Centrify has warned that the privileged password practice which allowed the comprehensive “Alf” software hack of an Australian defence contractor is disturbingly widespread.Cybersecurity leader
Earlier this week, the Australian Cyber Security Centre (ACSC) revealed details of a data breach in which 30 gigabytes of sensitive information was stolen between July and November last year from 50-person aerospace engineering firm that subcontracts to the Department of Defence. The Australian Signals Directorate (ASD) codenamed the attacker Alf, after a character in the long-running Australian TV soap opera Home and Away.
Subsequent reports state the hacker stole sensitive data including restricted technical information on the F-35 Joint Strike Fighter, the P-8 Poseidon maritime patrol aircraft, the C-130 transport aircraft, the Joint Direct Attack Munition (JDAM) smart bomb kit, and Australian naval vessels.
The hacked defence subcontractor had all IT-related functions managed by just one person, who had been in the role for only nine months. While initial access came from exploiting a 12-month-old vulnerability in the company’s IT Helpdesk Portal, the hacker used a common Local Administrator account password with access to all servers for lateral movement within the network. This provided access to email and other sensitive data.
Centrify Senior Director APAC Sales Niall King said the practice of allowing privileged administrator accounts to have extensive network access was disturbingly widespread. “Verizon recently reported that 80 per cent of breaches are due to compromised credentials,” he said.
Adrian and his partner, who live at Glenlyon in central Victoria, have used their ZCell batteries to maintain a “city lifestyle” in the country, without having to “calorie count” their daily energy use.
The self-declared “tree changer” couple, who own energy efficient appliances and insulated the cottage's roof, have plenty of solar-generated energy to power their home, including multiple computers and professional musical amplifiers that Adrian requires for his sound engineering work.
Although the cottage had existing photovoltaic solar panels and a lead-acid battery when they moved in, Adrian and his partner decided to upgrade both the solar panels and the battery to make the property truly grid-independent without heavy use of a diesel backup generator. Redflow’s 10 kilowatt-hour (kWh) zinc-bromine flow batteries, which the solar panels can fully charge in just four hours on a sunny day, deliver clean power that does not interfere with Adrian’s elaborate musical equipment.
Adrian said the energy storage system had cost $56,000 – about one quarter of the $200,000 cost of connecting mains power to the property. “It means we never receive another power bill,” he said.
Centrify, the leader in securing hybrid enterprises through the power of identity services, has released research which reveals that nearly 70 per cent of Australian IT professionals lack confidence in the ability of their organisations to prevent, detect and resolve data breaches.
As concerns grow globally about a cybersecurity skills shortage, Centrify-commissioned Ponemon research from Australia, the US, the UK and Germany, shows that 68 per cent of surveyed Australian IT professionals report they do not believe their companies have a high level of ability to prevent breaches.
The study reveals that 40 per cent of Australian IT practitioners report their organisation had suffered a data breach involving sensitive customer or business information in the past two years. That translates to a serious breach exposing extensive confidential data in two in every five organisations.
A recent report by the Australian Cyber Security Growth Network predicts that Australia will need an extra 11,000 cybersecurity employees to keep pace with increasing threats. While this warning aligns with growing concern about a global shortage of qualified cybersecurity professionals, most of those surveyed in Australia (62 per cent) admit they fear losing their jobs if a data breach does occur.
Centrify Senior Director APAC Sales Niall King, who is responsible for Australia and New Zealand, said every type of organisation needed qualified cybersecurity staff with the skills and experience to mitigate against growing threats. “With a shortage of candidates, cybersecurity technology must take up the slack,” he said.