The Australian Signals Directorate’s (ASD) Australian Cyber Security Centre (ACSC) unveiled a crucial guide that enhances the security framework of public sector organisations by addressing vulnerabilities in edge devices. “Mitigation Strategies for Edge Devices: Practitioner and Executive Guidance” has a lot of useful tips, frameworks, and controls that keep networks safe from threats that aim at these important access points. This initiative directly addresses the significant rise in cyber incidents related to edge devices within Australia’s public sector.
Recent research uncovered that more than 212,000 of the 17.9 million devices accessible on the public internet qualify as edge devices, highlighting the significant extent of potential exposure. Malicious actors swiftly exploit recently identified vulnerabilities in these devices, using them as entry points to infiltrate internal networks, disrupt operations, and extract sensitive data. Australia takes significant steps to bolster cyber security as part of its Digital Government Strategy, focusing on safeguarding the integrity, availability, and confidentiality of public sector data and systems.
Escalating edge threats
Malicious actors increasingly target edge devices, which act as crucial intermediaries between the internet and internal corporate networks. These essential devices, including VPN concentrators, firewalls, and business routers, play a crucial role in managing data traffic and enforcing security standards. Fraudsters continue to target their online presence. ACSC frequently notes compromises involving edge devices. ASD’s recent research initiative revealed that, over a two-month span, 17.9 million devices accessed the public internet in Australia, with 212,000 identified as edge devices.
The findings highlight the critical need for strong cybersecurity measures. Recent vulnerabilities expose edge devices to exploitation because they connect directly to external networks. The “Cutting Edge” advertisement effectively highlights this danger and airs from December 2023 to February 2024. Malicious actors exploited zero-day vulnerabilities in Ivanti Connect Secure VPN devices, unlawfully accessing critical systems and spreading malware across significant sectors.
“Malicious actors rapidly exploit newly discovered vulnerabilities in edge devices, leveraging them as entry points into organisational networks,” the Australian Cyber Security Centre warned. “Proactive measures are essential to mitigate these risks and protect critical infrastructure.”
Essential edge strategies
The ACSC released a detailed guide that presents thorough strategies to protect edge devices and ensure compliance with national and international cybersecurity standards. These strategies address prevalent vulnerabilities and enhance the overall security framework of an organisation. These strategies significantly decrease the risk of unauthorised access, enhance incident detection capabilities, and reinforce resilience against advanced cyber threats.
- Know the edge: Organisations must recognise and assess all edge devices present in their networks. Identifying a misconfigured firewall that exposes unnecessary services helps prevent unauthorised access.
- Procure secure-by-design devices: Pick hardware from suppliers who prioritise security throughout the entire product lifecycle. Organisations mitigate supply chain risks by opting for devices certified under the JC-STAR or CC standards.
- Apply hardening guidance, updates, and patches:: Consistently apply strengthening practices tailored to specific vendors and promptly implement patches as needed. Failing to implement updates exposes devices to risks, as seen in the swift exploitation of unpatched Ivanti VPN appliances.
- Implement strong authentication: Utilise multi-factor authentication (MFA) to protect against credential theft. Phishing-resistant MFA effectively prevents attackers from exploiting weak passwords.
- Disable unneeded features and ports: Turn off unnecessary services to minimise the potential for exploitation. Turning off remote management ports that are not in use prevents unauthorised access.
- Secure management interfaces: Limiting internet access to management interfaces reduces potential vulnerabilities. Organisations can establish exclusive access controls to protect these essential touchpoints.
- Centralised monitoring for threat detection: Establish a unified system for logging and monitoring to quickly identify and tackle any suspicious activities. Backing up event logs and implementing data redundancy enhance incident response efforts.
The plans that have been made are in line with frameworks such as the ASD’s Information Security Manual (ISM), the Essential Eight Maturity Model (E8MM), and international standards from CISA, CCCS, NCSC-UK, and METI-JP. Implementing these controls allows organisations to effectively address current threats and prepare for upcoming cybersecurity challenges.
Check out: “Enhancing operational technology cybersecurity resilience”
Cyber breach insights
A sophisticated cyber operation, referred to as the Cutting Edge campaign, exploited zero-day vulnerabilities in Ivanti Connect Secure VPN devices, impacting critical sectors from December 2023 to February 2024. The perpetrators employed sophisticated methods, including specialised malware and evasion of security measures, to infiltrate network security. Attackers started the attack by taking advantage of vulnerabilities CVE-2023-46805 and CVE-2024-21887, which let them get around authentication and run any commands they wanted.
CVE-2024-218 represents a new vulnerability that circumvents the existing defences established against the initial exploit. The perpetrators infiltrated the system to ensure ongoing access and avoid detection, altering genuine files within the VPN infrastructure. The significant retrieval of sensitive configuration data and passwords facilitated lateral movement throughout internal systems.
An adversary modified JavaScript files to capture login credentials, subsequently utilising these credentials to gain access to additional computers through remote services such as SSH, SMB, and RDP. In a calculated move, they disabled recording functions and altered file timestamps to obscure their actions from conventional monitoring systems. This initiative highlights the essential need for rapid updates, strong authentication methods, and comprehensive oversight to identify and address these evolving challenges.
Securing digital Australia
As Australia advances in its digital transformation efforts, securing edge devices plays a crucial role in protecting the country’s digital governance and maintaining public trust. 89% of government agencies are embracing cloud storage, AI-driven data analytics, and generative AI technologies. Edge devices serve as a frontline defence for networks managing sensitive citizen data, critical infrastructure, and vital digital services.
The ACSC’s detailed guide supports the goals of the 2023–2030 Australian Cyber Security Strategy by addressing vulnerabilities that could threaten the integrity of Australia’s digital ecosystems. The guide highlights the need to secure edge devices, which greatly enhances data governance and network security, particularly in hybrid cloud environments where data moves between on-premises systems and cloud storage.
By adopting strong protective strategies, organisations can achieve compliance with privacy laws, thwart unauthorised entry, and safeguard critical data from extraction. Centralised logging and AI-driven monitoring enhance real-time threat detection, which is essential in the ever-evolving, interconnected digital landscape that underlies government operations. The guide enhances Australia’s status as a frontrunner in cybersecurity innovation by aligning with global frameworks such as ASD’s Essential Eight and CISA’s Cybersecurity Performance Goals.
ACSC launched an extensive guide that significantly advances Australia’s cybersecurity measures, particularly for edge devices that serve as essential access points to public sector networks. This directive emphasises the importance of proactive security measures. Conduct thorough audits of edge devices, embrace secure-by-design procurement practices, ensure regular updates and patches, and establish robust authentication protocols.
Turn off non-essential features, secure management interfaces, and consolidate monitoring activities to quickly identify and address threats. The ACSC continuously enhances its guidance to tackle new threats and advancements in technology as we move forward. Australia’s public sector can maintain its leadership in digital governance and uphold strong cybersecurity measures by staying aware and proactive.