Hoplon Advocate Newsletter December 2021

THE HOPLON ADVOCATE – December 2021

Click here to view the PDF version

In this month’s issue we introduce the team, define Cyber Security & review the ACSC’s Annual Cyber Threat report & its key findings. Plus top tips to stay Cyber Safe this festive season.

Meet the team:

Executive

Expert Advisory Board

Technical Team

 

Jimmy’s view

The evolution of the term “Cyber Security”

Cyber security is now defined as the practice of defending computers, servers, mobile devices, electronic systems, networks, and data from malicious attacks. It’s also known as information technology security or electronic information security. The term applies in a variety of contexts, from business to mobile computing.

William Gibson introduced the word “Cyberspace” in his 1982 novelette “Burning Chrome”.

He is credited with popularising the terms “Cyberspace” & “ICE” (Intrusion Countermeasures Electronics) in the popular novel Neuromancer (1984).

Late in 1988, a man named Robert Morris had an idea: he wanted to gauge the size of the internet. To do this, he wrote a program designed to propagate across computer networks, infiltrate Unix terminals using a known bug, & then copy itself. This last instruction proved to be a mistake. The Morris worm replicated so aggressively that the early internet slowed to a crawl, causing untold damage.

The worm had effects that lasted beyond an internet slowdown. For one thing, Robert Morris became the first person successfully charged under the Computer Fraud & Abuse Act (although this ended happily for him—he’s currently a tenured professor at MIT). More importantly, this act also led to the formation of the Computer Emergency Response Team (the precursor to US-CERT), which functions as a non-profit research center for systemic issues that might affect the internet as a whole.

After the Morris worm, viruses started getting deadlier & deadlier, affecting more & more systems. It seems as though the worm presaged the era of massive internet outages in which we live. You also began to see the rise of antivirus as a commodity—1987 saw the release of the first dedicated antivirus company.

In 1989, the term “Cyber Security” was officially coined & entered the English lexicon.

For a long time IT professionals used the label IT Security as a term to mean the protection of IT systems & their data through various methods such as access gateways, firewalls, encryption, vulnerability scanning & even physical security.

Now, as the world becomes increasingly digitalised, how we use IT has a broader impact. The landscape of devices has also increased, from the humble desktop, to laptops, tablets, phones, IOT device of all different types; toasters, fridges, watches etc.

The real transition from IT Security to what we now call Cyber Security came about when the typical attacker moved from “script kiddies” at University to well funded organised crime groups launching devastating Cyber Attacks on all type of IT systems.

This include things that we would have not consider vulnerable in the past, such as smart TVs or even nuclear power plants!

With these new types of attacks came new types of defences such as SIEM (Security Information & Event Management) & SOAR (Security Orchestration, Automation & Response) technologies, & the creation of the SOC (Security Operation Centre) staffed 24×7 continuously looking for attacks, or breaches of data.

Cyber Security attacks are now focusing purely on the Individual, for example: Identity Theft, Cyber Fraud, Crypto-locking, Scams & Spear Fishing just to name a few.

Hackers & malicious actors are always seeking new ways to bypass cyber defences & this has resulted in a booming demand for Cyber Security software to provide tailored solutions for businesses & individuals.

 

ACSC’s Annual Cyber Threat Report 2020-2021

The main trends in the Financial Year 2020-2021 were:

Malicious actors exploited the COVID-19 environment by targeting Australians searching for information online, using spear-phishing to encourage recipients to enter personal credentials for access to COVID-related information or services.

Disruption of essential services and critical infrastructure: approximately one quarter of cyber incidents reported to the ACSC during the reporting period were associated with Australia’s critical infrastructure or essential services.

The ACSC recorded a 15 per cent increase in ransomware cybercrime reports in the 2020–21 financial year.

Rapid exploitation of security vulnerabilities sometimes within hours of public disclosure, patch release or technical write up – particularly if proof of concept (PoC) code that identified the vulnerabilities in systems was also released.

Supply chains – particularly software and services – continue to be targeted by malicious actors as a means to gain access to a vendor’s customers.

Business email compromise (BEC) continues to present a major threat to Australian businesses and government enterprises, especially as more Australians work remotely. In the 2020–21 financial year, the average loss per successful event has increased to more than $50,600 (AUD) – over one-and-a-half times higher than the previous financial year.

By the numbers:

 

The main take-away from the report is that Cybercrime is on the rise & will continue to rise over time. Sectors at risk need to improve their Cyber Resilience by taking steps to secure their credentials, harden their infrastructure & increase their awareness of threats.

“Silly season” Handy Tips:

The best way to stay secure while shopping online is to know how to look for suspicious websites and boost your protective security measures.

  • Know your sellers:
  • To verify a site you’re looking at, do a browser search for other web pages or profiles by that seller. Compare logos, business names, URL addresses and contact details. If they don’t match up, steer clear!
  • Type the web address directly into your browser, rather than clicking on a link provided in an email or in an advertisement. This will help ensure you don’t get directed to a fake website.
  • Be cautious of sellers offering unbelievably low prices. If it looks too good to be true, it probably is!
  • Pay Securely
  • Use secure payment methods like PayPal, Bpay or your credit card and never pay by direct bank deposits, money transfers or other unusual methods (such as Bitcoin), as you’re unlikely to get your money back if you’ve paid a scammer.
  • Fake Parcel Delivery scams
  • Be wary of messages that don’t address you personally, have few or no details about your order, or threaten to charge you a fee for holding an undelivered item.
  • Think before you click – remember Australia Post will never ask you to click a link to print out a receipt for parcel collection, nor will they ask you to update or verify your personal information.
  • If you’re unsure, call the organisation but remember to use contact details from a verified website or other trusted source.
  • Be aware of the personal information you share online
  • Always use strong and unique passwords, watch out for phishing emails or texts, and be aware of what you share online to keep your personal information safe.

 

Hoplon Cyber Security are here to help – call us on 1800 491 471 for a complimentary consultation.

You can also head to our website for a free assessment:

https://hoploncyber.com/health-check/

Stay Cyber Safe.

The Hoplon Cyber Team.

https://hoploncyber.com/

1 300 312 862

advice@hoploncyber.com

175 Melbourne Street

South Brisbane QLD 4101