This month in security: December 2021

Log4Shell vulnerability “biggest of the last decade” 

A critical vulnerability discovered in open-source logging tool Log4j is likely to haunt the internet for years to come. The vulnerability allows attackers to access servers and install malware, stealing data and credentials. 

Perspective  
Organisations should take the Log4Shell vulnerability very seriously. Apache, the software’s developers, have given the vulnerability a maximum threat rating of ten out of ten. Patches have already been released, and major players such as Microsoft are offering regular updates on the threat. But Log4j is in widespread use, and not just at the likes of Microsoft, Amazon and Google. Smaller developers that have used the tool in their products may be slower to respond than larger corporations. The Australian Cyber Security Centre (ACSC) and New Zealand’s National Cyber Security Centre (NCSC) are advising organisations to check any use of Log4j in their software, and for individuals to ensure their devices and apps are fully updated. 

Foreign cyberattack almost shut off power for three million Australians 

CS energy has reported a ransomware attack that could have hit the power supply of millions of Australians. The state-owned Queensland utility company’s systems were compromised at the end of November. The attack was initially blamed on Chinese hackers, but Russian ransomware group Wizard Spider has since claimed responsibility.  

Perspective  
CS Energy responded to the attack with measures that included segregating its compromised corporate systems from its operational network, and no homes lost power as a result. The flurry of attention that greeted the breach included the widespread claim that China was the culprit. Yet while Chinese actors have been behind other attacks on Australian infrastructure in recent years, it seems unlikely they were involved in this incident. 

As ransomware becomes more pervasive, calm heads, rather than dramatic headlines, are needed. The government’s Ransomware Action Plan should go some way to combating the threat to critical infrastructure, and all organisations can reduce the risk through measures such as better awareness training and the use of a DDoS mitigation service. 

    
Australian government promises crypto reform 

Australia has announced plans for cryptocurrency regulation, claiming they could represent "the largest reforms to our payments systems in a quarter of a century". Federal Treasurer Josh Frydenberg said the review would focus on digital wallets and crypto investments, as well as setting new protocols in place for the regulation and taxation of digital currencies. 

Perspective  
Cryptocurrency regulation would protect the public against fraud, and give the government greater oversight into an area currently dominated by tech giants and foreign powers. More and more Australians are using cryptocurrencies, with an estimated 17% currently owning crypto, and another 13% saying they will buy it in the next year. Increased government oversight of the “Wild West” of digital currencies is needed, with cryptocurrencies also central to powering ransomware attacks. But, given agencies have been asked to consult and report back in 2022, any changes are unlikely to happen until after the next elections. 

 
Google takes legal action against Glupteba botnet 

Google is hoping that a two-pronged approach will seriously disrupt the Glupteba malware and botnet operation, which has infected over a million computers. Glupteba has been around since 2011, and is used to steal data and mine cryptocurrency. Google’s Threat Analysis Group (TAG) has taken down servers and Google accounts, and the company has also filed a legal complaint against two Russian nationals who it believes are behind the malware. 

Perspective  
Tackling Glupteba is especially difficult because it uses the Bitcoin blockchain to store the addresses of backup servers that can be used to replace any command and control servers that may be taken down. By lodging charges against two alleged hackers – and 15 co-defendants – Google hopes to make it harder for criminals to regain control of the botnet. As cybercrime continues to grow, we can expect to see multi-front approaches – involving technical solutions, legal action and pressure from governments – combine to counter the threat. 

Government agency confirms it will “strike back” against cybercriminals 

The Australian Signals Directorate has acknowledged that it has a “proactive offensive capability” to respond to cyberattacks. “We never seek conflict,” said Director-General Rachel Noble. “But we do want our adversaries to know that we are here. We want them to calculate: Today is not the day.” 

Perspective  
Offensive tactics used by national governments against rival states or criminal gangs can include shutting down websites, disabling computers or attacking physical infrastructure. Most nations have traditionally remained tight-lipped about their power to project force in cyberspace, and National Security College Senior Policy Adviser William Stoltz acknowledged that it was a side of cybersecurity “that is somewhat uncomfortable for a country like us”. But as attacks on critical infrastructure – some from state-sponsored actors – grow, offensive cyber capabilities may become an increasingly accepted part of national security. 

 
Last month’s Frontier Software leak may have exposed the data of 80,000 government workers

The data of 80,000 South Australian government workers may have been exposed in a ransomware attack on payroll provider Frontier Software. An SA spokesperson has disclosed that information such as first and last names, dates of birth, home addresses, tax file numbers and bank account details may have been accessed. 

Perspective  
The attack took place in mid-November, delaying the payments of hundreds of employees, with Frontier initially announcing that customer data was secure. Russian hackers are believed to be responsible for the incident, which has affected at least 38,000 staff, and may have affected up to 80,000. Personal data is valuable ransomware material, and can be sold for a profit on the dark web. Responding to such a breach is never easy, but good preparation will help– these guidelines supply a framework.