ACSC urges network owners to sign up for AISI

The Australian Cyber Security Centre (ACSC) is urging Australian internet providers and other network owners to sign up to the free Australian Internet Security Initiative (AISI) after receiving multiple reports about preventable cybersecurity incidents.

The centre said it has recently observed a large number of unprotected network and storage devices hosted on Australian IP address ranges, which leaves data contained in these services exposed to being compromised.

“Over recent weeks, the ACSC has received a number of reports about cybersecurity incidents that could have been prevented if the affected party had signed up to the free AISI program and actioned the alert data it provides,” the ACSC said in an advisory.

The AISI program is a public–private partnership between the ACSC and Australian internet providers and network owners to help reduce malware infections and service vulnerabilities on Australian IP addresses.

As part of the program, participants are sent daily email reports identifying IP addresses on their networks that are either already infected by malware or vulnerable to attack due to inadequate authentication and access control processes.

Statistics from the ACSC show that during the first quarter of 2019, the AISI program identified around 20,000 open network services that were potentially vulnerable to exploitation.

The AISI partnership also observed numerous MongoDB, ElasticSearch, Memcached and Redis vulnerabilities — for example, the program detected around 500 open Mongo databases per day.

Besides signing up to the AISI, the ACSC recommends that all Australian businesses and organisations should ensure they have implemented strong user authentication and access controls on their databases and network infrastructure.

Suggested actions include ensuring service administration interfaces and service interfaces that do not require remote access are not exposed on the internet, using VPN connections where applicable, and adopting data loss prevention, intrusion prevention system and intrusion detection system technologies.

Network operators should also retain audit and access logs and regularly monitor them for suspicious activities, implement network segmentation and segregation techniques using TLS encryption wherever possible, and report data breaches to the ACSC for assistance.

Image credit: ©James Thew/Dollar Photo Club

Please follow us and share on Twitter and Facebook. You can also subscribe for FREE to our weekly newsletter and quarterly magazine.