iTnews

ACSC issues national alert over trojan linked to Vic Health attack

By Julian Bajkowski on Oct 25, 2019 5:02PM
ACSC issues national alert over trojan linked to Vic Health attack

Gone phishing for the weekend.

The Australian Cyber Security Centre has started banging its urgent cyber alert gong over a torrent of trojans now being aimed at business and government users, saying at least 19 organisations have been hit by ‘Emotet’ malware.

It says that the attachment-borne payload is the same that preceded a hobbling ransomware attack against regional Victorian hospials and health services that was attributed to Ryuk malware.

The public facing arm of the secretive Australian Signal’s Directorate on Friday escalated its warnings on the phishing based attack, with ACSC chief Rachel Noble issuing a national alert.

“Due to the scale of the campaign, and the risk of economic impact, the National Cyber Security Committee (NCSC) has activated the national Cyber Incident Management Arrangements (CIMA) to Level 3 – Alert”.

At a broad level, the CIMA is set of interjurisdictional agreements that set out how agencies across the federal, state and local sectors will coordinate across Australia’s maze of intergovernmental connections.

The arrangements matter because many local governments, especially regional councils control critical infrastructure that can be heavily impacted if councils and state governents are compromised or hobbled, as happened recently in Victoria.

(More on how the CIMA alert system works at the end of this story.)

According to ACSC, the current campaign uses both targeted and untargeted phishing emails to push the Trojan.

"Upon infection of a machine, Emotet attempts to spread within a network by brute-forcing user credentials, and writing to shared drives. Emotet has been observed downloading a secondary malware, called Trickbot, onto infected machines," an ACSC threat advisory said.

"Trickbot is a modular multi-purpose command-and-control (C2) tool that allows an attacker to harvest emails and credentials, move laterally within a network using exploits like EternalBlue, and deploy additional malware to the infected network."

The ACSC has not characterised the origin of the attack, saying only that “cyber criminals use malware for different reasons, most commonly to steal personal or valuable information from which they can profit, hold recipients to ransom or install damaging programs onto devices without your knowledge.”

However the chairman and chief executive of key defence systems and services provider Unisys, Peter Altabef, last week told iTnews he believed that ransomware attacks were increasingly being used as a smokescreen for state sponsored attacks.

Altabef is a member of the US President’s National Security Telecommunications Advisory Committee.

The laundry list of urgent cyber fixes for enterprises has also swollen over the last two week, with key enterprise vendor Oracle also shunting a clutch of urgent vulnerability patches, two of which affected its financial services products and rated 9.8 and 10 in terms of urgency.

Banks are also privately expecting an uptick in fraud efforts and stolen credential milking as merchants and institutions face tougher online payment requirements after the AusPayNet finally released a new framework that demands two factor authentication for many transactions.

ACSC chief Noble is imploring people to pay attention and take precautions.

“If Emotet infects your computer, it will open up a backdoor that will allow the cybercriminal to inject ransomware that could freeze your network,” Noble said.

How the CIMA hierarchy works 

According to ACSC, "the CIMA bridges the current gap between a localised cyber security incident handled by an individual state, and Australia’s national crisis management arrangements.

"If a national cyber incident reaches a crisis level, the CIMA will operate in support of jurisdictions’ respective crisis management arrangements," an updated guide says.

The CIMA categorises cyber incidents under National Cyber Security Arrangements (NCSA) from Level 5 to Level 1: 

Level 5: Normal Conditions

Level 4: Lean Forward

Level 3: Alert

Level 2: National Cyber Incident

Level 1: National Cyber Crisis

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
acscasdemotetpeter altabefsecuritysoftware

Partner Content

DoT Victoria turns to Oracle to implement unified cloud-based platform
Promoted Content DoT Victoria turns to Oracle to implement unified cloud-based platform
Alienated from your own data? You’re not alone
Promoted Content Alienated from your own data? You’re not alone
5 essential digital transformation ideas
Promoted Content 5 essential digital transformation ideas
Vast majority of surveyed firms still rely on password authentication
Promoted Content Vast majority of surveyed firms still rely on password authentication

Sponsored Whitepapers

Planning before the breach: You can’t protect what you can’t see
Planning before the breach: You can’t protect what you can’t see
Beyond FTP: Securing and Managing File Transfers
Beyond FTP: Securing and Managing File Transfers
NextGen Security Operations: A Roadmap for the Future
NextGen Security Operations: A Roadmap for the Future
Video: Watch Juniper talk about its Aston Martin partnership
Video: Watch Juniper talk about its Aston Martin partnership
Don’t pay the ransom: A three-step guide to ransomware protection
Don’t pay the ransom: A three-step guide to ransomware protection

Events

  • iTnews Benchmark Awards 2022 - Finalist Showcase
  • 11th Annual Fraud Prevention Summit 2022
  • IoT Impact Conference
  • Cyber Security for Government Summit
By Julian Bajkowski
Oct 25 2019
5:02PM
0 Comments

Related Articles

  • Sovereign push for gov cyber hubs ahead of expansion
  • ASD chief pushes back against splitting agency in two
  • Gov readies cyber hub expansion, stops certifying internet gateways
  • Tech giants say gov cyber incident intervention powers 'unworkable'
Share on Twitter Share on Facebook Share on LinkedIn Share on Whatsapp Email A Friend

Most Read Articles

Kmart Australia stands up consent-as-a-service platform

Kmart Australia stands up consent-as-a-service platform

NSW digital driver's licences 'easily forgeable'

NSW digital driver's licences 'easily forgeable'

Kmart Australia re-platforms ecommerce site to AWS

Kmart Australia re-platforms ecommerce site to AWS

Westpac promotes its head of technology to mortgage role

Westpac promotes its head of technology to mortgage role

Digital Nation

As NFTs gain traction, businesses start taking early bets
As NFTs gain traction, businesses start taking early bets
Case Study: PlayHQ leverages graph technologies for sports administration
Case Study: PlayHQ leverages graph technologies for sports administration
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
COVER STORY: From cost control to customer fanatics, AI is transforming the contact centre
The other ‘CTO’: The emerging role of the chief transformation officer
The other ‘CTO’: The emerging role of the chief transformation officer
Metaverse hype will transition into new business models by mid decade: Gartner
Metaverse hype will transition into new business models by mid decade: Gartner
All rights reserved. This material may not be published, broadcast, rewritten or redistributed in any form without prior authorisation.
Your use of this website constitutes acceptance of nextmedia's Privacy Policy and Terms & Conditions.