Phishing, Malware & Cyber Security in Australia

Reports of cybercrime have been steadily growing in Australia. The Australian Online Cybercrime Reporting Network releases quarterly reports, indicating that in 2015, they received 9,600 reports of cyber offences.  In the final quarter of 2018, that number has climbed to more than 13,000.

The reports also reveal a surprising trend. While you may believe victims are largely Baby Boomers, seniors, or non-digital natives, the 2018 report shows that the highest victim age bracket, at 43% of all cybercrime reports, was 20-49 year olds.
It’s not just celebrities, it happens to your friends, family and colleagues.

 Adi Ashkenazy, CEO of Sydney-based leading cyber security firm Skylight Cyber Security and former member of the Israeli intelligence community recommends a good place to start your cyber safety journey is with the Have I Been Pwned website, a safe and trustworthy service that allows you to see if your email has been hacked in the past.

From there, the Australian Centre for Cyber Security has compiled a simple six-day checklist, released in April, to achieve a thorough culture of security around your online activity.

More advice form Ad Ashkenazy incudes:

You really do need to have a different password for every log in.
While it’s easy to get lazy, there’s a very legit reason to not be. One of the most common techniques is called “credential stuffing,” explains Adi, “The idea is to reuse user/password pairs that have been leaked and are available online and attempt to gain access to other accounts used by the same person.

For example, if you signed up to a website/app with your e-mail and ‘favourite’ password and that website/app gets hacked, hackers will try to re-use the same e-mail and password on popular services like Instagram, Gmail and Facebook.

Never automatically trust links in emails
Even if they’re from friends or familiar organisations like Google. This social engineering technique involves sending a message to a target that is designed to make them click an unsafe link, download malware or somehow give an attacker important information by pretending to be someone legitimate.

For example, a message that appears to be from an acquaintance, a large firm like Google or a service you may be using. Once the target provides enough information or downloads a malicious program, the hacker can harvest the required information from the computer or mobile device.

Some hackers will randomly try and type in your password
With so much emphasis on ‘credential stuffing’ and phishing, people may think the days of hackers ‘guessing’ passwords are done. They aren’t. Weak passwords/password guessing are another common technique. A surprisingly large amounts of people still use simple numeric passwords like 12345678, their birthday, pet names or other information that can rather easily be guessed or found online.

You won’t know you’ve being hacked until you’ve been hacked
Movies and TV have gone a long way to make many people think they’ll be signs, or obvious and irregular activity that they’re being hacked, but often you won’t know until it’s too late. Unfortunately, there is no one full proof detection technology or solution, and it really depends on the platform. Most modern platforms today like Gmail try to abstract the detection techniques from the user and instead alert him/her when suspicious activity is identified.

For example, when someone has logged into your account for the first time from a new device or geographic location.
Most people discover they have been hacked when the damage has been done. For example, your entire contacts are suddenly receiving messages from you, claiming you need their urgent monetary assistance.

Don’t assume you aren’t “interesting enough” to be hacked
You absolutely are. An additional awareness issue is the belief people have that they are not interesting enough for hackers. The reality of low-end hacking in 2019 is that it’s automated and non-targeted. Therefore, while you may not be a high rolling billionaire, if your email and password were leaked somewhere, there’s a good chance an automated campaign will pick that up and try to hack you.

Be cautious of unsolicited incoming International calls
The ones that ring once and don’t leave a message. As per the Australia Centre for Cyber Security, Overseas calls can be hazardous. The intention behind these calls is for you to call them back. These are known as “Wangiri” calls, a Japanese term roughly translating to “One and cut.”

Upon calling back, you’ll be put on hold, or speak with the scammer directly. Either way, they’ll attempt to keep you on the line as long as possible as these numbers will charge you a premium rate to “use” the service. Like how 1900 numbers, or premium mobile numbers work, a percentage of the revenue raised by the call will go to the scammer by the service provider.

Don’t wait for proof 
Even if you just suspect you’ve been hacked, seek help. Speed and expertise are of the essence in these cases and I strongly suggest consulting with an individual who is at least somewhat tech savvy. In any case, you should change/update all your passwords as quickly as possible. If you are not already using multi factor authentication, enable it is available in all the leading social media services. 

If you believe a device (mobile or computer) has been potentially compromised and infected with malicious software, consult an expert.

The Brag

You Might Also Read: 

Only Four Suspects In Australia's High Level Attack:

Dealing With Malicious Emails:

« Cyber Attacks On The British Financial Sector Increasing Fast
China’s Dirty Secret - Intellectual Property Theft »

CyberSecurity Jobsite
Perimeter 81

Directory of Suppliers

CYRIN

CYRIN

CYRIN® Cyber Range. Real Tools, Real Attacks, Real Scenarios. See why leading educational institutions and companies in the U.S. have begun to adopt the CYRIN® system.

CSI Consulting Services

CSI Consulting Services

Get Advice From The Experts: * Training * Penetration Testing * Data Governance * GDPR Compliance. Connecting you to the best in the business.

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

BackupVault

BackupVault

BackupVault is a leading provider of automatic cloud backup and critical data protection against ransomware, insider attacks and hackers for businesses and organisations worldwide.

Alvacomm

Alvacomm

Alvacomm offers holistic VIP cybersecurity services, providing comprehensive protection against cyber threats. Our solutions include risk assessment, threat detection, incident response.

Konfidas

Konfidas

Konfidas provide high-level cybersecurity consulting and professional tailored solutions to meet specific cybersecurity operational needs.

Verimatrix

Verimatrix

Verimatrix is a global provider of innovative cybersecurity solutions that protect content, devices, software and applications.

CERT NZ

CERT NZ

CERT NZ supports businesses, organisations and individuals affected by cyber security incidents, and provide trusted and authoritative information and advice.

Ergon Informatik

Ergon Informatik

Ergon Informatik AG is Switzerland's leading provider of customised software solutions and software products including fraud detection and the Airlock web security suite.

R2S Technologies

R2S Technologies

R2S can help you implement a cyber security framework to ensure your business is more resilient towards the growing threat of cyber crime. We provide Web and Mobile Application Security Assessment..

Cyberhaven

Cyberhaven

Cyberhaven provides rapid enablement for GDPR and CCPA compliance, streamlined data security and modern risk management.

Axis Security

Axis Security

Axis Security technologies transform open networks and vulnerable applications into fully protected resources that the business can trust.

SandboxAQ

SandboxAQ

SandboxAQ is an enterprise SaaS company combining AI + Quantum tech to solve hard problems impacting society.

Epoch Concepts

Epoch Concepts

Offering a full line of IT services, solutions, and integration capabilities, Epoch Concepts is the trusted partner of the US military, federal agencies, private enterprises, and systems integrators.

MLSecOps Community

MLSecOps Community

The MLSecOps Community is a collaborative space for machine learning security experts and industry leaders to connect and shape the future of AI/ML security.

DataStealth

DataStealth

DataStealth is a data protection platform that allows organizations to discover, classify, and protect their most sensitive data and documents.

Mindgard

Mindgard

The Mindgard Security Copilot platform secures your Artificial Intelligence, GenAI and LLMs.

Levio

Levio

Levio is a digital native business and technology consulting firm. As a true partner from start to finish, our goal is a long-lasting transformation that’s right for your business model.

Kolide

Kolide

Kolide ensures that if a device isn't secure, it can't access your apps.

Intracis

Intracis

Intracis is a 'Made in India' cyber incident management solution aimed at ‘Making Security Simple’ by simplifying cyber incident management for CERTS and CSIRTS.

Cypheria

Cypheria

Cypheria harness the expertise of elite military units and combine it with extensive digital combat experience to deliver unparalleled security solutions for organizations.