The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC), with its state and territory partners, is continuing to respond to the widespread malware campaign known as Emotet while responding to reports that hackers are exploiting the BlueKeep vulnerability to mine cryptocurrency.
The Cyber Incident Management Arrangements (CIMA) remain activated, however the alert level has been downgraded to Level 4 – ‘Lean Forward’.
Head of the ACSC, Rachel Noble PSM said, “CIMA Level 4 signifies a precautionary approach through increasing monitoring, analysis, and strategic coordination and engagement at the national level.”
The ACSC announced the activation of Australia’s CIMAto Level 3 – ‘Alert’ on 25 October 2019, in response to the widespread exploitation of vulnerable systems by the Emotet malware. The threat posed by this malicious software required immediate action at the national level to ensure Australian organisations, from critical infrastructure providers to small businesses, receive mitigation advice to protect their networks.
“There are two concerning cyber security threats in the wild. While we have seen a drop in the number of Emotet infections in the last week, people and businesses should remain vigilant. We are also concerned about reports cybercriminals are exploiting the BlueKeep vulnerability to access computers and control them without the users’ knowledge,” Ms Noble said.
“While you are watching your TV or eating dinner with your family, a cybercriminal can use your computer to mine and profit from untraceable digital currency, and you may never know that this has occurred.”
“The unfortunate truth is that once a cybercriminal can access your computer, they can control your computer. If they find valuable data, like your personal information and photos, they can steal it.”
In September 2019, the ACSC issued a warning about the release of a working exploit for the vulnerability known as BlueKeep, and urged Australians to patch older versions of Windows systems.
Known as CVE-2019-0708, the BlueKeep vulnerability affects older versions of Windows operating systems including the Windows Vista, Windows 7, Windows XP, Server 2003 and Server 2008.