Saturday, October 5, 2019

Report on Breech of Australian National University Systems

The Australian National University has released a 20 page "Incident Report on the Breech of the Australian National University's Administrative Systems". The supporting materials may also be of interest.

Contents of the report

  • Vice-Chancellor’s Foreword
  • Executive summary
  • Detailed timeline of the data breach
    • Figure 1: Simplified overview of actor   
    • Figure 2: Attack timeline
  • Post notification events 
  • Malware and tradecraft analysis
  • Lessons from the attack and follow-up actions
    • Personally identifiable information
    • Phishing awareness
    • Table One: Issues and Remediation
  • Appendix
    • Appendix A: “invitation” phishing email    
    • Appendix B: “meeting” phishing email    
    • Appendix C: “planning” phishing email   
From the Executive Summary:
"In early November 2018, a sophisticated actor gained unauthorised access to the ANU network. This attack resulted in the breach of part of the network known as the Enterprise Systems Domain (ESD), which houses our human resources, financial management, student administration and enterprise e-forms systems.

By gaining access to ESD, the actor was able to copy and steal an unknown quantity of data contained in the above systems. There is some evidence to suggest the same actor attempted to regain access to ESD during February 2019, but this second attack was ultimately unsuccessful. ...

Technical gaps aside, ANU ultimately views this breach and cybersecurity more broadly as an organisational issue, one which requires a change to the University’s security culture to adequately mitigate. It is through this lens we will undertake the next phase of our cybersecurity work – a strategic information security program. This program encompasses the modernisation of IT and security infrastructure and, more importantly, an emphasis on culture and security awareness among students, staff and researchers; and the protection of the data they entrust to ANU.

The investigation following the breach, which contributed to the contents of this report, was conducted in close cooperation with Australian Government security agencies and Northrop Grumman. ANU is grateful for their continued support."

No comments:

Post a Comment