#NSBCS.005 - Australia Embraces a Cyber Secure Future

Australia Embraces a Cyber Secure Future: A Strategic Roadmap to 2030

The Australian Government has recently released the 2023-2030 Australian Cyber Security Strategy, providing a crucial roadmap for safeguarding Australia's digital landscape and ensuring its position as a global leader in cyber resilience. This comprehensive strategy outlines six interconnected objectives to fortify Australia's cyber defences:

1. Strong businesses and citizens: Empowering individuals and businesses to become more cyber-savvy and fostering a culture of cyber security awareness.

2. Safe technology: Promoting the development and adoption of secure technology solutions to protect critical infrastructure and digital systems.

3. World-class threat sharing and blocking: Establishing a robust network for sharing cyber threat intelligence and implementing effective measures to block malicious cyber activity.

4. Protected critical infrastructure: Shielding Australia's critical infrastructure from cyber attacks through comprehensive risk assessments, regulatory frameworks and incident response capabilities.

5. Sovereign capabilities: Developing a self-reliant cyber security ecosystem with a focus on indigenous research, innovation, and skilled workforce development.

6. Resilient region and global leadership: Collaborating with regional and global partners to promote cyber security norms, share expertise and address shared cyber threats.

The release of the 2023-2030 Australian Cyber Security Strategy marks a significant step towards safeguarding Australia's digital landscape and establishing the country as a global leader in cyber resilience. By outlining comprehensive objectives and focusing on areas such as empowering individuals and businesses, promoting safe technology and strengthening threat sharing capabilities, the strategy demonstrates Australia's commitment to proactively addressing cyber threats. This forward-thinking approach will not only enhance the nation's cyber defences but also contribute to a more secure and resilient digital future for all Australians.

For information on NSB Cyber’s Cyber Resilience capabilities or to book a meeting with our team, click here.

What we read this week

• Rhysida ransomware gang claims British Library cyberattack - The Rhysida ransomware gang is claiming responsibility for a cyberattack on the British Library in October, causing a major ongoing IT outage. Observed as a ransomware-as-a-service (RaaS) model, Rhysida actors are auctioning off the data it reportedly stole from the library, and has leaked a low-resolution screenshot of what looks like ID scans stolen from the library's compromised system. The British Library has confirmed that this was a ransomware attack, and that some data has been leaked, which appears to be from files relating to the library's internal HR information.

• Mustang Panda Hackers Targets Philippines Government Amid South China Sea Tensions - Mustang Panda, a China-linked APT, has been attributed towards conducting a cyber attack against a Philippines government entity in August 2023. The attackers were leveraging spear-phishing emails to deliver a malicious ZIP archive that contains a rogue dynamic-link library, subsequently establishing contact with a remote server. This cyber attack campaign is illustrative of the rising tensions between the two countries over the disputed South China Sea, with the Chinese-linked APT acting in accordance with the geopolitical interests of the national government in establishing regional hegemony.

• Canadian government discloses data breach after contractor hacks - Brookfield Global Relocation Services (BGRS) and SIRVA Worldwide Relocation and Moving Services are Canadian government contractors that have suffered data breaches, exposing sensitive personal and financial information of an undisclosed number of government employees, including members of the Royal Canadian Mounted Police, Canadian Armed Forces, and the Government of Canada. The government-related information dates back to 1999, and the LockBit ransomware gang is claiming responsibility for breaching SIRVA’s systems, leaking 1.5TB of archives allegedly stolen from SIRVA's servers.

• Citrix, Gov Agencies Issue Fresh Warnings on CitrixBleed Vulnerability - Citrix and governmental agencies have issued fresh warnings about the CitrixBleed vulnerability, a critical bug in Citrix NetScaler ADC and Gateway appliances. The flaw, identified as CVE-2023-4966, was patched in October but had been exploited as a zero-day since August. It allows for information disclosure. The vulnerability has prompted Citrix and government agencies to urge users to update their systems to the latest patched versions. The CitrixBleed vulnerability affects multiple Citrix products and can be exploited by attackers to gain unauthorised access to sensitive information. Users are advised to take immediate action to mitigate the risk and prevent potential data breaches.

• New Flaws in Fingerprint Sensors Let Attackers Bypass Windows Hello Login - New research has found multiple vulnerabilities in fingerprint sensors from Goodix, Synaptics, and ELAN. Researchers have discovered that these new flaws in fingerprint sensors could allow attackers to bypass Windows Hello login security on Dell Inspiron 15, Lenovo ThinkPad T14, and Microsoft Surface Pro X laptops. This is a concerning development because it could allow cybercriminals to exploit vulnerabilities and create fake fingerprints that would be accepted by the sensors, enabling them to log into Windows Hello-protected devices without the user's knowledge or consent.

References:

Rhysida ransomware gang claims British Library cyberattack - bleepingcomputer.com
Mustang Panda Hackers Targets Philippines Government Amid South China Sea Tensions - thehackernews.com
Canadian government discloses data breach after contractor hacks - bleepingcomputer.com
Citrix, Gov Agencies Issue Fresh Warnings on CitrixBleed Vulnerability - Security Week
New Flaws in Fingerprint Sensors Let Attackers Bypass Windows Hello Login - thehackernews.com

For further information on how to build and maintain cyber resilience and defend with confidence against the potential for cyber-attacks, including how to access NSB Cyber’s Cyber Threat Intelligence (CTI) reporting tailored to your enterprise technology, geography, sector or brand, contact us via our website or at info@nsbcyber.com.