Cyber security vendor Radware says the top vulnerabilities targeted in recent attacks on the Australian government are threats that have been flagged over the past few months by US and UK agencies.:
The Australian Cyber Security Centre (ACSC) has identified the attacks as being based on existing and known exploits, leveraging publicly accessible proof of concept code, web shills, and other open source tools.
Radware says these attack tactics will not manifest immediately through disruptions, extortion or demands. Intelligence gathering and exfiltration by nation and advanced persistent threat actors are covert operations, establishing persistence and expanding foothold inside the victim without raising awareness.
Detecting such compromises is difficult and requires full network and application visibility in all parts of the infrastructure (on-prem, private cloud, public cloud).
But the lingering threat and extensive foothold from a competing nation, inside a nation’s cyber infrastructure, can lead to weakened competitiveness and become an effective weapon in orchestrated attacks on governments, critical infrastructure, or businesses to cause chaos, distraction, and economic impact.
The ACSC has identified two key mitigation tactics which, if implemented, will greatly reduce the risk of the identified attacks:
- Prompt patching of internet-facing software, operating systems, and devices
- Use of multi-factor authentication across all remote access services, including but not limited to web and cloud-based email and applications, collaboration platforms, VPN and remote desktop services
Radware suggests that given the non-disruptive nature of the threat and the sheer amount of events generated on a daily basis, detection of malicious events, which can be spread over a long time period, are very difficult to impossible to detect without machine and deep learning algorithms.
When facing a sophisticated threat actor, advanced algorithms and automated detection tools are essential to keep the upper hand. Automation and orchestration of an organisation’s security will help security teams to become more agile, react more timely, and allow focus on what is important.
Radware solutions can provide additional resilience against known and unknown vulnerabilities by securing public facing web applications and APIs with adequate positive security models. The company’s cloud workload production for public cloud can ensure an attack surface in public cloud environments is minimised and through advanced automation will help to detect malicious activity quickly and adequately.