The Australian Defence Signals Directorate (DSD) has released eight essential actions government agencies can take to repel and recover from targeted and opportunistic cyber attacks.
The DSD’s highly praised four strategies to mitigate largely state-backed targeted cyber attacks has been expanded with four new tips to address other attacks, such as ransomware, insider threats, the multi-billion dollar ‘business email compromise’ problem, adversaries with “destructive intent”, and threats to industrial control systems.
This significantly broadens the scope of its mitigation strategies and accounts for new classes of attacks that have emerged since 2010, the year the DSD released its first four strategies, which were designed to address 85 percent of the techniques used by targeted attackers and focussed on patching to prevent exploitation of known flaws and restricting access to systems.
The FBI in June estimated business email compromise had exposed US and non-US businesses to $3bn in potential and actual losses since 2013. Though the scam takes several forms, one method involves spoofing the boss’s email address and tricking a subordinate into transferring funds to a fraudster’s account.
The highest profile destructive malware attack to date leveled Sony Pictures in 2014, though previous attacks have hit South Korean banks and broadcasters. The disk wiping malware prevented Sony from using or recovering its IT systems.
The DSD’s new strategies include disabling untrusted Microsoft Office macros, using multi-factor authentication, running daily data backups, and disabling Adobe Flash Player in the browser, blocking ads, and blocking untrusted Java code.
The new mitigations should go a long way to addressing ransomware, often delivered by exploit kits or in spam, and phishing attacks aimed at stealing user credentials.
Microsoft last year reported a huge rise in macro malware and has added tools for admins to selectively block macros running, for example, within documents received from an untrusted source or a website. The DSD notes in its guidance that the Australian Cyber Security Centre has seen an uptick in malicious macros.
DSD’s original four recommended application whitelisting, patching applications, patching the operating system, and restricting administrative privileges.
The new guidance is informed by DSD’s own incident response activities, vulnerability assessments and penetration tests of Australian agencies.
The DSD says the the eight essential mitigation strategies are so effective at countering targeted cyber attacks and ransomware that it considers them a “cyber security baseline” for all organisations.