top of page

The Monday Series : Ransomware Alerts; Network Outages and Critical Cyber Security attacks!

  • Writer: Marietta Bloomfield
    Marietta Bloomfield
  • Nov 21, 2023
  • 3 min read

Recent developments in the world of cyber security have made headlines - and not all of them in a good way.


 

Create a somber image representing the chaos and uncertainty in the world of cyber security. Ransomware alerts, network outages, and critical cyber attacks.Gloom and Foreboding
CHAOS - Ransomware Alerts; Network Outages and Critical Cyber Security attacks. Recent developments in the world of cyber security have made headlines - and not all of them in a good way.


The Australian Signals Directorate (ASD) signals intelligence has issued several cyber security and ransomware attack alerts:

The statutory agency, Australian Signals Directorate (ASD), security agencies, and signals intelligence have issued national security alerts since November 10, including:

  1. An alert on November 10, 2023, warning of an increase in ransomware attacks targeting the health sector.

  2. On November 17, 2023, intelligence was released concerning a critical vulnerability in Apache Log software that could allow a remote attacker to exploit and execute arbitrary code.

  3. On November 19, 2023, the Australian Signals Directorate (ASD) and national intelligence issued a full spectrum alert about a sophisticated cyber-espionage campaign targeting the Australian government and Australian organisations.

Australia's national security community highlights the importance of ensuring full spectrum compliance and ensuring your cyber security and offensive are updated to protect operations by regularly monitoring the Australian Signals Directorate (ASD) and Defence Signals Directorate.

Optus Network network outage affected half of Australia's country's population and lasted 14 hours.

The outage was reportedly caused by a routine software upgrade, which inadvertently took the network offline. It affected internet and mobile services nationwide, causing widespread disruption to Australians. The issue was further exacerbated when it was revealed that Singtel Internet Exchange, known as STiX, a 'third party', brought down the network. In a hearing, Optus admitted that they had not planned for a total shutdown as they had filters designed to prevent all 90 of the company's routers from shutting down simultaneously.

This series of events has been described as one of the largest telecommunications outages in Australian history. The cause of the outage, its impact, and subsequent management have raised questions about the resilience of Optus' network infrastructure and its ability to prevent and respond to such incidents in the future.

The Australia Ports Cyber Attack

DP World Australia, one of the largest port operators in Australia, recently experienced a major cyberattack, which resulted in significant disruption to its operations. The incident, detected on a Friday, led to a complete shutdown of port operations across Australia.

The cyberattack resulted in a massive backlog of about 30,000 shipping containers. DP World Australia, which manages nearly 40% of Australia's goods flow, had to disconnect its systems from the internet after detecting the breach.

The exact nature of the attack has not been disclosed, but it was severe enough to cripple operations required at the company. This incident resembles a similar event in 2021 when South Africa's port and rail company was hit by a ransomware attack, forcing it to declare force majeure at its container terminals.

By Monday, DP World Australia announced that its . operations required had resumed at all its ports

The Australian Government, Signals Intelligence, Defence Signals Bureau and the ASD support measures for Australian organisations to protect and control their critical digital infrastructure.

1. Implement the Essential Eight:

  • Application Whitelisting: Only allow approved applications to run.

  • Patch Applications: Regularly update all applications.

  • Configure Microsoft Office Macro Settings: Disable macros from the internet and only allow vetted macros.

  • User Application Hardening: Configure web browsers and PDF readers to block untrusted Java code, Flash content, and ads.

  • Restrict Administrative Privileges: Limit administrative privileges to operating systems and applications based on user duties.

  • Patch Operating Systems: Regularly patch/update operating systems.

  • Multi-factor Authentication: Implement strong authentication processes.

  • Daily Backups: Regularly backup essential data with at least three copies in different locations


2. The Top 35 Mitigation Strategies:

In addition to the Essential Eight, National Intelligence and the ASD also recommends a broader set of strategies known as the 'Top 35 Mitigation Strategies'. These additional strategies include blocking spoofed emails, managing workstation and server configurations, and using antivirus software with heuristics.


3. Compliance with NIST SP 800-171 DoD Assessment Methodology:

The Defence Signals Division and ASD also refer to international standards such as the NIST SP 800-171 DoD Assessment Methodology for protecting sensitive information.


4. Cyber Threat Awareness:

In its 'ASD Cyber Threat Report 2022-2023', the ASD highlighted the growing vulnerability of critical infrastructure to cyber attacks, emphasising the need for Australian organisations to stay aware of evolving threats and adapt their cybersecurity measures accordingly.

Remember, these are recommendations, and implementing these strategies should be tailored to your organisation's specific needs and context. Consult with a cybersecurity expert to seek assistance to ensure optimal protection.


As always, stay Cyber-safe.

 
 
bottom of page