The Australian government had noticed an increase in the number of attacks in internet public facing assets using the Telerik UI, Microsoft IIS and SharePoint and Citrix. They are referred to as “copy-paste comprises” as the tools used to exploit these vulnerabilities can almost be “copy” and “pasted” from the internet by the attacker and used quite expeditiously.
Moving forward, we are all encouraged to follow the Australian Cyber Security Centre’s Essential Eight. These summarised mitigation strategies are guidelines that organisations can use to enhance their security posture:
To Prevent Malware Delivery and Execution
- Application control to prevent execution of unapproved/malicious programs.
- Patch applications e.g. Flash, web browsers, Microsoft Office, Java and PDF viewers. Patch/mitigate computers with ‘extreme risk’ vulnerabilities within 48 hours. Use the latest version of applications.
- Configure Microsoft Office macro settings to block macros.
- User application hardening.
To Limit the Extent of Cyber Security Incidents
- Restrict administrative privileges
- Path operating systems
- Use Multi-factor authentication
To Recover Data and System Availability
- Daily backups
More information can be found here: https://www.cyber.gov.au/acsc/view-all-content/essential-eight/essential-eight-explained