Scam email tries to exploit Microsoft platform used by schools in bid coinciding with prime minister’s warning of wider cyber-attack
It is not known whether the hacker attack on New South Wales school online accounts is linked to the
cyber-attack prime minister Scott Morrison outlined on Friday. Photograph: Dominic Lipinski/PA
New South Wales school online accounts were under attack from hackers on the same day the prime minister warned that businesses and government were being targeted by a state-based cyber actor.
Guardian Australia was informed on Friday that the Microsoft Sharepoint platform used by NSW schools was being exploited as part of a phishing campaign.
An email, seen by the Guardian, told users that a document had been shared with them through Microsoft OneNote, a collaborative note-taking app. Once they clicked on a link, it directed them to a login page on the NSW Schools Sharepoint, another collaborative platform.
The email, however, was a scam: a well-known phishing attempt that tries to collect user logins and passwords from people through exploiting the trust users have in Sharepoint. It is a type of attack the Australian Cyber Security Centre warned in its Friday advisory following Scott Morrison’s announcement. It is not certain whether the attack was related to the campaign he outlined. The link was removed after Guardian Australia approached the NSW Department of Education for comment.
A department spokeswoman said users were being educated in how to spot these kinds of phishing emails. “When phishing is detected, the NSW Department of Education puts steps in place to control the impact and protect accounts and systems,” she said. “User awareness and education are ongoing activities at the Department of Education to reduce the likelihood of phishing being successful.”
The advisory released on Friday pointed to a number of known vulnerabilities in Sharepoint, Microsoft Internet Information Services and Citrix which can be exploited if government agencies and businesses have not patched their software.
Experts said the methods reported by the government on Friday were methods that could be prevented with appropriate cyber security measures in place but embarrassing for government agencies and businesses that fail to take cyber security seriously.
“[The state actor campaign] doesn’t look very sophisticated,” UNSW professor of cybersecurity Richard Buckland said. “It’s well-resourced in a large scale but I haven’t seen anything yet that’s super secret or super sinister. They’re using known techniques against known vulnerabilities and following known processes.” You've read 8 articles ... ... in the last six months, so we hope you will consider supporting our independent journalism today. More people, like you, are reading and supporting the Guardian’s independent, investigative journalism than ever before. Unlike many news organisations, we made the choice to keep our reporting open for all, regardless of where they live or what they can afford to pay. The Guardian will engage with the most critical issues of our time – from the escalating climate catastrophe to widespread inequality to the influence of big tech on our lives. At a time when factual information is a necessity, we believe that each of us, around the world, deserves access to accurate reporting with integrity at its heart. Our editorial independence means we set our own agenda and voice our own opinions. Guardian journalism is free from commercial and political bias and not influenced by billionaire owners or shareholders. This means we can give a voice to those less heard, explore where others turn away, and rigorously challenge those in power. With your support we can keep delivering quality journalism that’s open and independent. Every reader contribution, however big or small, is so valuable. Support the Guardian from as little as $1 – and it only takes a minute. Thank you.