25 Feb 2022

Week in review

Greetings,

If you're involved in managing security awareness, your chance to make a difference is here with the SANS Security Awareness survey!

AUSCERT has partnered with our friends at SANS on their 2022 SANS Institute Security Awareness Survey.

You'll get early access to the free report and enter in a raffle to win a free pass to the Awareness Summit or an MGT433 course.

The survey takes less than 10 minutes of your time but hurry, it closes today (February 25, 2022).

Take the survey here

Thanks in advance for your support!

You’re invited to attend a critical Townhall session with the Department of Home Affairs on the Ransomware Action Plan and Proposed Reporting Regime.

As part of Australia’s Ransomware Action Plan released last year, the Government is seeking to develop a ransomware incident reporting obligation for businesses – and is seeking your views on those proposed obligations.

If you’re interested, register today so you don’t miss out!

On a more sombre note, the much predicted and feared invasion of Ukraine by Russia became a reality yesterday.

This attack has already demonstrated some twenty-first century tactics, including a concerted effort to disrupt the infrastructure of Ukraine through cyber-attacks.
ABC reports on the various methods being utilised and the predicted escalation of their use and impact.

This could extend to countries geographically distanced from the physical location of the conflict, including Australia.

The Australian government has advised several companies had already been alerted to possible attacks, suggesting all should prepare for malicious attacks whether they’re direct or unintended or uncontained activities.

AUSCERT Security Bulletin ASB-2022.0059 will soon be published and will provide advice and links regarding the current situation in Ukraine in relation to cybersecurity threats.

This will include a list of IoCs (indicators of compromise) we have collated.

We recommend members review these and consider searching or blocking threats accordingly.


Employees’ dodgy tech habits posing a risk to Australian businesses
Date: 2022-02-22
Author: Cyber Security Connect

KnowBe4 announced new research which has found that more than six in 10 Australian office workers (63 per cent) don't believe using their work email for personal activity is a security risk to their employer.
The KnowBe4 data also revealed that more than half of that number engage with suspicious emails and SMS and only 5 per cent can correctly identify which emails and SMS are legitimate or scams.
Furthermore, only four in 10 (40 per cent) employees say they always report suspicious emails and SMS to the IT team responsible for cyber security. More than half (52 per cent) say they engage with suspicious emails and SMS.

CISA publishes list of free security tools for business protection
Date: 2022-02-18
Author: The Register

The US Cybersecurity and Infrastructure Agency (CISA) has published a web catalog of free cybersecurity resources in the hope that those overseeing critical infrastructure can use the tools to better secure their systems.
"CISA is super proud to announce the start of a new catalog of free resources available to those critical infrastructure owners and operators who would benefit from tools to help their security and resilience," said CISA director Jen Easterly in a statement.

Disturbing Mass Text Operation Terrorizes Ukraine as Russian Troops Move In
Date: 2022-02-23
Author: The Daily Beast

Ukrainian government websites were knocked offline Wednesday in a new wave of cyberattacks pummeling Ukraine, just as Russian forces are starting to roll into the country and Ukraine declares a nationwide state of emergency over Russia’s recent aggression.
The sites of Ukraine’s Ministry of Foreign Affairs, its Security Service or SBU, and Cabinet of Ministers were all down Wednesday. Banks are also affected, Ukraine’s minister of digital transformation, Mykhailo Fedorov, said on his Telegram channel. Ukrainian soldiers have also recently reported receiving alarming text messages urging them to flee or be killed, in what appeared to be an attempt to degrade their morale.

US says Russian state hackers lurked in defense contractor networks for months
Date: 2022-02-17
Author: Ars Technica

Hackers backed by the Russian government have breached the networks of multiple US defense contractors in a sustained campaign that has revealed sensitive information about US weapons-development communications infrastructure, the federal government said on Wednesday.
The campaign began no later than January 2020 and has continued through this month, according to a joint advisory by the FBI, National Security Agency, and the Cybersecurity and Infrastructure Security Agency. The hackers have been targeting and successfully hacking cleared defense contractors, or CDCs, which support contracts for the US Department of Defense and intelligence community.

Microsoft offers defense against 'ice phishing' crypto scammers
Date: 2022-02-18
Author: The Register

Microsoft has some advice on how to defend against "ice phishing" and other novel attacks that aim to empty cryptocurrency wallets, for those not already abstaining.
Ice fishing involves cutting a hole in a frozen body of water in order to catch fish. Ice phishing, as Microsoft describes it, is a clickjacking, or a user interface redress attack, that "[tricks] a user into signing a transaction that delegates approval of the user’s tokens to the attacker."

Australia promises cyber support to Ukraine as Russian forces array along its borders
Date: 2022-02-21
Author: ABC News

Australia will expand cyber training for Ukrainian officials and could join a broader coalition of Western countries to provide the besieged Eastern European nation with military equipment or other support as fears of a Russian invasion continue to mount.
Late on Sunday, the United Kingdom, Australia and the United States formally blamed Russia's main intelligence agency for a series of cyber attacks on Ukraine's major banks six days ago, with Foreign Minister Marise Payne and Defence Minister Peter Dutton declaring Moscow was responsible for an "ongoing unacceptable and disruptive pattern of malicious cyber activity".

464 Australian data breaches reported to the OAIC in latter half of 2021
Date: 2022-02-22
Author: ZDNet

The private health services industry is once again the sector with the highest number of reported data breaches in Australia, accounting for 18% of all breaches notified to the Office of the Australian Information Commissioner (OAIC) during the latter half of 2021.
Out of the total 464 data breach notifications sent to the OAIC during the six months to December, private health service providers reported 83 of them. Finance filed the second most with 56, while legal, accounting, and management services rounded out the top three with 51.
The 464 data breaches received by the information commissioner under the Notifiable Data Breaches (NDB) scheme marked a 6% increase when compared to the first half of 2021.


ESB-2021.3503.2 – UPDATE Cisco IOS XE SD-WAN Software: CVSS (Max): 7.8

Cisco has released software updates to address a vulnerability in their IOS XE SD-WAN Software which if exploited could allow an
authenticated local attacker to execute arbitrary commands with root privileges.

ESB-2022.0768 – python-pillow: CVSS (Max): 9.8

RedHat's latest update for python-pillow fixes multiple vulnerabilities. RedHat has rated this update as having a security impact of Important.

ESB-2022.0805 – Cisco Nexus 9000 Series Switches: 8.6

A vulnerability in Cisco Nexus 9000 Series Switches could lead to a Denial of Service. Cisco has released software updates that address this vulnerability.

ESB-2022.0817 – MozillaFirefox: CVSS (Max): 7.5

An update has been released to fix 8 vulnerabilities in Mozilla Firefox including Privilege Escalation to SYSTEM on Windows.


Stay safe, stay patched and have a good weekend!

The AUSCERT team