Sophisticated network attacks and guidance for agencies - 20230816001¶

Overview¶

Several recent reports from major companies in the network security space including Cisco and Mandiant have highlighted the focus from sophisticated threat actors on targeting network infrastructure. WA SOC has recently published some high-level guidance for agencies that can prevent or provide improved visibility over many of these attacks.

What has been observed?¶

Cisco Talos¶

Cisco Talos and many intelligence agencies have reported attacks against firewalls and routers globally, these attacks leverage gateway vulnerabilities from unpatched network hardware, leaked credentials, legacy infrastructure, flawed configurations and persist by further exploiting these vulnerabilities to introduce even more network weaknesses. Network Resilience: Defending against sophisticated attacks targeting network infrastructure outlines in further detail some of the protections against attacks they have seen.

Mandiant¶

Google's Mandiant has also released a blog post about the tactics used by state-sponsored threat actors to avoid detection and that cyber espionage zero-day exploitation in 2021 and 2022 has focused on security, networking, and virtualization technologies. Mandiant continues to list seven more cases of similar threat actors launching network attacks targeting firewalls, routers, VPNs, and email gateways.

Agencies vulnerable to these threats may be unaware of active exploits due to the sophisticated persistence techniques used.

How are these risks addressed?¶

As many of the risks outlined in the reports are directly on gateway devices and associated internet exposed appliances, ACSC's Gateway Security Guidance offers helpful executive guidance, principles and frameworks to address many of the concerns. Listed within that guidance is an essential list of governance-related security principles that organisations need to be aware of as part of using gateways. These are:

risk cannot be outsourced
security management is continuous
risk is continuously managed
the invisible cannot be protected
gateways protect organisations and staff
Commonwealth entities have specific obligations
plan for security flaws
balance business and security.

A definition of gateways can be described as anything facilitating data flow between an organisation’s internal network and the internet.

Recommendation¶

In addition to recommending ACSC's Gateway Security Guidance, the WA SOC has recently published some high-level Network Management Guidelines that agencies can use to help transform and modernise their networks to address many of the shortcomings of existing out-of-date network architecture.