Mandatory cyber security incident reporting now in force

New legislation now makes reporting of information security events mandatory for several industry sectors.

Under the Security of Critical Infrastructure 2018 Act, included industries must report cyber security incidents with ‘significant’ impact within 12 hours of discovery.

The nominated industry sectors include telecommunications, internet service providers, fuel companies, data storage and processing organisations, freight forwarders, banking, insurance and finance, along with food and groceries.

According to the government, reports to ACSC must be accompanied by written notifications within 84 hours.

Significant impact is defined as an infrastructure incident has materially disrupted the availability of essential good and services.

Incidents that affect the integrity, reliability or confidentiality of assets covered by the Act, or the systems they use, are deemed to have ‘relevant’ impact, and must be reported to the ACSC within 72 hours.

Organisations have a three-month grace period from 8 April, meaning that while mandatory reporting is now law, it won’t begin practice until July.

If you need help defining the severity of cyber security incidents, or wish to bolster your cyber security position, contact us below for a free GAP assessment.

Free Cyber Security GAP Assessment

A Lack of Employee Cyber Hygiene is the Next Big Threat

A new report has identified employee cyber risk as a multifaceted issue currently revolving around cyber hygiene within an organisation.

Data in Mobile Mentor’s inaugural Endpoint Ecosystem Report suggests that everything from endpoints, passwords, training, security policies, to a lack of awareness are all contributing to a much higher risk of cyberattack.

Despite most phishing attacks focusing on credentials, statistics show that employees still have to improve their password hygiene:

• Gen-Z employees have more than 20 work passwords and type more than 16 passwords daily
• 69% of employees admit to choosing passwords that are easy to remember
• 29% of employees write their passwords down in a journal
• 24% store passwords in a Notes app on their phone

64% of employees use a personal device for work with access to corporate systems, data, and apps from personal devices. Organisations must enable secure bring-your-own-device systems and provide proper training about cyberattacks, vigilance, good hygiene within their company.

However, according to the report only 25% of in-office workers receive security training monthly.

Organisations need to focus on continual Security Awareness Training and see every aspect of the employee’s interaction with corporate resources, applications, and data as a possible target. Strengthening employee’s own awareness begins to elevate a state of vigilance to ensure better cyber hygiene and a more secure organisation.

If you have questions on how to strengthen your passwords, or would like to take the steps to increase your organisation’s cyber hygiene, contact us today.

Contact

Inside Conti leaks: The Panama Papers of ransomware – The Record by Recorded Future

The leaking of more than a hundred thousand internal chats at the world’s biggest ransomware gang has offered explosive insights into how it attacks its victims which include Australian companies.

On February 25 Conti announced “Full support of the Russian government” in the war against Ukraine. It took only two days for internal chat sessions to be leaked onto the internet, with the likely source being a Ukrainian supporter within the Conti cybercriminal group.

Reports of more than 160,000 internal messages, along with source code for the Conti ransomware encryptor, decryptor and builder have found their way online.

Conti has reportedly compromised at least 500 orgnainsations globally.

The cybercriminal gang is renowned for its two-stage attack, using a ‘double extortion’ technique where it steals company data and threatens to sell it to extort a payment. It then encrypts data on victims’ systems and demands a ransom.

Cybersecurity insurance firms are engaging negotiators to reduce the amount of ransom to be paid, reach a resolution between companies and ransomware vendors, and identify digital evidence for law enforcement.

Protect your organisation from the threat of ransomware and cyber attack with Acurus. Contact us today.

Contact

Australia’s lead cyber agency has issued a warning to Australian organisations that a wave of cyber attacks on Ukraine  and NATO countries could spill over in coming months. The Australian Cyber Security Centre (ACSC) is urging businesses not to be complacent as Russian attacks escalate. 2022-02: Australian organisations should urgently adopt an enhanced cyber security posture | Cyber.gov.au

As reported by the ABC News Russian cyber attacks could inadvertently hit Australia, warns government cyber agency – ABC News, Russian linked criminal gangs might be encouraged to target all sorts of Western targets, prompting  a possible surge in ransomware and other attacks across the globe. Home Affairs Minister Karen Andrews warned Russia may hit Australian critical infrastructure through cyber-attacks.

Both governments and businesses must prepare for the likelihood that cyber attacks will increase further if the situation in Ukraine continues to escalate.

We encourage you to pass this communication to your employees and remind them to focus their awareness of cyber security related risks such as:

• Guidelines for Personnel Security | Cyber.gov.au
• IT Cybersecurity Professionals Training | Fortinet
• Executive Security Awareness | Salesforce Trailhead

If you are an Acurus SOC customer please be informed that Acurus will be performing proactive threat hunting focusing on areas as advised by the ACSC starting this weekend, and continuing until further notice. As per ACSC guidelines Acurus SOC will be performing additional review and focus on:

• AD configuration changes.
• Abuse of delegated privileges and service principles in Azure.
• Active Directory Federation Services (ADFS) changes.
• Consider conditional access policies to prevent login events from unusual locations, including TOR.

We will provide an additional update on our forward position early next week as more government advice is provided.

If you are concerned about your organisations cyber security posture please contact us for a discussion.

Contact

Threat actor target Ubiquiti network appliances using Log4Shell exploits – The Record by Recorded Future

Threat actors are using a customised public exploit for the Log4Shell vulnerability to attack and take over Ubiquiti network appliances running the UniFi software, security firm Morphisec said in a report last week.

The attackers used a proof-of-concept exploit previously shared on GitHub. Developed the Sprocket Security, the PoC adapts the Log4Shell exploit in the Log4j Java library to work on Ubiquiti`s UniFi devices, complete with post-exploitation steps.

The attackers took over UniFi devices and ran malicious PowerShell code that later downloaded and installed a version of the Cobalt Strike Beacon backdoor.

There was no universal exploit code that worked everywhere out-of-the-box and granted attackers the ability to take over systems indiscriminately.

Reports of Log4Shell exploitation have been limited only to a handful of devices, such as VMWare Horizon, VMWare vCenter, ZyXEL routers, and SolarWinds Serv-U servers, as attackers relied on public exploits shared online.

As the Log4Shell vulnerability continues to plague the digital world, Acurus are dedicated to finding and fixing vulnerabilities in our customers networks. This includes researching the latest hacks, closing loopholes and possible target vectors, and keeping systems up to date with the security updates and patches.

Contact us today to ensure your organisation is protected from the latest cyber attacks.

Contact