Australian Cyber Security Agency Catches Chinese Hack Targeting small and medium-sized business sect
“We are lucky it was not worse.” - Alistair MacGibbon.
Investigators have released details published by the Australian Financial Review’s Andrew Tillet, saying they’ve “uncovered global efforts by suspected Chinese criminals to hack into web-hosting servers relied upon by hundreds of thousands of small businesses for financial gain.”
According to those investigators quoted by Tiillet’s reporting, it’s the “first time the SME (small-medium enterprise) sector has been targeted in such a way.”
The Australian Cyber Security Centre has found that eight Australian-based web hosting providers, as well as several other western nations were targeted with a hack with “a high degree of sophistication”, looking to compromise the network of companies hosting websites and email services for a number of small businesses.
“That’s a wake-up call to web-hosting companies providing contracted services for small businesses to improve their security posture.”
Alistair MacGibbon, head of Australian Cyber Security Centre called the attacks a “near miss”, that could have “potentially allowed them to seize control of a computer’s systems and files, including sensitive personal data”, according to the AFR.
Operation Manic Menagerie’s findings are accessible here, and as you can tell from the figure below, it took just seventy-minutes to identify a vulnerability, upload a web shell and conduct the privilege escalation phases of their campaign. Investigators have ruled out a nation state being responsible for the attack, instead blaming rogue criminal groups.
“Here we are looking at a criminal group that could harm hundreds of thousands of businesses nationally and globally.” MacGibbon said.
“I would call this a near miss. If a criminal has done this [and obtained this kind of access] they had an opportunity to do a whole range of badness.”
In closing, MacGibbon says this latest attack to be uncovered sets a dangerous precedent for companies doing business in our connected digital landscape. “This is the first we’ve known of this kind of compromise of web-hosting companies.”
The findings of Operation Manic Menagerie also sets out a list of recommendations and mitigation strategies for hosting providers, and their customers which you can access here.
One of the suggestions reads: “As best practice, the. ACSC recommends that customers regularly change their password and ensure it is of an appropriate[sic] complexity.”