[Note: This item comes from friend Gary Rimar. DLH]
Block adverts, delete Flash, kill Java: ASD
The Australian Signals Directorate’s award-winning Top Four cyber threat mitigation strategy has become the Essential Eight. They’re based on data, they’re essential, and they’ll upset vendors.
By Stilgherrian for The Full Tilt
Feb 5 2017
When the Australian Signals Directorate (ASD) released its Top Four Strategies to Mitigate Targeted Cyber Intrusions in 2011, it was revolutionary, because it cut to the chase. Do these four things first, before anything else, and you’ll repel 85 percent of targeted intrusions.
On Monday, the ASD released the new improved version. It’s now the Essential Eight, and the advice is just as blunt.
“The eight mitigation strategies with an ‘essential’ effectiveness rating are so effective at mitigating targeted cyber intrusions and ransomware, that ASD considers them to be the cyber security baseline for all organisations,” the ASD writes.
“Any organisation that has been compromised despite properly implementing these mitigation strategies is encouraged to notify ASD.”
The Top Four was intended to defend against targeted intrusions, including those executed by advanced persistent threats such as foreign intelligence services. That list remains the same, although the order has changed.
The Essential Eight expands the defences to cover “ransomware and external adversaries with destructive intent, malicious insiders, ‘business email compromise’, and industrial control systems”.
The Essential Eight is divided into two sections. The first two items in each section were part of the original Top Four.
To prevent malware running:
• Implement application whitelisting, so only selected software applications can run.
• Make sure all applications are kept patched.
• Disable untrusted Microsoft Office macros, because they’re increasingly being used to enable the download of malware.
• Harden users’ applications by blocking web browser access to: Adobe Flash player, uninstalling it if possible; web advertisements; and untrusted Java code.
Microsoft Office macros have been singled out to reflect the prevalence of malicious macros. The ASD has seen their advice “mitigate attempts to compromise Australian organisations by adversaries working for a foreign intelligence service,” ASD writes.
“The list of applications has been reordered since Flash, web browsers, and Microsoft Office are exploited more than Java and PDF viewers …
“Some organisations might choose to support selected websites that rely on ads for revenue by enabling just their ads and potentially risking compromise.”