ACSC issues national alert over malware campaign

By Dylan Bushell-Embling
Monday, 28 October, 2019

The Australian Cyber Security Centre (ACSC) has issued a national alert warning of a widespread malware campaign linked to the recent attack on Victorian regional hospitals and health services.

The National Cyber Security Committee (NCSC) has raised the national cyber threat level as a result of the scale of the Emotet Trojan attack, the ACSC said.

The NCSC has done this by raising the Cyber Incident Management Arrangements — which ranks the severity of declared national cyber incidents on a scale from one to five — to “Level 3 – Alert.”

According to the ACSC, Emotet malware is spread through malicious codes hidden in links or attachments of both targeted and untargeted phishing emails. It allows attackers to take control of affected systems and install additional malware.

ACSC Head Rachel Noble said the centre is working with state and territory governments to limit the spread of the malware and support organisations that have already been infected.

“Cybercriminals use malware for different reasons, most commonly to steal personal or valuable information from which they can profit, hold recipients to ransom or install damaging programs onto devices without your knowledge,” she said.

“If Emotet infects your computer, it will open up a backdoor that will allow the cybercriminal to inject ransomware that could freeze your network.”

The ACSC is urging Australian critical infrastructure, business and government organisations to take steps including immediately disabling macros, scanning networks for existing infections and developing an incident response plan in case of an attack.

Organisations should also maintain firewalls as well as complementary security controls, and maintain offline backups that can easily be restored in case of a ransomware infection.

According to Garrett O’Hara, Technical Consultant for email security specialist Mimecast, organisations can take additional steps to mitigate the threat of macro-based email attacks.

Examples include implementing technology that automatically converts editable Word or other documents into non-writable PDF files.

“If attachment conversion to a safe format is not possible, using a technology stack that includes signature, heuristic and static analysis of files, followed by sandboxing, is important for mitigating attachment borne threats such as Emotet,” he said.

“Awareness training for employees is [key] as the last layer of defence. Having employees be suspicious of emails from anyone they don’t know — especially any emails containing links or attachments — is critical.”

Image credit: ©Sergey Nivens/Dollar Photo Club

Information Technology Professionals Association (ITPA) is a not-for-profit organisation focused on continual professional development for its 18,700 members. To learn more about becoming an ITPA member, and the range of training opportunities, mentoring programs, events and online forums available, go to www.itpa.org.au.