Phishing, Malware & Cyber Security in Australia

Uploaded on 2019-07-08 in GOVERNMENT-National, FREE TO VIEW

Reports of cybercrime have been steadily growing in Australia. The Australian Online Cybercrime Reporting Network releases quarterly reports, indicating that in 2015, they received 9,600 reports of cyber offences.  In the final quarter of 2018, that number has climbed to more than 13,000.

The reports also reveal a surprising trend. While you may believe victims are largely Baby Boomers, seniors, or non-digital natives, the 2018 report shows that the highest victim age bracket, at 43% of all cybercrime reports, was 20-49 year olds.
It’s not just celebrities, it happens to your friends, family and colleagues.

 Adi Ashkenazy, CEO of Sydney-based leading cyber security firm Skylight Cyber Security and former member of the Israeli intelligence community recommends a good place to start your cyber safety journey is with the Have I Been Pwned website, a safe and trustworthy service that allows you to see if your email has been hacked in the past.

From there, the Australian Centre for Cyber Security has compiled a simple six-day checklist, released in April, to achieve a thorough culture of security around your online activity.

More advice form Ad Ashkenazy incudes:

You really do need to have a different password for every log in.
While it’s easy to get lazy, there’s a very legit reason to not be. One of the most common techniques is called “credential stuffing,” explains Adi, “The idea is to reuse user/password pairs that have been leaked and are available online and attempt to gain access to other accounts used by the same person.

For example, if you signed up to a website/app with your e-mail and ‘favourite’ password and that website/app gets hacked, hackers will try to re-use the same e-mail and password on popular services like Instagram, Gmail and Facebook.

Never automatically trust links in emails
Even if they’re from friends or familiar organisations like Google. This social engineering technique involves sending a message to a target that is designed to make them click an unsafe link, download malware or somehow give an attacker important information by pretending to be someone legitimate.

For example, a message that appears to be from an acquaintance, a large firm like Google or a service you may be using. Once the target provides enough information or downloads a malicious program, the hacker can harvest the required information from the computer or mobile device.

Some hackers will randomly try and type in your password
With so much emphasis on ‘credential stuffing’ and phishing, people may think the days of hackers ‘guessing’ passwords are done. They aren’t. Weak passwords/password guessing are another common technique. A surprisingly large amounts of people still use simple numeric passwords like 12345678, their birthday, pet names or other information that can rather easily be guessed or found online.

You won’t know you’ve being hacked until you’ve been hacked
Movies and TV have gone a long way to make many people think they’ll be signs, or obvious and irregular activity that they’re being hacked, but often you won’t know until it’s too late. Unfortunately, there is no one full proof detection technology or solution, and it really depends on the platform. Most modern platforms today like Gmail try to abstract the detection techniques from the user and instead alert him/her when suspicious activity is identified.

For example, when someone has logged into your account for the first time from a new device or geographic location.
Most people discover they have been hacked when the damage has been done. For example, your entire contacts are suddenly receiving messages from you, claiming you need their urgent monetary assistance.

Don’t assume you aren’t “interesting enough” to be hacked
You absolutely are. An additional awareness issue is the belief people have that they are not interesting enough for hackers. The reality of low-end hacking in 2019 is that it’s automated and non-targeted. Therefore, while you may not be a high rolling billionaire, if your email and password were leaked somewhere, there’s a good chance an automated campaign will pick that up and try to hack you.

Be cautious of unsolicited incoming International calls
The ones that ring once and don’t leave a message. As per the Australia Centre for Cyber Security, Overseas calls can be hazardous. The intention behind these calls is for you to call them back. These are known as “Wangiri” calls, a Japanese term roughly translating to “One and cut.”

Upon calling back, you’ll be put on hold, or speak with the scammer directly. Either way, they’ll attempt to keep you on the line as long as possible as these numbers will charge you a premium rate to “use” the service. Like how 1900 numbers, or premium mobile numbers work, a percentage of the revenue raised by the call will go to the scammer by the service provider.

Don’t wait for proof 
Even if you just suspect you’ve been hacked, seek help. Speed and expertise are of the essence in these cases and I strongly suggest consulting with an individual who is at least somewhat tech savvy. In any case, you should change/update all your passwords as quickly as possible. If you are not already using multi factor authentication, enable it is available in all the leading social media services. 

If you believe a device (mobile or computer) has been potentially compromised and infected with malicious software, consult an expert.

The Brag

You Might Also Read: 

Only Four Suspects In Australia's High Level Attack:

Dealing With Malicious Emails:

« Cyber Attacks On The British Financial Sector Increasing Fast
China’s Dirty Secret - Intellectual Property Theft »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

DigitalStakeout

DigitalStakeout

DigitalStakeout enables cyber security professionals to reduce cyber risk to their organization with proactive security solutions, providing immediate improvement in security posture and ROI.

ZenGRC

ZenGRC

ZenGRC - the first, easy-to-use, enterprise-grade information security solution for compliance and risk management - offers businesses efficient control tracking, testing, and enforcement.

SecuTech Solutions

SecuTech Solutions

SecuTech is a global leader in providing strong authentication and software licensing management solutions.

TitanHQ

TitanHQ

TitanHQ offers ultimate protection from internet based threats and powerful Web filtering functionalities to SMBs, Service Providers and Education sectors around the World.

KIOS Center of Excellence (KIOS CoE)

KIOS Center of Excellence (KIOS CoE)

KIOS carries out top level research in the area of Information and Communication Technologies (ICT) with emphasis on the Monitoring, Control and Security of Critical Infrastructures.

Venrock

Venrock

Venrock helps entrepreneurs build some of the world's most disruptive, successful companies. We invest in technology: Security, Cloud Services, Big Data, Healthcare IT, AdTech.

Cyber Risk Aware

Cyber Risk Aware

Cyber Risk Aware provide a security awareness and phishing simulation platform that focuses on real threats and educates and empowers employees to be the first line of defence.

Nucleus Security

Nucleus Security

Nucleus is a leading Vulnerability Management platform for Large Enterprises, MSPs/MSSPs, and Application Security Teams that want more from their vulnerability management tools.

Templar Shield

Templar Shield

Templar Shield is a premier information security, risk and compliance technology professional services firm serving North America.

Prevasio

Prevasio

Prevasio is a next-gen Cloud Security Posture Management (CSPM) with a built-in Vulnerability and Anti-Malware Scan for Containers.

NetWitness

NetWitness

NetWitness empowers security teams to rapidly detect today’s targeted and sophisticated attacks with unparalleled visibility.

Information Security Officers Group (ISOG)

Information Security Officers Group (ISOG)

ISOG's mission is to strengthen information security through awareness and education programs, promoting community and fellowship among information security leaders.

Quzara

Quzara

Quzara provides trusted advisory services and highly adaptive cybersecurity services to federal, commercial and Defense Industrial Base customers to meet their security compliance and cyber needs.

Guardey

Guardey

Guardey protects thousands of SME's environments. Whether your team works at the office, at home, at the customer or remotely. We protect your business. We do this in an accessible and affordable way.

Focus Digitech

Focus Digitech

Focus Digitech helps you with your digital transformation journey with our main core offerings of Cloud, Cybersecurity, Analytics and DevOps.

Casepoint

Casepoint

Casepoint is the legal technology platform of choice for corporations, government agencies, and law firms to meet their complex eDiscovery, investigations, and compliance needs.

Centum Digital

Centum Digital

Centum Digital provide services, products and solutions specialized in communications engineering, control and signal intelligence.

Cyber Advisors

Cyber Advisors

Cyber Advisors offers customizable cyber security solutions and IT services for businesses of all sizes across the nation from experts you can trust.