BRACE YOURSELF, you might be the next target… As Emotet Strikes back down under

By James Ley, ANZ Sales Engineering Manager at Ivanti*

Credit: ID 104778421 © Stepanenko Oksana | Dreamstime.com

The spooky season is still not over for Australian companies, as the destructive Emotet threat is back, and it is affecting unpatched systems.

In November 2019, Australian Cyber Security Center (ACSC) announced that the infamous botnet Emotet has re-emerged and is targeting Australian businesses, individuals, critical infrastructure and government agencies. According to ACSC the malicious software had been infecting devices in Australia through phishing emails that impacted at least 19 different organisations including several Victorian hospitals.

This malware which is being linked with Trickbot, a modular banking Trojan, leverages exploits like EternalBlue to propagate a range of malicious capabilities. The malware usually scans the network and uses credentials to infect target machines that enables the installation of ransomware, credential stealers and other malware. The infected machines give hackers direct access to personal information and banking credentials, while locking up the system for ransom.

As the efforts to compromise the security infrastructure of crucial entities shows no sign of slowing down, it’s time for organisations to understand the importance of being compliant with the Australian Signals Directorate’s Essential Eight security practices.

The recent, the Australian Signals Directorate revealed that twenty-five government agencies had their cyber posture uplifted following the state-sponsored cyber-attack against Parliament House in February. The re-emergence of Emotet malware is an indication that a growing number of organisations are being compromised with hackers gaining access to more and more devices with each attack through improved sophisticated ways. This is a serious threat to all the confidential information, intellectual property and other sensitive credentials.

Therefore, the onus is on the businesses to integrate practices that would help secure their attack surface, detect attacks that do get through, take rapid action to contain malicious activity and remediate vulnerabilities. According to the recent 2019 Telstra security report, the ability to timely detect and effectively respond to incidents still remains the number one challenge for Australian companies.

Alarmingly, 19 per cent of Australian respondents surveyed estimated that more than half of the data breaches impacting their company went undetected altogether in the past year. This is despite 74 per cent of Australian businesses believing they have strong systems in place to verify when an incident has occurred. Introduced in 2010, the ‘Essential Eight’ defined by Australian Signals Directorate – ASD, provides a prioritized list of security controls to mitigate security incidents that help organisations protect their systems. 

With increasing number of vulnerable endpoints and complexity of threats, it’s clear that  while it’s mandatory for government agencies to be ASD Top 4 compliant, organisations in the private sector must apply the ASD top 4 and the wider essentials 8 best practice list as if it were mandatory   Implementing programs such as automated patch management, application whitelisting, hardening apps, blocking office macros to disable the download of malware, will help organisations defend against dreadful attacks.

The updates made by ASD to the ‘Essential Eight’ cyber rules in the month of April this year, especially in Patching and Application Whitelisting, clearly states that the law needs organisations to do a better job of protecting data. It is critical to have a robust framework, quantify your security posture, make their cybersecurity more mature and ensure a holistic, multi-layered integrated security approach to secure the IT environment.

 

Show Comments