{"id":848,"date":"2021-02-15T11:37:00","date_gmt":"2021-02-15T11:37:00","guid":{"rendered":"https:\/\/dev.cryptoloc.au\/?p=848"},"modified":"2023-10-03T06:22:34","modified_gmt":"2023-10-03T06:22:34","slug":"hacks-in-history-what-businesses-can-learn-from-the-anu-cyber-attack","status":"publish","type":"post","link":"https:\/\/127.0.0.1\/hacks-in-history-what-businesses-can-learn-from-the-anu-cyber-attack\/","title":{"rendered":"Hacks in history: What businesses can learn from the ANU cyber attack"},"content":{"rendered":"\n<p><strong>In a cyber attack so sophisticated that it shocked even the most experienced Australian experts, hackers gained access to the computer system of the Australian National University (ANU) in 2018. Here\u2019s what the attack can teach us about how we can protect ourselves today.<\/strong><\/p>\n\n\n\n<p>According to&nbsp;<a href=\"https:\/\/imagedepot.anu.edu.au\/scapa\/Website\/SCAPA190209_Public_report_web_2.pdf\" target=\"_blank\" rel=\"noreferrer noopener\">a public incident report released by the University in 2019<\/a>, hackers spent weeks quietly trawling through data stored in ANU\u2019s system. It was months before anyone at the institution even realised there had been a breach.<\/p>\n\n\n\n<p>The report traces the hack back to an email sent by a senior ANU staff member in November 2018. The email was previewed, but never clicked on, by another staff member who had access to their colleague\u2019s account.<\/p>\n\n\n\n<p>Although the email was swiftly deleted, the hackers had already gained access to the senior staff member\u2019s username, password and calendar. From there, they were able to access and compromise the ANU computer network.<\/p>\n\n\n\n<p>Despite a forensic investigation, the full extent of the attack and the motivation behind it is still unknown, because the hackers were so meticulous in clearing their tracks. However, investigators say names, addresses, phone numbers, dates of birth, payroll information, tax file numbers, bank account details and student academic records were stolen.<\/p>\n\n\n\n<p>Cyber security expert Mark McPherson, a member of Cryptoloc\u2019s advisory board, says the breach of ANU\u2019s administrative systems appears to have been accomplished by determined hackers. He says they acted systematically, and with a sophistication of forethought indicating they were:<\/p>\n\n\n\n<ul>\n<li>Working to a plan \u2013 Spear-phishing for maximum yield and targeting specific systems.<\/li>\n\n\n\n<li>Disciplined and patient \u2013 Establishing a foothold and erasing evidence of the attack tools used.<\/li>\n\n\n\n<li>Varying and escalating their attack sophistication to overcome each new barrier.<\/li>\n<\/ul>\n\n\n\n<p>McPherson has worked with governments and organisations internationally to improve their security, including universities and financial institutions. He became involved with Cryptoloc after realising the company\u2019s encryption technology would help to ensure data privacy for individuals and organisations worldwide.<\/p>\n\n\n\n<p>Based on the public incident report, McPherson says that the success of the ANU attack hinged on human vulnerabilities as well as technical vulnerabilities.<\/p>\n\n\n\n<p>McPherson says cyber attacks on institutions like ANU often exploit the trust that exists between colleagues \u2013 as in this case, where another staff member had access to their colleague\u2019s account and previewed the malicious email.<\/p>\n\n\n\n<p>\u201cDue to the collegial nature of educational institutions, internal cyber security is often necessarily soft-centred with a hard shell protecting the perimeter,\u201d he says.<\/p>\n\n\n\n<p>\u201cIt is possible that part of the success attackers enjoy in these environments relies on exploiting the model of internal trust between colleagues and the systems they use to communicate and store their data.<\/p>\n\n\n\n<p>\u201cHowever, the major impact of data theft may have been reduced \u2013 or possibly even eliminated entirely \u2013 if a Cryptoloc-based solution was protecting the data that was targeted.\u201d<\/p>\n\n\n\n<p>That\u2019s because the primary focus of a Cryptoloc-based solution is to secure valuable data against unauthorised access. It accomplishes this by requiring an exchange of digital keys between an authorised user and the data storage system prior to releasing the contents of a data file.<\/p>\n\n\n\n<p>McPherson says this exchange can only work if the user possesses not only the correct login name and password, but also has access to their part of the digital key needed to access each specific data file.<\/p>\n\n\n\n<p>\u201cIn any normal multi-user environment, systems administrators \u2013 also known as super users \u2013 have unlimited access to all the data files stored on that system,\u201d he says.<\/p>\n\n\n\n<p>\u201cBut the data in files stored using a Cryptoloc-based solution remain encrypted and inaccessible, even to systems administrators. A systems administrator can move, copy and delete any file on a system they control, but they cannot read the contents of a Cryptoloc-encrypted data file without the correct digital key for that specific file.<\/p>\n\n\n\n<p>\u201cIn a Cryptoloc-based solution, the complete digital key is not stored on the same system as the data file itself. The file can only be unlocked \u2013 decrypted \u2013 for reading using the complete key, which can only be assembled by the deliberate action of an authorised user who brings their part of the digital key along with them at the time of access.\u201d<\/p>\n\n\n\n<p>McPherson says that if ANU had taken these sorts of precautions, their data may not have been vulnerable to hackers \u2013 assuming they didn\u2019t commit another basic human error.<\/p>\n\n\n\n<p>\u201cHad ANU protected their important or sensitive data with a Cryptoloc-based solution, they may not have lost control of any files securely encrypted on their servers,\u201d he says.<\/p>\n\n\n\n<p>\u201cThis, of course, presupposes that unencrypted copies of important files were not otherwise also stored elsewhere on their systems.\u201d<\/p>\n\n\n\n<p>When it comes to cybersecurity, humans are the weakest link \u2013 and no matter how secure your software is, every member of your organisation should be on their guard to reduce the risk of a cyber attack.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>In a cyber attack so sophisticated that it shocked even the most experienced Australian experts, hackers gained access to the computer system of the Australian National University (ANU) in 2018. Here\u2019s what the attack can teach us about how we can protect ourselves today. According to&nbsp;a public incident report released by the University in 2019, [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":1115,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"_links":{"self":[{"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/848"}],"collection":[{"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/comments?post=848"}],"version-history":[{"count":1,"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/848\/revisions"}],"predecessor-version":[{"id":849,"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/posts\/848\/revisions\/849"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/media\/1115"}],"wp:attachment":[{"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/media?parent=848"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/categories?post=848"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/127.0.0.1\/wp-json\/wp\/v2\/tags?post=848"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}