As previously reported, the ASD’s annual cyber threat report was published in November 2023. The report highlights the ongoing threat from malware, which will come as no surprise. What may be surprising is the incredibly long tail of the WannaCry ransomware attack that became a worldwide threat back in 2017.
The ASD notes that it still receives reports of WannaCry incidents, six years after the original attack. The ransomware attack, attributed to North Korean threat actors, targeted systems running Microsoft Windows and famously crippled the UKs National Health Service.
The recurrence of legacy threats like WannaCry points to an enduring apathy or lack of cybersecurity remediation (patching) amongst Australian businesses. The ASD itself regularly publishes what is terms cyber hygiene advice for businesses, including:
- Only use reputable cloud service providers and managed service providers that implement appropriate cyber security measures.
- Regularly test cyber security detection, incident response, business continuity and disaster recovery plans.
- Review the cyber security posture of remote workers, including their use of communication, collaboration, and business productivity software.
- Train staff on cyber security matters. Specifically, how to recognise scams and phishing attempts.
File-borne malware attacks are increasingly common, as threat actors exploit the inherent vulnerabilities associated with a remote workforce. The pandemic changed the way most businesses work, and cyber-criminals were no exception. The proliferation of user-owned devices, unsecured home Wi-Fi networks and widespread use of public file sharing and storage applications may have made life easier for remote workers to collaborate, but it has also exponentially increased the number of vulnerabilities for threat actors to exploit.
The ASD recommends patching any public Internet-facing device within 48 hours of vulnerabilities being disclosed. While this might be optimistic for some less tech-savvy enterprises, the fact that incidents of WannaCry continue to occur 6 years after its disclosure is truly worrying.
Of course, even 48 hours is enough time for significant damage to be done. As the world moves to adopt a zero-trust approach to network and data security, this needs to be extended to the way we treat content passing through common gateways, including email, web browsers, file transfer applications and content collaboration platforms.
Commenting on the ACS report in a recent article published by the Australian Computer Society, Senetas CEO Andrew Wilson said:
“The real questions we should be asking are how seriously businesses are taking the insights from these reports and whether they truly comprehend the imminent risk of being targeted next.
While the federal government is, commendably, investing in strategic initiatives to bolster national cyber security, their efforts can only go so far.”
Useful links