Background / What has happened?
There has been a historical pattern of cyber attacks against Ukraine that have had international consequences. Malicious cyber activity could impact Australian organisations through unintended disruption or uncontained malicious cyber activities.
While the ACSC is not aware of any current or specific threats to Australian organisations, adopting an enhanced cybersecurity posture and increased monitoring for threats will help to reduce the impacts to Australian organisations.
Mitigation / How do I stay secure?
The ACSC recommends that organisations urgently adopt an enhanced cyber security posture. This should include reviewing and enhancing detection, mitigation, and response measures.
Organisations should ensure that logging and detection systems in their environment are fully updated and functioning and apply additional monitoring of their networks where required.
Organisations should also assess their preparedness to respond to any cyber security incidents, and should review incident response and business continuity plans. The ACSC has published Cyber Incident Response Plan – Guidance & Template to assist organisations to produce an incident response plan.
The ACSC strongly recommends organisations implement the Essential Eight mitigation strategies from the ACSC’s Strategies to Mitigate Cyber Security Incidents as a baseline. This baseline, known as the Essential Eight, makes it much harder for adversaries to compromise systems. The Essential Eight mitigation strategies are:
- Application control;
- Patch applications;
- Configure Microsoft Office macro settings;
- User application hardening;
- Restrict administrative privileges;
- Patch operating systems;
- Multi-factor authentication; and
- Regular backups.
Australian organisations may also wish to review the following publications from partner agencies:
US Cybersecurity and Infrastructure Security Agency (CISA): CISA Insights: Implement Cybersecurity Measures Now to Protect Against Potential Critical Threats
UK National Cyber Security Centre: NCSC advises organisations to act following Russia’s further violation of Ukraine’s territorial integrity
NZ National Cyber Security Centre: General Security Advisory: Understanding and preparing for cyber threats relating to tensions between Russia and Ukraine
Canadian Centre for Cyber Security (CCCS): Cyber threat bulletin: Cyber Centre urges Canadian critical infrastructure operators to raise awareness and take mitigations against known Russian-backed cyber threat activity