Phishing, Malware & Cyber Security in Australia

Uploaded on 2019-07-08 in GOVERNMENT-National, FREE TO VIEW

Reports of cybercrime have been steadily growing in Australia. The Australian Online Cybercrime Reporting Network releases quarterly reports, indicating that in 2015, they received 9,600 reports of cyber offences.  In the final quarter of 2018, that number has climbed to more than 13,000.

The reports also reveal a surprising trend. While you may believe victims are largely Baby Boomers, seniors, or non-digital natives, the 2018 report shows that the highest victim age bracket, at 43% of all cybercrime reports, was 20-49 year olds.
It’s not just celebrities, it happens to your friends, family and colleagues.

 Adi Ashkenazy, CEO of Sydney-based leading cyber security firm Skylight Cyber Security and former member of the Israeli intelligence community recommends a good place to start your cyber safety journey is with the Have I Been Pwned website, a safe and trustworthy service that allows you to see if your email has been hacked in the past.

From there, the Australian Centre for Cyber Security has compiled a simple six-day checklist, released in April, to achieve a thorough culture of security around your online activity.

More advice form Ad Ashkenazy incudes:

You really do need to have a different password for every log in.
While it’s easy to get lazy, there’s a very legit reason to not be. One of the most common techniques is called “credential stuffing,” explains Adi, “The idea is to reuse user/password pairs that have been leaked and are available online and attempt to gain access to other accounts used by the same person.

For example, if you signed up to a website/app with your e-mail and ‘favourite’ password and that website/app gets hacked, hackers will try to re-use the same e-mail and password on popular services like Instagram, Gmail and Facebook.

Never automatically trust links in emails
Even if they’re from friends or familiar organisations like Google. This social engineering technique involves sending a message to a target that is designed to make them click an unsafe link, download malware or somehow give an attacker important information by pretending to be someone legitimate.

For example, a message that appears to be from an acquaintance, a large firm like Google or a service you may be using. Once the target provides enough information or downloads a malicious program, the hacker can harvest the required information from the computer or mobile device.

Some hackers will randomly try and type in your password
With so much emphasis on ‘credential stuffing’ and phishing, people may think the days of hackers ‘guessing’ passwords are done. They aren’t. Weak passwords/password guessing are another common technique. A surprisingly large amounts of people still use simple numeric passwords like 12345678, their birthday, pet names or other information that can rather easily be guessed or found online.

You won’t know you’ve being hacked until you’ve been hacked
Movies and TV have gone a long way to make many people think they’ll be signs, or obvious and irregular activity that they’re being hacked, but often you won’t know until it’s too late. Unfortunately, there is no one full proof detection technology or solution, and it really depends on the platform. Most modern platforms today like Gmail try to abstract the detection techniques from the user and instead alert him/her when suspicious activity is identified.

For example, when someone has logged into your account for the first time from a new device or geographic location.
Most people discover they have been hacked when the damage has been done. For example, your entire contacts are suddenly receiving messages from you, claiming you need their urgent monetary assistance.

Don’t assume you aren’t “interesting enough” to be hacked
You absolutely are. An additional awareness issue is the belief people have that they are not interesting enough for hackers. The reality of low-end hacking in 2019 is that it’s automated and non-targeted. Therefore, while you may not be a high rolling billionaire, if your email and password were leaked somewhere, there’s a good chance an automated campaign will pick that up and try to hack you.

Be cautious of unsolicited incoming International calls
The ones that ring once and don’t leave a message. As per the Australia Centre for Cyber Security, Overseas calls can be hazardous. The intention behind these calls is for you to call them back. These are known as “Wangiri” calls, a Japanese term roughly translating to “One and cut.”

Upon calling back, you’ll be put on hold, or speak with the scammer directly. Either way, they’ll attempt to keep you on the line as long as possible as these numbers will charge you a premium rate to “use” the service. Like how 1900 numbers, or premium mobile numbers work, a percentage of the revenue raised by the call will go to the scammer by the service provider.

Don’t wait for proof 
Even if you just suspect you’ve been hacked, seek help. Speed and expertise are of the essence in these cases and I strongly suggest consulting with an individual who is at least somewhat tech savvy. In any case, you should change/update all your passwords as quickly as possible. If you are not already using multi factor authentication, enable it is available in all the leading social media services. 

If you believe a device (mobile or computer) has been potentially compromised and infected with malicious software, consult an expert.

The Brag

You Might Also Read: 

Only Four Suspects In Australia's High Level Attack:

Dealing With Malicious Emails:

« Cyber Attacks On The British Financial Sector Increasing Fast
China’s Dirty Secret - Intellectual Property Theft »

CyberSecurity Jobsite
Check Point
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

TÜV SÜD Academy UK

TÜV SÜD Academy UK

TÜV SÜD offers expert-led cybersecurity training to help organisations safeguard their operations and data.

Jooble

Jooble

Jooble is a job search aggregator operating in 71 countries worldwide. We simplify the job search process by displaying active job ads from major job boards and career sites across the internet.

Airbus Cybersecurity

Airbus Cybersecurity

Airbus CyberSecurity is a European specialist in cyber security. Our mission is to protect governments, military and critical national infrastructure enterprises from cyber threats.

TrustInSoft

TrustInSoft

TrustInSoft develops solutions that validate mission-critical software and eliminate attack vectors.

Herbert Smith Freehills

Herbert Smith Freehills

Herbert Smith Freehills is a leading professional services including data protection and privacy.

Harel Mallac Technologies

Harel Mallac Technologies

Harel Mallac Technologies is a Mauritian organisation that has developed a strong network of ICT specialists with nodes across the African continent.

Magtech Solutions

Magtech Solutions

Magtech Solutions is a one-stop IT Solutions provider offering Cloud Computing, IT Security, Unified Email Solutions and ERP systems.

HCL Technologies

HCL Technologies

HCL offer an integrated portfolio of products, solutions and services built around Digital, IoT, Cloud, Automation, Cybersecurity, Analytics, Infrastructure Management and Engineering Services.

Agility Networks

Agility Networks

Agility Networks is a technology company providing integrated services and solutions for Digital Transformation and Cyber Security.

Ingenio Global

Ingenio Global

Ingenio is a specialist recruitment business for SaaS companies. Our purpose is to source exceptional talent in areas including cyber security for leading SaaS companies in the UK and Ireland.

Enterprise Incubator Foundation (EIF)

Enterprise Incubator Foundation (EIF)

Enterprise Incubator Foundation (EIF) of Armenia is one of the largest technology business incubators and IT development agencies in the region.

SafeTech Informatics & Consulting

SafeTech Informatics & Consulting

Safetech's OTShield detects, prevents and analyses cyber-attacks in SCADA and Industrial IoT systems by utilising state of the art deception techniques.

Lockheed Martin

Lockheed Martin

Lockheed Martin deliver full-spectrum cyber capabilities and cyber resilient systems to defense, intelligence community and global security customers.

Opticks Security

Opticks Security

Opticks provides fraud detection and monitoring solutions for leading brands. agencies and networks. Our relentless mission is to deliver reliable and innovative software to beat digital fraud.

Scholarly Networks Security Initiative (SNSI)

Scholarly Networks Security Initiative (SNSI)

SNSI brings together publishers and institutions to solve cyber-challenges threatening the integrity of the scientific record, scholarly systems and the safety of personal data.

SNC-Lavalin

SNC-Lavalin

SNC-Lavalin is a fully integrated professional services and project management company with offices around the world.

Custodia Continuity

Custodia Continuity

Custodia Continuity manage your Security, Backup, Continuity and Compliance. You get on with your business.

DATS Project

DATS Project

DATS Project enables the utilization of high computing power across a number of cybersecurity services, all on a pay-as-you-go basis, eliminating the need for upfront investment costs.