UPDATE: As at 12th November 2019 the CIMA level returned to Level 5 - Normal Conditions.
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), with its state and territory partners, is continuing to respond to the widespread malware campaign known as Emotet while responding to reports that hackers are exploiting the BlueKeep vulnerability to mine cryptocurrency.
The Cyber Incident Management Arrangements (CIMA) remain activated, however the alert level has been downgraded to Level 4 – ‘Lean Forward’.
Head of the ACSC, Rachel Noble PSM said, “CIMA Level 4 signifies a precautionary approach through increasing monitoring, analysis, and strategic coordination and engagement at the national level.”
The ACSC announced the activation of Australia’s CIMA to Level 3 – ‘Alert’ on 25 October 2019, in response to the widespread exploitation of vulnerable systems by the Emotet malware. The threat posed by this malicious software required immediate action at the national level to ensure Australian organisations, from critical infrastructure providers to small businesses, receive mitigation advice to protect their networks.
“There are two concerning cyber security threats in the wild. While we have seen a drop in the number of Emotet infections in the last week, people and businesses should remain vigilant. We are also concerned about reports cybercriminals are exploiting the BlueKeep vulnerability to access computers and control them without the users’ knowledge,” Ms Noble said.
“While you are watching your TV or eating dinner with your family, a cybercriminal can use your computer to mine and profit from untraceable digital currency, and you may never know that this has occurred.”
“The unfortunate truth is that once a cybercriminal can access your computer, they can control your computer. If they find valuable data, like your personal information and photos, they can steal it.”
In September 2019, the ACSC issued a warning about the release of a working exploit for the vulnerability known as BlueKeep, and urged Australians to patch older versions of Windows systems.
Known as CVE-2019-0708, the BlueKeep vulnerability affects older versions of Windows operating systems including the Windows Vista, Windows 7, Windows XP, Server 2003 and Server 2008.
If you run pre Windows 10 software, take a minute to download the free patches available from Microsoft.
“A few minutes updating your software could save you or your business weeks or months of recovering from the damage caused by a cybercriminal.”
“While we have helped many organisations mitigate the impact of Emotet in its current form, like most forms of malware and ransomware, Emotet may continue to evolve as cybercriminals seek to evade detection and the law.”
“I urge all Australians to remain vigilant about Emotet, BlueKeep and other forms of viruses or vulnerabilities. The threat is real, but there is something you can do about it,” Ms Noble said.
Stay up to date with the ACSC’s advice:
- Protect against malicious software and ransomware by following the ACSC’s technical advice on Emotet.
- Organisations requiring further assistance or advice on malware can contact the ACSC by emailing firstname.lastname@example.org.
- Individuals needing advice can read the ACSC’s Stay Smart Online advice about Emotet here.
- Individuals and small businesses can report a cyber security incident to the ACSC via ReportCyber.
- Microsoft’s technical advice on BlueKeep is available here.