Strengthening Cyber Security for Remote Workers: Lessons from APT40’s Tactics
The Australian Cyber Security Centre (ACSC) has recently released an advisory on the expanding tactics of APT40, a state-sponsored cyber group from China. The threat APT40 poses to Australian networks underscores the importance of robust cyber security measures, particularly for remote workers using their own devices.
Understanding the Threat
APT40 is known for conducting regular reconnaissance against networks of interest in Australia, looking for opportunities to compromise its targets. The group leverages compromised devices, including small-office/home-office devices, to launch attacks that blend in with legitimate traffic, making it challenging for network defenders to identify malicious activity.
The advisory highlights that APT40 has found success exploiting vulnerabilities in end-of-life or poorly maintained devices. Remote users, often using their own equipment, have been a significant vector for these attacks. This emphasises the critical need for thoughtful security measures and regular updates on all devices accessing corporate networks.
Key Takeaways for Businesses
1. Train and Support Remote Workers
Remote workers must apply the same strict security measures to their home devices as you would to office equipment. This includes regularly updating operating systems and software, applying patches, and using reputable antivirus programs. Organisations should train staff to take responsibility and care when using their own gear remotely, providing clear guidelines and support to ensure they understand and can implement these measures.
2. Adopt the Essential Eight Security Framework
We strongly endorse the adoption of the Essential Eight security framework. The Essential Eight framework works as a great foundation for a robust cybersecurity defense and benefits from being broadly accessible. This framework is designed to help organisations protect their systems against a range of cyber threats. The Essential Eight includes controls such as:
- Application control
- Patch applications regularly
- Patch operating systems regularly, too
- Configure Microsoft Office macro settings
- User application hardening
- Restrict administrative privileges
- Multi-factor authentication
- Regular backups
By implementing these strategies, businesses can significantly reduce their vulnerability to cyber-attacks. Ensuring all devices, including those used by remote workers, are updated and patched is a crucial part of this framework. For a more in-depth word from us on the ins and outs of the Essential Eight click here.
Conclusion
The threat posed by APT40 underscores the importance of robust cyber security measures, particularly in the context of remote work. By training remote workers to take responsibility for their devices and adopting the Essential Eight framework, businesses can protect themselves against sophisticated cyber threats.
At The Virtual IT Department, we are committed to helping you navigate the complexities of cyber security. Contact us for more information on implementing the Essential Eight and other critical security measures to safeguard your business against cyber threats.