Have a Cptn Cook: VXers learn 'Strayan to plunder Down Under

WAHckon Strewth! Australian organisations are gunna be shirt-fronted by malware that includes colourful local language^*.

Security researcher Raymond Schippers says VXers are writing attacks that reference Australian issues such as taxation and local news, use Australian slang and employ IP geolocation to avoid targeting users beyond the Wide Brown Land.

One example is a recent attack campaign targeting Quickbooks, a popular business accountancy application in Australia.

“Criminals are specifically targeting Australia and we’d expect that activity to increase,” Schippers (@rayschippers) The Register at the WAHckon security confab in Perth Saturday.

“We had seen some activity targeting Australia before but not near this scale”.

The Perth-based incident response boffin offered some advice for how security types can better lock down their networks against attackers.

He took delegates through a red and blue team simulation he ran in a laboratory setting using two Windows 10 boxes running sysmon with networking, packetbeat, and nxlog, and an an offensive system sporting powershell empire on Kali Linux.

Schippers says businesses could stymie many opportunities for lateral movement using Windows Remote Management – a feature enabled by default – by enabling host-based firewalls with customised rules and preventing local administrative credentials from working across entire internal networks.

“Please please stop local admin, change the password even if it’s to something stupid,” he told delegates. “And please segment and monitor what’s inside your network.” ®

^* Translations:

• Capt. Cook = "look"
• Ratbag = "persons of ill repute"
• Dinky-di = "genuine"
• Struth = "gosh"