Recently CMEIG communicated to members following an approach by ASIO and the Australian Cyber Security Network on cyber based threats directly targeting our industry. This prompted the example, provided below, as to one member’s actions to counter cybersecurity threats over the past year:

CMEIG Member examples:

Example 1:

Last year we were contacted by the Australian Cyber Security Centre (ACSC) as a result of their surveillance, which detected traffic from a known “state sponsored” hacking IP address to one of our web servers. The following is a brief summary of that incident:

  • October 2020 we were contacted by the ACSC advising that they had detected traffic from a known state-based threat actor to our IP addresses
  • The ACSC could not advise the nature of the traffic however they rated the threat level as high
  • The ACSC provided a scanning tool to scan for known signatures that this threat actor uses on any file that they deploy or modify

Our response:

  • We conducted an initial assessment of firewall and server logs and confirmed traffic from the malicious IP
  • We immediately blocked all traffic from the malicious IP’s reported by the ACSC
  • We deployed all actions recommended by ACSC
  • We retained a leading cyber security consultancy to do a complete forensic analysis of all of our external web servers and firewall logs
  • No intrusion was detected
  • The results of the investigation have shown that the traffic originated from a well-known Australian mining industry body website and was most likely a reconnaissance exercise.
  • The ACSC advised that the hackers will likely also employ the following methods:
    • Targeted emails with links to credential harvesting websites
    • Targeted emails with links to malicious files, or with the malicious file directly attached
    • Links prompting users to grant Office365 OAuth tokens to the actor
  • Use of email tracking services to identify the email opening and lure click-through events
  • Although we were already using a leading AI based SaaS email security tool, we launched a further round of employee cybersecurity training to help address phishing attack risk.
  • To further understand employee behaviour, we send phishing emails to our employees and track how they interact with the email. This is enabling us to provide further training and guidance to those people that click on a malicious link or attachment.
  • We continue to constantly monitor for any further activity.

Recently we moved to a new detect and response system further enhancing our ability to prevent a breach.

Example 2:

Another member advised:

“Our company did a phishing exercise and sent 249 employees a fake email to log on and enter their credentials. Unfortunately, 20 people clicked on the link and then realised it was a fake, but four of them continued and entered their credentials. If this had been a genuine threat, four people just exposed our company to threat!”

Example 3:

Also experienced:

  • Fake customer requests for machine price and specifications
  • A legitimate Australian business used as a front for the fake enquiry
  • Emails where that email address redirects the response elsewhere – a test response (not recommended) confirmed that it was an overseas organisation fishing for information

These threats are real. Please ensure that you review and activate your cybersecurity plan.