Report 28

Malware in the WA State Government

Key findings

  • We observed malware related communication on all networks we tested. This included attempted attacks by malicious web pages, downloads of malware files and active malware communicating out to the internet. These attacks appeared to originate from 18 different countries, including Australia, though we do not know where the attackers themselves were based. The high volume of attacks shows a committed threat that is working to defeat security controls and a need for agencies to understand the threats and fix any gaps in their security controls.

Read more – Agencies are under constant threat

  • Two agencies had signs of persistent malware infections that had bypassed their security controls. One agency had a single infection that was active for most of the 12 day sample period. Another agency had in excess of 5 infections active for approximately 2 days, with at least 1 computer reinfected during the assessment period. These active infections placed the agency networks, systems and data at risk.

Read more – Agencies cannot rely on a single layer of security to prevent malware infections

  • IT control failures are still common. Our testing revealed all agencies had some control failures, or missing controls. Common issues were around missing security patches and outdated operating systems. We also noted problems with management of anti-virus software, assignment of access rights, and network design. These ineffective or missing controls place agencies at risk of malware infections and breaches. While some performed well, there is still a need for ongoing assessment of risks and improvement of controls.

Read more – Control failures are still common, leaving agencies vulnerable

  • People are essential for strong defence. Agencies cannot rely solely on automated tools, as these tools can only deal with known threats. Skilled professionals are required to monitor the IT environment and identify issues proactively. All of the agencies we visited had IT staff working in information security roles. Some were fortunate to have more than 1, however most represent a single point of reliance, and failure. Agencies must assess their security skills requirements, ensuring their IT teams have the resources needed to secure the network.
  • Most agencies did not provide adequate awareness training for their staff. Many of the malware attacks that we observed required some level of interaction from a staff member (user). Attackers will try to trick an innocent user into clicking links, downloading files or entering their login details. Diligent and security conscious staff are key to preventing and detecting these malware threats.

Read more – People are essential for strong defence

  • The WA Government lacks a coordinated approach to cyberthreats, including malware. At the time of our audit, there was no whole-of-government security policy or framework providing guidance to agencies on how to implement a successful security program. Agencies are also not required to report malware incidents to a central agency. As a result, no single body was able to provide us with an overview of the size or nature of the malware threat faced by agencies.
    • Without central guidance and support, agencies work in isolation. There are few formal avenues for collaboration, support, and resource sharing. Increased cooperation and sharing can reduce costs to agencies through economies of scale.
    • A whole-of-government view of cyberthreats allows for properly informed and more efficient security programs. Other jurisdictions with better central coordination have a more mature approach to security. Infections and breaches are found and remediated more quickly[1].

Read more – Western Australia lacks a coordinated approach to cybersecurity

[1] https://www2.fireeye.com/m-trends-2016-asia-pacific.html

Page last updated: December 7, 2016

Back to Top