Background / What has happened?
Following the attack on Ukraine, there is a heightened cyber threat environment globally, and the risk of cyber attacks on Australian networks, either directly or inadvertently, has increased.
While the ACSC is not aware of any current or specific threats to Australian organisations, adopting an enhanced cyber security posture and increased monitoring for threats will help to reduce the impacts to Australian organisations.
A wide range of malicious cyber activity has been detailed in recent partner and industry reporting, including destructive malware, threats to common enterprise solutions, and threats to specific sectors. Organisations should review these publications for information on threats and mitigations relevant to their network. The associated advisory provides further details on these publications.
Mitigation / How do I stay secure?
The ACSC recommends that organisations urgently adopt an enhanced cyber security posture. This should include reviewing and enhancing detection, mitigation, and response measures. Prioritise taking the following actions across your environment:
- Patch applications and devices
- Implement mitigations against phishing and spear phishing attacks
- Ensure that logging and detection systems are fully updated and functioning
- Review incident response and business continuity plans.
Organisations should review the advisory associated with this alert for additional details on recommended mitigations. The ACSC has published Cyber Incident Response Plan – Guidance & Template to assist organisations to produce an incident response plan.
The ACSC strongly recommends organisations implement the Essential Eight mitigation strategies from the ACSC’s Strategies to Mitigate Cyber Security Incidents as a baseline. This baseline, known as the Essential Eight, makes it much harder for adversaries to compromise systems. The Essential Eight mitigation strategies are:
- Application control;
- Patch applications;
- Configure Microsoft Office macro settings;
- User application hardening;
- Restrict administrative privileges;
- Patch operating systems;
- Multi-factor authentication; and
- Regular backups.
Australian organisations may also wish to review the following publications from partner agencies:
US Cybersecurity and Infrastructure Security Agency (CISA): SHIELDS UP
UK National Cyber Security Centre: NCSC advises organisations to act following Russia’s further violation of Ukraine’s territorial integrity
NZ National Cyber Security Centre: General Security Advisory: Understanding and preparing for cyber threats relating to tensions between Russia and Ukraine
Canadian Centre for Cyber Security (CCCS): Cyber threat bulletin: Cyber Centre urges Canadian critical infrastructure operators to raise awareness and take mitigations against known Russian-backed cyber threat activity
Assistance / Where can I go for help?
The ACSC is monitoring the situation and is able to provide assistance or advice as required. Organisations that have been impacted or require assistance can contact the ACSC via 1300 CYBER1 (1300 292 371).