Organisations have been encouraged to urgently adopt an enhanced cyber security position following the cyber attacks that took place against Ukraine.
The Australian Cyber Security Centre (ACSC) warned that there has been a historical pattern of cyber attacks against Ukraine that have had international consequences. It added that malicious cyber activity could impact Australian organisations through uninterrupted or uncontained malicious cyber activities.
The ACSC advises that organisations should bolster their systems by reviewing and enhancing detection, mitigation, and response measures. They should ensure that logging and detection systems in their environment are fully updated and functioning, and apply additional monitoring of their networks where required.
Organisations should also assess their preparedness to respond to any cyber security incidents, and review incident response and business continuity plans, it added.
The ASCC strongly recommends that businesses implement its “Essential Eight” baseline of cyber security strategies to make it harder for adversaries to compromise systems. They are: application control, patch applications, configure Microsoft Office macro settings, user application hardening, restrict administrative privileges, patch operating systems, emply multi-factor authentication, and carry out regular backups.
“While the ACSC is not aware of any current or specific threats to Australian organisations, adopting an enhanced cyber security posture and increased monitoring for threats will help to reduce the impacts to Australian organisations,” advised the centre.
The ACSC also outlined that organisations may want to look at what other international partner agencies are advising. It suggested they look at the guidance from US' CISA, UK's NCSC, New Zealand’s National Cyber Security Centre, and the Canadian Centre for Cyber Security.
The Ukranian Ministry of Defence was hit by a distributed denial of service (DDoS) attack last week which took its website offline. The ministry stated that its official website had recorded an excessive number of requests per second, leading it to believe it was probably targeted by a DDoS attack. The country’s largest bank, PrivatBank, and the State Saving Bank of Ukraine, Oschadbank, were also reportedly hit by cyber attacks. Although the perpetrators weren’t named, officials from the UK and the US have pointed the finger of blame at Russia's intelligence agency.
This comes after the Ukrainian government’s websites were taken down in another cyber attack in January. Messages appeared warning Ukranians to “be afraid and prepare for the worst”, with foreign and education ministries being targeted, as well as embassies in the UK, US, and Sweden.
