Demystify Cyber Project: Guest Post - Laura Jiew and Sean McIntyre from AusCERT

Thank you to AusCERT's Laura Jiew and Sean McIntyre for writing a guest post for the Demystify Cyber project. Cybercrime fighting is truly a team sport, and I am thrilled to have this contribution from AusCERT for the blog. The team at AusCERT have always been extremely supportive of me both professionally and with my personal projects. and volunteer work, and they are passionae about supporting the community and Nation to stand strong against cybercrime. I recommend their blog for up to date cybersecutity information, you can get to it from this link: https://www.auscert.org.au/resources/blogs/.

............

Ninety nine problems but a vuln ain't one

If you’re having cyber problems, I feel bad for your SOC

I got ninety nine problems but a vuln ain't one, hit us!

Okay, cheesy (revised) lyrics aside, I caught up with my colleague Sean McIntyre - Information Security Analyst at AusCERT - to discuss our shared thoughts on the common misconception that cyber criminals are “hooded / masked baddies” and we outlined some ways in which AusCERT, as a not-for-profit security group can help our members and the general public avoid the common pitfalls of falling victim to a cybercrime and/or incident.

Sean, it isn’t unusual for our collective cultural community to think of cyber security in terms of tired cliches and common tropes. In your opinion, what can we do to help people understand that a cyber criminal and victim could look like anyone, including you and me.

I think it’s really important to talk to folks - family, friends, neighbours even - about how cyber crime isn’t discriminatory, that it can happen to anyone. I feel it’s great that the media draws attention to cyber related incidents, it helps bring the topic to the mainframe. People relate to examples like Nine Network or domain.com.au. However, I do think we can do better at the grassroots-level. We should start talking about it with kids in schools etc., avoid making “cyber” a scary topic. I think organisations like eSafety do some good work in this space ^[1].

You’ve been working at AusCERT for close to 18 months now, in your opinion and observations, what cyber security challenges are the most common in terms of our membership audience?

Personally, my top 3 observed challenges are as follows:

Staying on top of the countless advisories, vulnerabilities and CVEs that come through daily. Identify all of your infrastructure; systems, operating systems, patch levels, appliances, applications. This may sound elementary, but sometimes the concept of going back to the basics is a great starting point. Actually, Jess Dodson, one of our keynotes and speakers at the AusCERT2021 conference does a great job of this through her personal website, definitely worth checking out! ^[2]. Members, once you’ve done this audit, make sure you subscribe to the appropriate AusCERT security bulletins through our member portal function.
Identifying Business Email Compromise (BEC) attempts from what can be extremely confusing email headers and what to do from there. BECs are such a common scam - so much so that the ACCC had recently reported that payment redirection scams, also known as business email compromise (BEC) scams, resulted in $128 million of losses in the year 2020 ^[3]. Members, the AusCERT team is always happy to assist with the analysis of phishing email attempts and headers and will contact and assist affected member organisations where a BEC has occurred. Don’t forget that public agencies such as Scamwatch can also assist ^[4].
Domain impersonation or squatting and brand protection. This one is a particularly challenging one, as AusCERT would love to help members who find themselves in such cases - however our success in getting websites taken down relies on malicious activity such as phishing or malware delivery being present. In cases where a brand is being impersonated, registrars and website hosts will request that the owner of the trademark contacts them directly. Abuse contacts can generally be found in the ‘whois’ info of a domain. Members can always reach out to our team for assistance and we are happy to walk through the necessary steps with them.

We sat down and did one of these sessions at the end of last year, when you and I presented a case study on the AusCERT Incident Management service ^[5]. Can you reiterate the key take-aways for our readers again?

Of course! For those who haven’t had a read of that piece we did together, definitely check it out on the AusCERT website ^[5].

If you’re an AusCERT member, definitely utilise our 24/7 Incident Hotline or email us at auscert@auscert.org.au for any cyber related incidents.

Where possible, implement the “Essential 8” as outlined by the ACSC ^[6]. This protocol provides a baseline for cyber security incident mitigation. Implementing these strategies as a minimum makes it much harder for adversaries to compromise systems.

Thanks so much for the chat Sean!

.............................

AusCERT is a Cyber Emergency Response Team (CERT) based in Australia. We help members prevent, detect, respond and mitigate cyber-based attacks. As a not-for-profit security group based at The University of Queensland Australia, we deliver 24/7 service to members alongside a range of comprehensive tools to strengthen their cyber security strategy and posture.

..........................

Resources:
[1] https://www.esafety.gov.au/kids
[2] https://girl-germs.com/?p=2324

[3] https://www.accc.gov.au/media-release/scammers-capitalise-on-pandemic-as-australians-lose-record-851-million-to-scams
[4] https://www.scamwatch.gov.au/types-of-scams

[5] https://www.auscert.org.au/blog/2020-11-06-case-study-incident-management
[6] https://www.cyber.gov.au/acsc/view-all-content/publications/essential-eight-explained