Cyberattack a wake-up call
AUSTRALIAN CYBER ATTACK NOT ‘SOPHISTICATED’ – JUST A WAKE-UP CALL FOR BUSINESSES, EXPERTS SAY
By Josh Taylor, The Guardian
According to the threat advisory released by the Australian Cyber Security Centre, the so-called copy-paste compromises are nothing new – exploiting vulnerabilities in Telerik UI and several other services like Sharepoint, Microsoft Internet Information Services and Citrix where those businesses and departments had failed to patch to prevent the vulnerability being exploited.
When those have not been successful, the state actor has shifted to traditional spearphishing methods to attempt to extract login information from a person inside an organisation or government department.
“[The state actor campaign] doesn’t look very sophisticated,” UNSW professor of cybersecurity Richard Buckland said. “It’s well-resourced in a large scale but I haven’t seen anything yet that’s super secret or super sinister. They’re using known techniques against known vulnerabilities and following known processes.”
