Relevant Case Studies/News

Below is a small selection of relevant case studies and news excerpts affecting Australian business. Digital Force One helps your business mitigate all these cyber risks.

Payroll Software Compromise

Personal data is highly valued by hackers and can cause considerable damage to business. With Digital Force One’s 100+ point check, the risk of hackers stealing personal or client data is mitigated.

In late 2015, a payroll system utilised by a number of Australian based companies was compromised and the personal data of employees was obtained. The actors used the stolen information, including tax file numbers, to lodge fraudulent tax returns. The incident resulted in considerable financial and reputational damage to the companies impacted by the compromise.
–Australian Cyber Security Center (ACSC) 2016 Threat Report

Disabling Antivirus Programs

Mark Vartanyan who goes by the hacker alias ‘Kolypto’, developed a malware program named ‘Citadel’ that disabled antivirus programs and infected over 11 million computers worldwide. Hence, a multi-layered approach to cyber security is required rather than relying solely on antivirus.

Citadel malware writer ‘Kolypto’ charged. US prosecutors said Citadel malware was for sale on invite-only Russian language crime forums from 2011. 

The malware was designed to steal financial account credentials and personal information while disabling antivirus programs. It is believed to have infected over 11 million computers worldwide, causing losses of over US$500 million (A$652 million).
https://www.itnews.com.au/news/citadel-malware-writer-kolypto-charged-455057

Adobe Flash – Watering Hole Technique

The following excerpt reveals the unfortunate reality that legitimate websites that business need to visit can host malvertising to host crimeware tools. Digital Force One thoroughly cover many aspects of cyber security mitigating  this risk to your business.

The ACSC has identified increased exploitation of vulnerabilities found in Adobe Flash. Cyber adversaries will use these vulnerabilities to enable compromised websites (watering hole techniques) and malvertising to host crimeware tools. In a recent investigation the ACSC identified a number of Australian business websites, regularly visited by government staff members, being used as watering holes. The websites had been compromised to host Adobe Flash exploits. Government staff had a genuine need to access the websites and did not have to authorise nor knowingly download any files for the exploit to run.
–Australian Cyber Security Center (ACSC) 2016 Threat Report

Canberra Based Websites – Hosting Exploit Kit

The following excerpt reveals Australian websites used as a hackers ‘initial access’ (see  Understanding an Attack) where an intruder bypasses antivirus and begins the process of compromising your business systems. Digital Force One helps mitigate these, and many other, types of threats.

On 4 August 2016, the ACSC became aware that websites of various Canberra based businesses – some of which were located in close proximity to government departments – were hosting an exploit kit redirect which forms the first step in a process to compromise visitors. Subsequent analysis indicated that the exploit kit redirect was part of the Neutrino Exploit Kit which is used to gain access to victim hosts in order to drop malware. 
–Australian Cyber Security Center (ACSC) 2016 Threat Report

Financial Services Provider – Keystroke Logging

This expert illustrates the disastrous fact that your business can be compromised for years without notice. With not just one but many viruses! Regain confidence in your business I.T. with Digital Force One.

In July 2015, CERT Australia advised a financial services provider of a compromised domain controller on their network which was communicating with malicious domains. At the time of notification, it was believed this host had been compromised for at least a year.

CERT Australia forensically analysed a disk image of the compromised domain controller (provided by the business). This analysis revealed the presence of three different versions of a malware variant capable of the extraction of sensitive files and other malicious activities including keystroke logging and enabling access to other areas of the network, as well as the presence of additional tools capable of extracting user credentials.
–Australian Cyber Security Center (ACSC) 2016 Threat Report

Windows PowerShell Tool

Hackers have used tools installed by I.T. administrators. These tools, like PowerShell, make life easy for system administrators but, unfortunately, make life easy for a hacker as well. Digital Force One analysis helps business find the right balance between productivity and cyber security.

The ACSC has observed an increase of systems being exploited using PowerShell. PowerShell is a powerful shell scripting language developed by Microsoft, enabling network administrators to fully control Microsoft Windows systems easily. PowerShell allows automation of a wide variety of tasks, and it can be run locally or across the network. Activities performed from the PowerShell environment bypass many security protections and leave virtually no residual artefacts on the system, thus making any compromise more difficult to
identify as well as making any forensic investigation more difficult to perform.
–Australian Cyber Security Center (ACSC) 2016 Threat Report

 

 

Specialising in Small Businesses

We make sure your computers and your entire life doesn't get hacked!