Australia Stresses Cybersecurity Precautions in Wake of Ukraine Conflict
The Australian government is urging companies in the region to adopt strong cybersecurity practices due to increased global risk stemming from the conflict in Ukraine.
While stressing that there were “no specific or credible cyber threats” to Australian organizations, the Australian Cyber Security Centre (ACSC) issued an advisory March 2 urging companies to review and enhance detection, mitigation and response measures, as well as follow their long-standing security framework known as the Essential Eight.
Together these practices — which include multi-factor authentication (MFA), restricting administrative privileges and daily backups — provide a clear framework for businesses anywhere that are looking to improve their foundational security footing, as we’ve previously noted on the Duo Blog.
Following the guidelines could prevent up to 90% of cyberattacks, the Australian Financial Review noted in an article about why the Russian invasion presents new cybersecurity risks for local companies.
“It is critical that Australian organisations are alert to these threats and take steps to adopt an enhanced cyber security posture and increase monitoring for threats. These actions will help to reduce the impacts to Australian organisations of any cyber attacks.” —Australian Cyber Security Centre
Here’s a summary of the ACSC’s advice and additional Duo resources for adopting them to safeguard businesses.
Strengthen Control with Access Policies
User access policies allow you to block logins based on countries, IP addresses and anonymous networks such as TOR or anonymous VPNs, which are crucial at times like these. But policies around out-of-date software and operating systems are just as important, because when users’ devices are out of date, they’re more at risk of exploits that leverage known flaws in software, such as malware attacks.
This kind of control becomes even more important when you read the ACSC’s recently updated advisory, which highlights that threat actors have deployed destructive malware to target organizations in Ukraine. The ACSC has provided additional indicators of compromise (IOCs) to assist organizations to detect the WhisperGate, HermeticWiper and IsaacWiper destructive malware.
Assess and Monitor Device Health
In addition to detecting whether a device is running an out-of-date operating system, the security posture of devices can be determined in other ways. Firewall status, drive encryption status, password status and whether an antivirus or anti-malware agent is running can all contribute to improved security resilience.
Verify User Identities
Multi-factor authentication (MFA) should be in place to verify users’ identities before granting them access to internet-facing services, privilege-based use of systems, and important data repositories and applications that may contain personal information.
As a foundation of a zero trust security model, MFA can assist with mitigating cyberattacks that target user passwords and accounts, such as phishing, credential theft, keyloggers and brute-force attacks.
Implement Strong Authentication Controls
Biometrics and the move to passwordless enhance security by reducing the attack surface from password-based attacks, password compromise and the insecurities of users choosing weak or reused passwords.
The move to passwordless authentication provides a single, strong assurance of users’ identities to achieve trust. Ideally, passwordless solutions should support password-free open standards, such as WebAuthn, as MFA methods for Security Assertion Markup Language (SAML) applications that lets you establish a passwordless login workflow for cloud applications, without uprooting existing infrastructure.
Highlight Risky User Access Events
You can establish a baseline of normal user behavior at the point of login by analyzing real-time authentication data. This insight allows you to observe access patterns, review risky logins, and investigate compromised accounts. Duo obtains a baseline of normal user and device access behavior by examining:
Who typically accesses
Which applications
From which devices
At what times
From what locations
Visibility into abnormal access attempts enables detection of suspicious activity and can help prevent account compromise.
Secure Remote Access
Most Australian companies looking to enhance their cybersecurity measures in light of recent events still have many employees, freelancers and contractors working from home using a mix of corporate and personal devices, making it crucial to secure access for remote workers without compromising on security.
Adding multi-factor authentication to your virtual private network (VPN) can increase protection against credential theft. If VPNs are not the preferred route, VPN-less alternatives such as network gateways can also be put in place to allow users to access on-premises applications and services (for example, web apps, Secure Shell SSH and Remote Desktop Protocol) without having to install or configure remote access software on their devices.
Resources
Solution Brief: Duo for Essential Eight
Customer Story: Deakin University