RedShield’s warning comes weeks after an ACSC advisory, issued in the wake of attacks from state-based actors, which urged Australian organisations to take steps to enhance the resilience of their networks within 48 hours.
According to National Director for RedShield Australia, Scott Fletcher, Australian businesses have ignored this warning.
“These attacks continue on a massive scale, exploiting organisations with known vulnerabilities. Many organisations have not acted within that window to protect themselves against obvious and highlighted threats.” Fletcher said.
According to the ACSC, the known vulnerabilities have been predominantly observed in:
- Telerik UI (CVE-2019-18935)
- Microsoft IIS
- Citrix ADC/NetScaler (CVE-2019-19781)
- Microsoft SharePoint (CVE-2019-0604)
“We know that for many organisations, that timeframe was unfeasible. To free up developers who can quickly patch vulnerabilities, while maintaining other critical transformation projects is challenging, but it doesn’t need to be a burden on capacity and can’t take a backseat,” Fletcher said.
According to RedShield, it has developed “unique 'shields' for these exact vulnerabilities” and organisations “ignore them at their own peril”.
"Our shields can be deployed immediately and eliminates all risk. The four shields are just some of thousands that are already available based on global known vulnerabilities. We do not need to 'touch' any of your application’s code or your infrastructure to shield these vulnerabilities and we can do so within 48 hours. Do not ignore the most obvious threats - keep yourself safe and keep your business running."