Emerging cybersecurity threats affecting government

Fortinet Australia Pty Ltd
By Glenn Maiden
Friday, 28 August, 2020

The impact of COVID-19 saw a scramble to get departments and agencies up and running with a remote, distributed workforce. Secure, remote access became crucial and will remain equally important well into the future.

In this challenging environment, businesses, individuals, and Australia’s government agencies have all been targeted by significant cyberattacks from nation states and cybercriminals alike. Attackers continue to become more sophisticated and personalised, contextualised attacks continue to rise.

COVID-19 provided an ideal attack theme, with the Australian Cyber Security Centre responding to dozens of incidents and shutting down more than 150 malicious COVID-19-themed websites targeting Australian interests. SMS-based phishing attacks contained malicious links disguised as government warnings about COVID-19.¹

The Copy-Paste campaign has also targeted numerous Australian government organisations. This attack exploits vulnerabilities in Telerik UI software, which is widely used and often needs to be patched manually. Many organisations aren’t even aware they’re using Telerik, so it’s important to check this and patch the software.

Ransomware attacks are also becoming more targeted, especially against operational technology (OT) and industrial control systems (ICS). Ransomware attacks against healthcare and aged care organisations are also common, and the attackers often steal medical, personal, and business information.

In the face of sophisticated attacks, most private and public-sector organisations have focused on patching end points and making employees aware of social engineering methods. However, one largely overlooked attack vector is the home router, often purchased cheaply or as part of an internet bundle and rarely secured to acceptable levels for remote work. Now that the home has become part of the organisational perimeter, it’s imperative for government organisations to ensure higher grade, more secure access infrastructure for remote users.

These types of attacks will persist regardless of the evolving situation with COVID-19. Therefore, the onus is on organisations to implement strong security without compromising their ability to provide remote access to mission-critical systems. Protecting home-based users and devices in ways similar to those undertaken for office-based users and devices should be a priority.

The complexity and rapidly evolving nature of today’s business networks means that government organisations require a cybersecurity platform that provides comprehensive visibility and protection across the entire attack surface, including devices, users, mobile endpoints, multicloud environments, and Software-as-a-Service (SaaS) infrastructures.

Software-defined wide area networking (SD-WAN) has emerged as a way to improve the user experience and effectively route traffic for organisations that have embraced the cloud. SD-WAN lets branch and remote users access the systems and data they need without having that traffic slowed down by having to travel through a centralised data centre. Instead, using SD-WAN, users access the cloud directly from their location. While this increases the speed of business, it also potentially increases the speed of attacks.

Given the crucial importance and potential sensitivity of information and processes under the purview of government agencies, it’s essential for these organisations to choose a secure SD-WAN solution. The security component is missing from most SD-WAN solutions, leaving them exposed to the growing threat landscape. Fortinet Secure SD-WAN doesn’t just manage traffic; it analyses it for threats and then remediates those threats as appropriate.

Secure SD-WAN protects the network edge, endpoints, and access. A truly secure SD-WAN solution such as Fortinet’s has security built in from the ground up, not bolted on as an afterthought. It provides both networking and security that lets branch and remote workers access even bandwidth-heavy applications with a strong user experience without compromising security.

Given the rise of the distributed workforce, it’s essential for government organisations to proactively manage security alongside remote access to facilitate effective remote working well into the future.

For more information, click here.

¹ https://www.cyber.gov.au/acsc/services/covid-19-cyber-security-advice

Glenn Maiden is director of threat intelligence, FortiGuard Labs ANZ, Fortinet.

Image copyright Getty Images/Moyo Studio