Search Results

Share Article:

Facebook Twitter Linkedin Mail

Tag: cyber-security

Unearthing Australia’s next elite hackers

Cyber Security

Posted on August 2, 2018

4 min read

In three months’ time, more than 400 cyber security students will fire up their machines and attempt to penetrate the systems of a fictional start-up incubator before the end of 24 hours.

For the first time, those tasked with attacking the company will come face-to-face with a similarly motivated team of defenders working to keep the ‘bad guys’ out.

In its sixth year of operation, the Cyber Security Challenge Australia (CySCA) – a joint effort to nurture the country’s next generation of cyber security professionals – is expecting its biggest participation yet.

The competition has grown steadily since its inception, from 40 students in 2012 to just under 300 last year, and an anticipated 400+ this coming October.

Telstra – one of the program’s sponsors – has built an entirely new technology platform for the 2018 CySCA to handle the growing volume of participants.

The new platform is made up of seven blade servers able to accommodate as many as 24 teams each – four times the capability of the previous platform.

Each team will be given its own set of virtual machines to work on, as well as a VPN endpoint to connect into their game environment from their university or TAFE base. Team environments are kept isolated from each other to prevent any dodgy behaviour from competing teams.

Cyber Security Challenge Australia (CySCA)

The challenge

Racing against the clock, players will work to solve a main challenge as well as a series of puzzles and problems in order to win points. The team with the highest points wins the overall competition.

They will be competing to break into – and defend – the systems of fictional start-up incubator BreakOutBox.

But while the scenario they are working with may be make-believe, the systems and technologies the students will be grappling with are very real.

They will need to demonstrate their ability to break into web applications, networks and systems; exploit vulnerabilities; work with cryptography; and perform network forensics and analysis. Players will need to be familiar with technologies and tools like Linux, Splunk, Wireshark, and Disassembler.

For the first time, students won’t only be playing the role of corporate penetration testers, assessing BreakOutBox’s systems for weaknesses and vulnerabilities by taking on the mindset of an attacker.

They will also adopt the posture of a ‘blue team’ – a posse of internal company defenders who maintain constant vigilance against attack.

The inclusion of a blue team challenge in this year’s CySCA is intended to recreate as much as possible real-world examples of the types of skills participating students will need to demonstrate to get a job in the field.

Cyber Security Challenge Australia (CySCA)

Prizes

The winning teams will score a ticket to three of the biggest global and local IT security conferences.

The team that scoops first place will win flights, accommodation and entry to the popular DEF CON conference in Las Vegas in August 2019.

Flights, accommodation and entry to Kiwicon in Wellington, New Zealand this November are also on offer for the second-place team, while the team that comes in third will win the same for the BSides conference in Canberra 2019.

Each placeholder will also receive a tablet or mobile device for each team member. Other individual prizes are on offer for the competition’s various challenges.

An expression of interest form for universities and TAFEs is now open, and will close on August 17.

Start planning your teams to ensure you get your name in front of Australia’s biggest cyber security employers.

Many of the competition’s past winners have gone on to have careers with the challenge’s sponsors, including Telstra security specialists Lennon Jones and Darian Panter.

This year’s competition will be held over 9-10 October 2018. For more information, visit the Cyber Security Challenge Australia website.

Telstra is sponsoring the Cyber Security Challenge 2018 alongside the Australian Cyber Security Centre, AustCyber, PwC, Cisco, Microsoft, Commonwealth Bank, Splunk, BAE Systems and HackLabs.

Discovering human intent in a sea of data

Cyber Security Business and Enterprise

Posted on July 19, 2018

3 min read




Cyber security sleuths find badness in the benign.

Skye Wu and her team would make great detectives. Pieces of information that most of us would find routine and benign they find interesting and valuable, and it is that curiosity that allows them to stop breaches before they happen.

Their work at Telstra is by its nature highly sensitive; within the constraints of Telstra’s tight internal privacy policies they examine the data streams that security systems capture to understand where corporate data travels, who can access it and how, and in doing so often answer questions few have thought to ask. They identify activities that hint at security gaps, subversion of policies, and highlight technologies and data in need of stronger protection.

It’s a story few organisations have the capability to tell. Discovery, as the team is known, is a proactive wing of Telstra Cyber Security‘s Threat Research and Intelligence unit established a few years ago in an effort to build a capability to find unknown business risks.

“We rely on the data, expertise and knowledge already possessed within the organisation to illuminate risks and activities that are happening and unseen,” Wu says.

“These activities may be a fact of life, or it could land us on the front page of major newspapers. We won’t know unless we look and seek to understand them.”

Wu described her team’s work at the Australian Women in Security Lunch in Melbourne last month. Wu explained to delegates how Discovery experts start with a question and seek out people, processes, and technologies that help tell the story.

This she says requires critical thinking and an ability to look outside of the Cyber Security’s turf.

Wu and her team of eight draw together benign bits of data and ask questions about it to discover human intent. Activities that hint at concealment might be the use of unorthodox methods by users to work with unwieldy systems, for example.

“Looking at indicators or data in isolation won’t give us the full story,” Wu says. “The reality is that we’re not going to spot the bad guy by looking for someone in a balaclava”.

Discovery teams are most effective with dedicated staff – a resource typically restricted to enterprises – but Wu says even small businesses with a single security staffer can apply the discovery mission statement to learn more about threats emanating from within.

“Small businesses could look over proxy logs and ask ‘who of my staff consumes the most internet data? Are there big fluctuations month to month? Is this normal depending on their role? Who are my top staff whose internet activity keeps getting blocked at the proxy or internet gateway?’,” Wu says. “They may find surprising things.”

There are no bespoke security tools for Discovery teams so Wu and her colleagues are working with universities and Telstra’s Chief Technology Office to develop new intelligent platforms they can use to better interrogate data.

Wu says Discovery teams in large organisations could use their existing data analytics capabilities while those in smaller businesses could use less expensive tools and keep track of data across spreadsheets.

Tips to help spot a scam email

Cyber Security Consumer advice

Posted on June 15, 2018

5 min read

Email is a great tool. It’s quick, available 24/7 and can be accessed from almost anywhere. However, those same conveniences are also afforded to scammers, who regularly use email to target their victims. Scammers also typically impersonate well-known companies – including Telstra – to make their scam emails more convincing.

What are scam emails?

Scam emails generally fall into two categories:

  1. Those that ask you to provide personal or sensitive information (phishing), or
  2. Those that include attachments or links intended to install malicious software (malware) on your device.

Ultimately, scams come in all shapes and sizes – some ask for personal or financial information, and some come with hidden nasties like malware. Regardless of what category they fall into, they’ll often impersonate legitimate company communications – like Telstra bills or correspondence – in an attempt to make them more convincing and trick the reader into providing the information, opening the attachment, or clicking the link.

What should I look out for?

It’s important to note that while these kinds of scams have evolved over time, the tips on how to protect yourself remain the same.

  • Listen to your gut. If you encounter something unsolicited, unexpected, too good to be true, or coercive, or anything that asks for personal or financial information, double and then triple check it by asking others, calling up the organisation on its official number or searching online for any background information on the sender or offer.
  • Beware of unsolicited requests for sensitive information – don’t open attachments or click on embedded links in emails or sites you don’t know or trust.
  • Pay close attention to the sender’s email address and any links in emails for anything that doesn’t look legitimate.
  • Never respond to a request for personal or financial information in an unexpected email.
  • Make sure you always apply the latest updates to all your devices and software.
  • If a phishing email contains information like an account number, cross check that the details correspond with the details on a previous official email.
  • Be suspicious of unaddressed or generically addressed emails, such as “Dear Customer”.
  • Beware of emails that include a zip file, an .exe or other suspicious attachment.

What should I do if I think I’ve received a scam email?

If you think you’ve received a scam email, here’s what to do next.

  • Avoid opening suspicious or unsolicited emails – delete them directly from your inbox.
  • If you get a suspicious email, don’t reply to the email or open attachments or links.
  • If you do click on a link in an email and are directed to a website, do not enter any personal or financial information onto the site.
  • If you’ve received a scam email that looks like it’s from Telstra, tell us about the scam by submitting a Report Misuse of Service form and include as much detail as you can. Our Cyber Security team will investigate the report and may be in touch if they have additional questions.
  • If you do open an attachment or click on a link, make sure that your computer’s operating system and anti-virus software is up to date. Consider running an anti-virus scan of your computer.

What should I do if I think I’ve been a victim of a scam?

If you believe you have become a victim of a scam, there are a few tips we recommend to help you get things back under your control:

  • Stay calm. As frustrating as it is to learn that you may be at risk, keeping focussed and calm will help you manage your response properly.
  • Think carefully about what information, or access, you may have provided to criminals. Take an inventory and write down what you remember sharing or entering into any fraudulent web sites.
  • If you provided banking or other financial details such as a credit card number, contact your financial institution immediately. Be sure to monitor your accounts closely in the future as well.
  • If you provided any usernames or passwords, immediately change your passwords to a new and secure version.
  • If you’ve shared other personally sensitive information, such as your driver’s license number, Medicare, passport or contact details (such as your phone number or address), then you may want to visit IDCare at https://www.idcare.org – they can help you formulate a response plan to address potential identity theft.
  • Consider filing a report to the Australian Cybercrime Online Reporting Network (ACORN). This will assist law enforcement become better resourced to provide assistance to victims.

Stay Safer Online

If you think you have been compromised by malicious software, spyware or a virus, our Telstra Platinum team can provide advice. And they can help you detect, remove, and protect your devices with Telstra protection services or by configuring what you already have. Call 13 75 87 or for more information visit telstra.com/platinum.

‘You got me’: Woman busts romance scammer after six month stint

Cyber Security Consumer advice

Posted on May 25, 2018

6 min read

It took six months for Kathryn to fall in love with Michael, but only minutes to reveal him as a romance scammer.

Accusing Michael of being a scammer was an unusual act of assertiveness for the reserved 55-year-old healthcare worker from the NSW Central Coast.

It was an unlikely act too; Kathryn (not her real name) had every reason to believe Michael was the caring, genteel man he presented as. They spoke regularly over the phone and, from his would-be London apartment, Michael arranged gifts of flowers, chocolates, and movie tickets.

Kathryn, divorced from a decades-long marriage and facing an intimidating and foreign dating scene, thought she had found in him a diamond in the rough. He was worth the long-distance relationship.

Through friends, she tells us how her relationship with Michael, which began on a dating site in late 2016, before quickly switching to email and social media, became possessive in its latter weeks. Facebook messages appeared more regularly in a tone that, with the benefit of hindsight, seemed more demanding: “what are you doing online”, “who have you been speaking to” they asked.

Michael was set to travel to Australia mid last year. They were both excited. Days before he was set to fly, he sent an exasperated message claiming he bought the wrong non-refundable plane ticket and that his passport was cancelled for elaborate reasons. He needed $7,450 to cover fares and fines.

Kathryn’s online sleuthing about his predicament gave her pause to reflect on his frantic request for money, and his escalated messages.

He called again, and she answered. “I think you’re a scammer,” she told him. A beat, then, a laugh. “Yeah, you got me,” he said. “But you know what? I’ve got 12 of you on the go.”

High-pressure sales

It’s impossible to know how Michael operated. He may have been a lone wolf. Or he may have worked in a call centre alongside other scammers.

“I’m convinced [romance scamming] is their day job,” says Sean Lyons, director of technology and partnerships at Netsafe, an online safety non-profit based in Auckland, New Zealand.

Lyons has not seen evidence of romance scammers operating in coordinated international networks, but says he sees indications – business hour operations and consistent messaging structures for example – that some scammers work in call-centre style environments.

“There may be much larger operations where you have [scammers] working in shifts and handing off to each other,” he says. “They may have CRM (customer relationship management) systems and work an account (a victim) in the same way that staff in high-pressure sales do.”

In such an environment, text messages to victims could be written by any scammer while voice calls would be made by a consistent perpetrator.

There is further evidence of romance scammers coordinating their operations. FBI Special Agent, Christine Beining, said in February last year that romance scammers typically work together sharing intelligence on vulnerable victims.

“From what we can tell, these are usually criminal organisations that work together,” Beining says.

“And once a victim becomes a victim, in that they send money, they will oftentimes be placed on what’s called a ‘sucker list’ [where] their names and identities are shared with other criminals [for] future recruitment.”

Lyons agrees that romance scammers are likely to organise. At present, evidence from Netsafe’s now shelved Re:scam artificial intelligence-like chat bot – which sent more than a million email replies to scammers in a bid to waste their time and energy – indicates a scattergun mass-email approach to targeting victims.

Reach out

Victims of romance scams are not stupid or gullible. They can be anyone.

Romance scams are deliberately ‘hyper-personal’, meaning they are of an overly intense nature that is designed to capture and isolate victims.

University of Warwick professor, Monica Whitty, in a paper published in February this year revealed victims are typically “middle-aged, well-educated women” who “tend to be more impulsive, less kind, more trustworthy, and have an addictive disposition”. Whitty’s work is designed to assist in the development of scam preventive and awareness programs.

Defence against romance scammers is tough for those involved in online dating. The Federal Government’s Scamwatch site has good advice which centres on not sending money to partners and provides clues to help spot fake social media profiles.

More broadly, experts agree that those in online relationships should keep trusted friends abreast of significant events including any plans to travel or requests for monetary loans.

“Talk to someone not connected to the romance before a major event,” Lyons says.

“A dog dying in surgery, a passport not coming through, or bribes to corrupt regimes; talk to someone who isn’t in love with the person before you put pen to paper on that Western Union slip.”

As a last resort, Lyons says, those intent on wiring money to their love interest should stick to official and local credit card networks which can offer traceability that Western Union and other non-conventional payment providers cannot.

Academics have examined other hallmarks of romance scammers. They reveal psychological manipulation as a universal tool in romance scams which includes techniques akin to domestic violence.

Queensland University of Technology academics, Cassandra Cross, Molly Dragiewicz, and Kelly Richards, describe the four signs of this manipulation including isolation, monopolisation, degradation, and withdrawal.

If this story has raised any issues for you and you’d like to speak to someone, call Lifeline on 13 11 14 or Beyond Blue on 1300 224 636.

Businesses held to online ransom

Cyber Security Business tips

Posted on May 24, 2018

5 min read

Ransomware last year brought to a halt a chocolate factory, a metropolitan council, and an accountancy firm among scores of other Australian organisations by turning mission-critical data into an unreadable mess. But much of the impact from the events could have been reduced with a well-oiled business continuity plan.

Ransomware is a class of malicious software that encrypts data so it cannot be read or used by applications. Its perpetrators often promise to supply a decryption key to return the data to a normal state only after a ransom is paid.

The number of organisations impacted by ransomware is unknown since victims are often unwilling to report incidents to authorities, however, security companies claim in surveys that almost half of Australian businesses have been impacted by ransomware.

Some businesses are hit multiple times; Exchange knows of one accountancy firm that was hit three times by ransomware losing data each time, despite having attempted to recover and mitigate after each attack.

The financial impact to businesses can run into millions of dollars per incident with much cost ascribed to downtime and recovery efforts. Ransom demands by those behind the most effective ransomware forms is regularly tens of thousands of dollars.

Risky click and a mean trick

Ransomware is delivered through a wide variety of mechanisms. The most common forms of ransomware such as Cryptolocker may be sent by criminals in phishing emails, or woven into booby-trapped downloads or websites which then infect the computers they are exposed to.

Other ransomware forms such as the global cyber attacks known as Wannacry and NotPetya spread without the need for people to open email attachments or dodgy downloads. They did this by targeting vulnerable functions of computers and networks that were left turned on, loosely akin to thieves slipping through open doors.

Much of the defence against ransomware comes down to good security practice. This includes not running software from untrusted sources like unofficial websites and unknown email or chat conversations, and in ensuring systems are set to automatically apply updates (patches) when they are available.

Security vendors including ESET have created jargon-free guides for technical defences against ransomware which recommend patching, disabling a function called RDP, and filtering executables in emails.

However, business continuity plans are some of the more overlooked yet simplest controls that can help mitigate the large cost of business downtime from ransomware infections.

Lights on

Ransomware can and has stopped global shipping supplies. It has thrown hospital emergency rooms into chaos, brought down the biggest Hollywood movie studios, and forced countless businesses back to pen and paper.

“Business continuity planning might not save you from ransomware but it may save your reputation or your share price,” says Mark Cohen, a Melbourne-based business continuity manager at Telstra. “It will show you can operate in a crisis.”

Cohen says business continuity planning applies to all organisations, from the “fish and chips shop to a doctor’s surgery to enterprises” and helps in a large number of disasters, beyond ransomware.

To avoid disaster in ransomware incidents, all businesses must back up their critical data on a regular basis on different mediums following the 3-2-1 rule. This means the original copy should be backed up on two different mediums, say a cloud service and a disk drive, with the disk drive stored in a physically separated location. Cloud services and any drive connected to business computers via cables or WiFi can be affected in ransomware attacks.

“With back-ups in place, the mindset of how to operate when tech systems go dark and data is inaccessible is key”, Cohen says. Business owners and staff should think about where their critical data is, and whether it is readily and immediately available offline in the form of offline and isolated storage like USB sticks and external disk drives, or on paper documents.

“Ask yourself what are you going to do in a disaster to continue to provide service to your customers?” Cohen says.

Restoring from back-ups can take a long time. And, while some major ransomware forms are as-yet impossible to unravel and are sent by attackers who honour ransoms with decryption keys, other forms are poorly-built and can never be decrypted.

It is the expensive downtime between the restoration of back-ups or the wait for decryption keys that Cohen’s planning hopes to reduce.

“[Recovering from] ransomware is more than just file retrieval – it’s about what you are doing when that is happening and how you are addressing your customers,” Cohen says.

“Plans must be tested too. The first test run is the most arduous with each iteration becoming easier with small tweaks added to the central plans,” Cohen says. “It is there that you discover your recovery time capability (RTC).

“Business continuity planning clauses are written into major contracts so having one, practicing it, and demonstrating its effectiveness will help you win and retain business – along with helping you, your manager, and your shareholders sleep well at night.”