On 19th June’20, the Australian government announced about the cyber-attack. The government as well as the government organisations were the target of these attacks, conducted by a sophisticated state-based cyber-actor. The news has certainly left the businesses in a state of panic and confusion.
We understand that security of IT infrastructure has always been a top priority for businesses. And, attacks of this kind have left us intimidated. To put all your speculations to rest, we will talk at length about the cyber-attack and the steps that Exigo Tech has taken to safeguard your IT infrastructure.
How the cyber-attack was conducted?
The government is terming this attack as copy-paste compromises as the hacker used the proof of concept exploit code, web shells and other tools were copied identically from the open source. The actor has showed the capabilities to access the proof of concept of the target networks and regularly scan the target networks for any vulnerabilities. When the techniques of exploiting the proof of concept didn’t succeed, the actor resorted to other methods such as sending malicious links to the employees working in the target companies via emails, circulating links to lure users to grant the Office 365 OAuth tokens to the actor. The actor even deployed some email tracking software to monitor the number of email opens and prompt the users to open the emails containing malicious links. Once the initial access was received, the actor used some customised tools to stay on the victims network and interact with it.
What measures Exigo Tech took to protect your IT resources from the cyber-attack?
Exigo Tech, a Sophos platinum partner, ensured that adequate measures were taken to mitigate the impact of the cyber-attack. We worked with security partners such as the Sophos, Datto and PaloAlto to ensure that the security posture of your IT environment remains unaffected. We are constantly checking all the devices and the networks for any security compromises or dangers. We send reports for all the devices so that you remain updated about their stature. We also recommend that you implement multi-factor authentication for all your devices and accounts to ensure that there are no unauthorised logins.
What can you do to stay safe from future cyber-attacks?
- Deploy email filtering applications on your network such as Microsoft Advanced Threat Protection to ensure that emails with malicious links don’t enter your network.
- Ensure that all your accounts have multi-factor authentication enabled.
- Safeguard your IT infrastructure with SOPHOS XG Firewalls and make sure that your network is safe from harmful potential threats.
- Update your servers, computers, network equipment and mobile devices on a regular basis.
- Run phishing emails on a regular basis so that your employees are aware about such emails and instill a practice to not click on such emails. Sophos Phish Threat is an effective application to run such campaigns.
Still got questions?
We do understand that the situation is challenging and you may need to talk to experts. We are just a phone call away. Reach us on 1300 EXIGOTECH (394 468) or email us at firstname.lastname@example.org and one of our representatives will get in touch with you.