Australian small and medium businesses targeted by attackers, what you can do: SSO Alert Priority Medium
15 November 2013
A group of cyber attackers has recently targeted Australian companies, including small and medium businesses. These attacks highlight why all businesses need to be vigilant about online security, not just large or internet based businesses.
Companies should have security policies implemented and be following best practices for computer and network security. This includes using anti-virus products, ensuring all software is updated regularly and ensuring staff understand safe online behaviour—such as avoiding suspicious websites.
Companies with websites should also ensure their websites are secure and that administration passwords are well protected.
The recent attacks, coming from a group calling themselves Anonymous Indonesia, targeted the websites of more than 170 Australian businesses. The group was protesting reports that Australians had been spying on Indonesia for a number of years, and while this was a politically motivated attack, the majority of victims were typical small and medium sized Australian businesses with no known political position. Their websites were altered to display a message from the Anonymous Indonesia group. They were targeted simply because they were Australian.
While larger businesses tend to be targeted more frequently by cyber attacks, small and medium businesses do also get targeted. Security vendor Symantec recently estimated that 31 per cent of cyber attacks are against small businesses.
Any company with an internet connection or website can be attacked.
Over recent years there have been improvements in the technologies used by hackers so they can scan a large number of websites on the internet to find vulnerable websites. Common tactics include looking for older versions of website software by looking for the version number at the bottom of the web page.
Securing your website
The main damage from these latest attacks was the defacement of company websites. There are a number of ways to attack a website and businesses of all sizes should ensure they protect against each of them.
One of the most commonly used tactics is a phishing attack. In the most common form of phishing attack, an email is crafted to appear like it is coming from a trusted source, such as your website hosting provider or bank. These emails often request that you change your password or access your account to make a change. The email then redirects you to a fake website designed to capture your credentials when you enter them under the instructions in the email. Other forms of phishing may include phone calls, faxes, or physical letters from attackers pretending to be from a legitimate business.
Businesses can protect against phishing by ensuring that all requests to change system information are verified first by contacting the company directly. For instance, in the above scenario, you could ring your website hosting provider directly on their listed telephone number to verify the email is legitimate. Another useful strategy is to limit the number of people who have access to passwords for your company's accounts and to ensure that those people are trained to recognise phishing emails.
Other tactics to deface websites include the use of tools to exploit the software used to run the website. These tools search for weak points in the software and alter the software to obtain administrative rights.
Software providers usually prepare updates to fix these weak points as quickly as possible once they are discovered. The best protection against such attacks is to ensure that your software is regularly updated and that any unneeded parts of the software (services) are turned off. For example, some systems come with a file sharing capability turned on by default, and if that is not needed, it should be disabled. If your website is managed or hosted outside the company (such as through a web hosting provider) it can also be secured. You should contact your web hosting provider to discuss your security options.
Another important technique to protect against the damage of a cyber attack is to keep regular backups of your critical data. Backups are an important component to business continuity in cases of hardware failures and physical damage, but also in the case of cyber attacks. Your backups should be stored offsite and they should also be secure. If a system is damaged by a cyber attack and cannot be easily fixed (such as the current spate of CryptoLocker attacks) data may instead be recoverable from a backup copy.
You should talk to your local technical support provider about these issues.
More information on the recent attacks can be found in recent articles from most major news outlets, including SBS and the ABC.
The information provided here is of a general nature. Everyone's circumstances are different. If you require specific advice you should contact your local technical support provider.
Thank you to those subscribers who have provided feedback to our Alerts and Newsletters. We are very interested in your feedback and where possible take on board your suggestions or requests.
This information has been prepared by Enex TestLab for the Department of Communications ('the Department'). It was accurate and up to date at the time of publishing.
This information is general information only and is intended for use by private individuals and small to medium sized businesses. If you are concerned about a specific cyber security issue you should seek professional advice.
The Commonwealth, Enex TestLab, and all other persons associated with this advisory accept no liability for any damage, loss or expense incurred as a result of the provision of this information, whether by way of negligence or otherwise.
Nothing in this information (including the listing of a person or organisation or links to other web sites) should be taken as an endorsement of a particular product or service.
Please note that third party views or recommendations included in this information do not reflect the views of the Commonwealth, or indicate its commitment to a particular course of action. The Commonwealth also cannot verify the accuracy of any third party material included in this information.