
Have a good email filtering service in place that protects you from Phishing emails. Office 365 Advanced Threat Protection (ATP) is a good start.
Ensure your servers and emails (including Office 365) are backed up. Look at Datto SaaS Protection.
Have a strong business-grade Anti-Virus solution in place that has an EDR feature. EDR lets you quickly and easily search your systems for signs of compromise. Sophos Intercept-X Advanced with EDR is the best we have used.
Protect your business network with a Next Generation Firewall. This will block all known and unknown threats based on behaviour. Sophos XG Firewalls are proven to be extremely effective and comprehensive.
Patch/update your servers, computers, mobile devices, and network equipment regularly. These hackers used known old vulnerabilities which are fixed if your systems are patched.
Educate your team and create a vigilant security conscious company culture by running regular Phishing email tests. Sophos PhishThreat is a simple and effective tool for this that includes short end effective training clips.
Engaging a professional IT Managed Services Provider like HD IT is always the best step as they will ensure that your systems are always up-to-date, secured, and monitored. At the very least, you should be working with your IT provider to have the Government's Essential 8 security recommendations in place for your business. The Essential 8 will provide a good baseline level of protection for you and your business.