Australia Targeted in Copy-paste compromises

08/07/2020

We have heard, and some of us have seen increased cyber attacks on infrastructure and scam. This has been reported as a large organised state backed attack. This is serious but you can mitigate the risks greatly with some simple instruction, i aim to give some general info on this in a readable fashion that is not going to take too much brain power to digest with some things you can do instantly to help not get compromised

It is called a copy and past style attack because the attackers are using proven and known weaknesses in internet facing devices to break in to for many nefarious purposes.

Some reports state 50% of the attacks are phishing attacks, so look out for scam email and credential harvesting websites.

Why would they do this?

  • Monitoring network traffic and changing destinations of what you think you are talking too. redirecting login pages ect
  • Turning your modem in to part of a botnet to launch attacks on others, this would slow down you use considerable amounts of your data
  • Getting access to see where else you are exposed to launch a second stage of attacks, once you have a foot hold you can probe deeper and fine more serious vulnerabilities
  • Getting access to install ransomware attacks. (spoiler alert: they never give you the data back and probably don’t know how)
  • Malicious Data trashing attacks. getting access to delete everything they can reach. backups, archives, live data, replicas ect

There is also scam email that get the scammer access to the system that receives this email or asked you to reset your email password because its expired or My gov accounts password.
these websites are clones of the real ones and are very convincing.

What can you do?

because these attacks are known the plus side is most company’s have already put in protection for you as long as you have the security update. not in 100% of the cases but we will get to that. most of these are common place but worth doing.

  • Keep your Computer up to date, Settings- updates. on most systems. reboot if needed. no reboot means no updated security
  • Update your modem/Router or what ever gives you internet to the most recent firmware/software. this is critically impotent and often overlooked. Many Routers run old software and it does not update and self maintain. this is your castle wall and with it compromised your very exposed.
  • Confirm you do not have any sort of Port forwarding on the router that is not 100% necessary and especially RDP access to anything, RDP is very compromised as of late and if you need this its best to run a VPN and RDP over that
  • Talk to your Staff or work colleagues to keep an you out of any sort of odd email, do not reset anything unless you certain its real. if in doubt ask someone else for an opinion.
  • 2 factor authentication, this can be a pain to setup but its going to help your accounts not get broken in to, and setting up 2 factor authentication on one thing only helps that thing. setting it up everywhere you can.
  • Antivirus running and up to date, ran a scan manually from time to top of the entire computer
  • if you have any systems that are accessed from the outside, e.g. you can unlock your front door from an App or a security system that you can view from home these NEED to be updated and locked down

What to look out for.

  • look out for your computer sounding like its working hard ( you can hear the fans running flat out) even thou your not doing much, this could mean something is going on in the background.
  • if you have bandwidth monitoring software run it at all times on an old laptop on a desk, look out for unexpected spikes, in my experience this is sometimes the only way you know you have a problem. device called Printer34 suddenly uploads 500 meg of data once a day.

References