The Australian government and industry have been warned to increase their cyber defences against attacks linked to China.
United States intelligence agencies issued an alert to allied governments on Wednesday about the targeting of major telecommunications companies and network service providers, and how to plug vulnerabilities.
After gaining an initial foothold, hackers identify critical users and infrastructure that controls authentication, authorisation and accounting.
Armed with valid accounts and credentials, the state-sponsored cyber experts return and attack the network.
The China-sponsored hackers often use publicly available network tools to “blend into the noise or normal activity” of government and business networks.
These tools enable them to exploit broadband routers used in many offices, including equipment from major industry providers including Cisco, Fortinet, and MikroTik.
BEST PRACTICE:
*Keep systems and products updated and patched.
*Implement a centralised, automated patch management system.
*Enforce multi-factor authentication for all users, without exception.
*Implement and enforce strict password requirements.
*Disable unnecessary ports and protocols.
*Replace old equipment.
Marion Rae
(Australian Associated Press)