The cyber cold war which various countries and organisations have been waging with each other over the past few decades has slowly grown ever warmer over the last twenty years as technology and connectivity has dramatically improved, and now that Russia's self-described peacekeeping "special operations" in Ukraine has begun, the cyber cold war is expected to warm up faster than ever, with cyber attacks already promised by Russia in response.
In addition, given there is opportunity created in chaos, cyber criminals are likely to be even more active than their already heightened activity during the last two years of COVID chaos, making the World Wild Web the wildest it has ever been, seemingly rife with zero-day vulnerabilities.
These zero-days are discovered by determined threat actors, which the entire tech community often seems to be playing catch up with. That said, security companies make legitimate breakthroughs and with software vendors themselves also presumably very motivated these days to write software as securely as possible, and then to continue upgrading that security while ever more proactively looking for vulnerabilities in their code.
Bug bug bounties are also paid by OS and software developers to security researchers, users or anyone that finds and reports new vulnerabilities, allowing them to be fixed before they can be actively exploited.
Many of the recent iOS and iPadoS 14 and 15 dot point updates have been to patch zero-day vulnerabilties that were being actively exploited, necessitating the urgency of the update to arrive from Apple, and the urgency of you applying it to your devices, among a wide range of security meausres organisations need to take, as described below.
Thus, the ACSC's warning earlier this week that organsiations enhance their cyber security posture, and with an alert status of "HIGH", it's beyond past time to take action. The ACSC offers the Essential Eight steps listed in more detail below, and clearly, they're the minimum organisatons need to do to secure their operations, their data and themselves.
The ACSC also links to similar information from the US, UK, NZ and Canada, to prepare for and better defend against threat actors in any country, whether small, large or nation state, because the cyber cold war has already been happening for years, and all the chaos in the world is digitally accelerating cyber attacks, too.
So, below is a re-print of the rest of the ACSC cyber security bulletin, which you can also read at the ACSC website here, and which ends with a link to additional actions you can take, with a more technical explanation.
Here's the ACSC info:
Background / What has happened?
There has been a historical pattern of cyber attacks against Ukraine that have had international consequences. Malicious cyber activity could impact Australian organisations through unintended disruption or uncontained malicious cyber activities.
While the ACSC is not aware of any current or specific threats to Australian organisations, adopting an enhanced cyber security posture and increased monitoring for threats will help to reduce the impacts to Australian organisations.
Mitigation / How do I stay secure?
The ACSC recommends that organisations urgently adopt an enhanced cyber security posture. This should include reviewing and enhancing detection, mitigation, and response measures.
Organisations should ensure that logging and detection systems in their environment are fully updated and functioning and apply additional monitoring of their networks where required.
Organisations should also assess their preparedness to respond to any cyber security incidents, and should review incident response and business continuity plans. The ACSC has published Cyber Incident Response Plan – Guidance & Template to assist organisations to produce an incident response plan.
The ACSC strongly recommends organisations implement the Essential Eight mitigation strategies from the ACSC’s Strategies to Mitigate Cyber Security Incidents as a baseline. This baseline, known as the Essential Eight, makes it much harder for adversaries to compromise systems. The Essential Eight mitigation strategies are:
- Application control;
- Patch applications;
- Configure Microsoft Office macro settings;
- User application hardening;
- Restrict administrative privileges;
- Patch operating systems;
- Multi-factor authentication; and
- Regular backups.
Australian organisations may also wish to review the following publications from partner agencies:
US Cybersecurity and Infrastructure Security Agency (CISA): CISA Insights: Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats
UK National Cyber Security Centre: NCSC advises organisations to act following Russia’s further violation of Ukraine’s territorial integrity
NZ National Cyber Security Centre: General Security Advisory: Understanding and preparing for cyber threats relating to tensions between Russia and Ukraine
Canadian Centre for Cyber Security (CCCS): Cyber threat bulletin: Cyber Centre urges Canadian critical infrastructure operators to raise awareness and take mitigations against known Russian-backed cyber threat activity.
Assistance / Where can I go for help?
The ACSC is monitoring the situation and is able to provide assistance or advice as required. Organisations that have been impacted or require assistance can contact the ACSC via 1300 CYBER1 (1300 292 371).
Here is the link the ACSC provides to additional, more technically detailed information: