Mitigating Advanced Persistent Threats with ASD’s Essential 8

Today’s digital world is full of security perils and threats. As a consequence, cybersecurity is one of the most pressing concerns for organisations across the board, as cybercriminals continually refine their tactics to in order to exploit vulnerabilities with Advanced Persistent Threats (ATPs)

To safeguard against these threats, it’s imperative to make sure you have a robust security framework. The Australian Signals Directorate’s (ASD) Essential 8 provides a comprehensive set of strategies to mitigate risks and assist organisations in fortifying themselves against cyber threats, including ATPs.

Understanding Advanced Persistent Threats (APTs)

APTs are not just a “smash and grab invasion”; they are like intruders sneaking into your home and waiting in the shadows, patiently planning to discreetly take your most valuable possessions over time. These cyber invasions are complex and well-organised, often carried out by skilled groups with ample resources APTs aim to infiltrate a network and operate surreptitiously for months or even years without detection. Their goal is to steal sensitive data, disrupt operations, or undermine the target. This can result in significant financial, operational, and reputational damage.

Examples of APTs:

  • SolarWinds Hack (2020): This APT compromised the SolarWinds Orion software, affecting numerous government agencies and private companies worldwide. Attackers  managed to embed malicious code into the software update, which was then distributed to thousands of SolarWinds customers, enabling the attackers to intercept internal communications and pilfer sensitive data. (Source)
  • Hafnium Attack on Microsoft Exchange Servers (2021): The cyberattack known as the Hafnium Attack targeted Microsoft Exchange Servers in 2021, focusing on on-premises servers by exploiting zero-day vulnerabilities to breach email accounts and implant malware for prolonged access to victim environments. This attack had a significant impact on thousands of organisations globally. (Source)

How the Essential 8 Helps Mitigate APTs

The Essential 8 refers to a set of recommended strategies, by the Australian Signals Directorate (ASD) to help organisations safeguard against cyber threats. These strategies aim to establish defense layers lowering the chances of cyberattacks. The goal is to lessen the impact of any breaches.

Key strategies covered in Essential 8 include updating applications and operating systems using factor authentication restricting access, managing applications; restricting Microsoft Office macros, strengthening user applications and regularly backing up data. By implementing these measures, organisations can significantly boost their cybersecurity defenses.

1. Patch Applications

It’s crucial to regularly update all software applications to address known vulnerabilities that APTs could exploit to infiltrate or escalate privileges within a network. Keeping applications current reduces vulnerabilities, making it harder for attackers to find weaknesses.

Action: Regularly update all software applications to the latest versions and set them to update automatically to ensure you’re protected against the latest threats.

Schedule regular checks to verify that essential applications are up to date.

2. Patch Operating Systems

Regularly updating operating systems ensures that security vulnerabilities are promptly addressed, preventing APTs from exploiting known weaknesses in the OS. This will enhances security and reliability.

Action: Enable automatic updates for your operating systems to ensure they are always up to date.

Enabling automatic updates for your OS is crucial and it’s a good practice to conduct monthly checks to ensure all systems have the latest versions installed.

3. Multi-Factor Authentication (MFA)

Implementing Multi Factor Authentication (MFA) is a great way to boost security measures. By adding an extra layer of protection, it becomes more challenging for unauthorised individuals, such as advanced persistent threats (APTs), to gain access to systems, even if passwords are compromised. This is especially important for accounts that have access to sensitive information and systems.

Action: Make sure to enable multi-factor authentication for all user accountsparticularly those with administrative or sensitive privileges.

Regularly review and update the multi-factor authentication settings for all accounts to ensure they align with security standards and compliance.

4. Restrict Administrative Privileges

Limiting administrative privileges can help lower the chances of APTs gaining control over these accounts, ultimately reducing the impact of a breach by ensuring compromised accounts have limited access.

Action: Only assign administrative privileges to those who truly require them.

Regularly adjust user permissions to grant necessary access rights.

5. Application Control

Application control is essential in stopping unauthorised software from running, allowing only approved applications to operate. This is critical in fighting against APTs that often utilise custom or modified malware to avoid detection.

Action: Utilise application control to permit only authorised software on your systems.

Maintain and update a whitelist of approved applications consistently.

6. Restrict Microsoft Office Macros

To enhance cybersecurity measures, it’s crucial to restrict the use of Microsoft Office macros as attackers frequently exploit them for spreading malware. By managing when and how macros are used organisations can decrease the risk of activating malicious code.

Action: Disable macros in Microsoft Office documents downloaded from the internet unless they are necessary.

Set up Office applications to block macros from untrusted sources as a default setting.

7. User Application Hardening

Enhancing the security of applications, such as web browsers and email clients, helps reduce the vulnerabilities that Advanced Persistent Threats (APTs) can exploit. By turning off unnecessary features, it limits the potential points of entry that attackers can target.

Action: Enhance user applications by deactivating unnecessary features that could be vulnerable to exploitation.

Regularly assess and implement security settings for all user applications.

8. Regular Backups

Frequent and secure data backups will enable organisations to recover information in the event of a ransomware attack. This minimises the consequences of such incidents. This guarantees that essential data remains intact and allows operations to resume swiftly after an attack.

Action: Perform routine backups of critical data. Also ensure they are stored securely and separately from primary systems.

Periodically test your backups to verify efficient data restoration in case of emergencies.

Conclusion

Adopting the ASD’s Essential 8 measures is a proactive approach to fortifying your organisation against Advanced Persistent Threats. These tactics aim to establish multiple defence layers, decreasing the chances of successful cyber assaults and lessening their impact when they occur.

By keeping your apps and operating systems up to date, using multi-factor authentication, restricting admin access, managing apps, limiting Microsoft Office macros, securing user apps, and regularly backing up your data, you can build a strong security stance that can handle advanced cyber threats. It’s also crucial to be aware of advanced persistent threats (APTs) and learn from past incidents like the SolarWinds breach and the Hafnium attack to understand the importance of being alert and adaptable.

Cybersecurity requires continuous effort rather than a one-time task. Key steps in this process include consistently reviewing and enhancing security measures, educating your team about potential risks, and promoting a culture of cybersecurity awareness.

By consistently following the Essential 8 strategies, you safeguard your individual systems and enhance your organisation’s overall security posture. This holistic approach supports business continuity, safeguards sensitive information, and upholds your reputation. Stay proactive, stay informed, and stay safe.


12 Jul 2024