How to Test your Security Controls for Resilience to Australian Cyber Security Centre (ACSC) Advisory 2020-008: Copy-paste Compromises
In conjunction with an announcement by the Australian Prime Minster, Scott Morrison, on National Television, the Australian Cyber Security Centre (ACSC) recently published an advisory (Advisory 2020-008: Copy-paste compromises) giving the MITRE Tactics, Techniques and Procedures (TTPs) used against multiple Australian organisations seen in recent campaigns by a sophisticated threat actor.
The title “Copy-paste compromises” is derived from the actor’s heavy use of tools copied almost identically from open source. One of the ACSC recommendation is that:
“It is imperative that Australian organisations are alert to this threat and take steps to enhance the resilience of their networks.”
And while the Advisory also recommends the following:
- Prompt patching of internet-facing software, operating systems and devices
- Use of multi-factor authentication across all remote access services
- Implementing the remainder of the ASD Essential Eight
While the above is all really good advice and should most certainly be followed, if a CEO or the Board were to ask the CISO or Head of Cyber: “Is our organisation now secure and not susceptible to the TTPs in the Advisory”, the CISO would be hard pressed to provide evidence to support any affirmative statement that he might make unless he’d tested all of the organisations Security Controls including the response of the Security Operations Centre.
The most cost-effective way to perform this type of testing of Security Control on an ongoing basis is to make use of a Breach and Attack Simulation (BAS) platform which will not only test the specific IoC’s associated with this Advisory but is also able to look at similar TTPs. Each time a new advisory is issued it is a simple exercise to add them to the BAS platform and prioritise what mitigating steps need to be taken to which Security Controls and then generate a report clearly demonstrating the organisation’s resilience to these Threat Actors.
Join Elasticito on the 30th July for a Webinar where we will be demonstrating exactly how to perform this task with the TTPs contained in the ACSC Advisory 2020-008.
Click here to register: https://bit.ly/2YKRXfX