Tag Archives: cyber crime

cyberattack

Are you protected?

Last year, the WannaCry cyberattack showed the world the rapid and destructive power of cybercrime. Targeting vulnerabilities in older versions of Microsoft Windows operating systems (OS), the virus rapidly spread between computers and networks all over the world. As a result, hospitals, banks, businesses and various other organisations in over 150 countries were crippled by the anonymous infection, which locked hundreds of thousands of users out of their computers and demanded ransom payments of $300 in the untraceable cryptocurrency Bitcoin.

At least12 Australian businesses reported being affected in the initial cyberattack, with more suspected of suffering without informing the authorities.

Frustratingly, Microsoft had recognised the vulnerability, and issued software ‘patches’ to fix the hole. Yet many companies and individuals either didn’t install the fixes, or were using unsupported, older versions of Windows, leaving their systems exposed.

This global incident was one of several cyberattacks in 2017 costing about $2.5 billion in ransomware payments, according to antivirus software firm Bitdefender. It highlights a common problem in businesses both in Australia and abroad: a weariness or reluctance to deal with computer cybersecurity. Known as ‘security fatigue’, studies in the USA have shown many computer users feel overwhelmed and even bombarded from being on constant alert, adopting safe behaviour and trying to understand the nuances of online cybersecurity issues at work. Yet, with cyberattacks on the rise and becoming ever more sophisticated, there has never been a greater need to adopt secure practices.

“A successful cyberattack can cause major financial, reputational and legal damage to companies,” explains Sanjay Mazumdar, CEO of Data to Decisions Cooperative Research Centre (D2D CRC). “Cybersecurity is not just an IT issue — it is the board and executive’s responsibility to focus on the cyber resilience of their business.”

But what should businesses do to protect themselves? Mazumdar suggests they follow the Australian Signals Directorate (ASD)’s ‘Top 4’ and ‘Essential 8’. “These are simple strategies,” he says. “The mantra all organisations should remember is ‘Catch, Patch and Match’.”

The phrase is an easy-to-remember summary of core cybersecurity actions. If businesses ‘catch’ malicious software by only running a whitelist of approved applications, ‘patch’ their applications and OS with updates, and ‘match’ the right people with the right access, ASD estimates that at least 85% of intrusions can be prevented. As for the remaining 15%, those cyberattacks could still infiltrate security-savvy businesses because current computer systems, no matter how advanced, leave doors ajar for attackers. At the same time cybercriminals are becoming increasingly sophisticated in sniffing out these chinks in the armour and exploiting them.

Because nobody knows where the next breach could come from, it’s critical to have early warning systems so businesses can be told of imminent threats with enough time to protect themselves quickly, thus stemming the spread of cyberattacks.

Organisations such as CERT Australia, the national computer emergency response team, already help Australian businesses understand the cyberthreat landscape and better prepare for, defend against and mitigate cyberthreats and incidents.

“Big data analytics is a critical component of addressing cyberthreats,” says Mazumdar. “It can help with detecting anomalies in a network that indicate malware or Trojan Horse attacks [a computer program that misleads users of its true intent], or in staff behaviour — e.g. downloading unusual amounts of documents — which could be an indicator of an insider threat, like the  Edward Snowden leak in the USA.”

The team has a number of research streams that may ultimately culminate in revolutionary cybersecurity outcomes. For instance, the D2D CRC Integrated Law Enforcement program aims to build a technology that pools and presents data from government, police, armed forces and intelligence agencies. This has led to the spin-off NQRY™. “NQRY specialises in next-generation investigative tools and effective investigation management solutions for law enforcement and public safety organisations — essentially digitising a law enforcement agency’s lines of enquiry,” Mazumdar says.

Another D2D CRC project — Beat the News — has developed an automatic forecasting capacity for law enforcement and national security agencies. This has since been commercialised through D2D CRC’s first spin-off company Fivecast™.

A world-leading forecasting technology, Fivecast is able to automatically and accurately predict the occurrence of future population-level events such as social disruption, political crises and election outcomes. The Minority Report-like technology looks into the future to predict what might happen, when it will happen and why.

Meanwhile, D2D CRC’s Predicting Cyber Exploits project is developing a system to predict when and how a publicly disclosed vulnerability will progress. With funding from the Defence Innovation Hub, the technology resulting from the project will allow decision makers and system maintainers to proactively mitigate high-risk threats before they are actively exploited by cybercriminals, and respond quickly if and when hackers do attempt to exploit the threat.

Ultimately, this results in national security threats like cyberattacks being detected earlier, and a reduction in the probability of them occurring.

Another way to try to predict a cybercrime is for computer security experts to think like cybercriminals. By understanding the weaknesses and vulnerabilities of computer systems and how they can be exploited, they can get a step ahead of the hackers.

This is exactly what Yuval Yarom from CSIRO’s Data 61 and colleagues did to find the Meltdown and Spectre computer vulnerabilities, which were disclosed in January 2018. “By causing the processor to speculatively execute instructions that were crafted for this purpose, we could get secret information from the OS or from other programs,” says Yarom.

Stemming from a design flaw in what is called ‘branch prediction’, where a central processing unit makes an educated guess as to what it will compute or process next, Spectre and Meltdown exploit a vulnerability in devices that are simply doing what they are designed to do. This flaw allows malicious applications to bypass memory isolation in order to access the contents of memory. “Spectre and Meltdown use covert channels to get the secret information,” explains Yarom. The combination of covert channels and branch prediction is what enables the vulnerability, and worryingly this means bypassing traditional security measures, thereby exposing billions of devices.

Although cybercriminals have yet to build functional code to exploit the vulnerability, cybersecurity experts are racing to build patches to protect organisations and individuals worldwide.

Of course, cybersecurity experts would have a much easier job if the computer systems they were attempting to protect were secure by design. Yarom’s Data61 colleague Gernot Heiser has been working on secure OS for 25 years. His 7500 lines of C code that make up the seL4 microkernel — a microkernel being the bare minimum of any OS — was a major breakthrough, as it was the first to be proved  mathematically correct, thereby making it practically unhackable by today’s standards. Unfortunately, seL4 is too expensive for widespread adoption.

Heiser’s work now focuses on reducing the cost of seL4 to make it more affordable and to ensure the microkernel is secure against highly sophisticated future cyberattacks. He thinks that by observing the exact timings of actions, extremely talented hackers may be able to steal encryption keys and thereby eavesdrop on communications, or even masquerade malicious code as legitimate services. Heiser is now enhancing the microkernel against these ‘timing side channels’. “Fundamentally we’re developing OS technology for keeping systems secure,” he says.

-Ben Skuse

cyber crime

Creating a secure and resilient economy

Collaboration is a term frequently used in business and across many industries. It’s one I have come to hear often across my Small Business, Innovation and Trade portfolios, and it is also a term that causes much confusion – what exactly is collaboration?

I am regularly asked this when I talk about collaboration and why I think it’s important. I concede that it can sometimes be thrown around so much that it starts to look like a meaningless buzzword, and has perhaps become something of a cliché used by people when they want to look like they’re solving problems or pursuing innovation.

That being said, I genuinely believe in the importance of collaboration. It’s important that we work with others, that we share our knowledge and our resources to get better outcomes to the challenges we are facing.

With the world becoming increasingly digitised, it has never been more important for collaboration to occur across all sectors of our own economy, and across global economies.

The online world knows no geographical boundaries. So we have no choice but to collaborate. We need to work with our industry bodies, with global organisations and other governments to ensure we have the best capabilities to deal with whatever comes our way.

The challenge of cyber crime

The ever growing cybersecurity industry is the perfect example of why we need global collaboration. Cybersecurity not only safeguards the digital economy so that it can continue to grow, generate jobs and create a resilient economy into the future, it also ensures our online privacy and prevents cyber crime.

The Internet of Things (IoT), along with other technologies, is creating an almost totally connected world – gone are the days when we only needed to worry about protecting our personal computers. Instead we now need to protect vast networks of devices that span our offices, building sites, shopping centres, public transport systems and homes.

In 2016, the average Australian household had nine internet connected devices. While this may seem like quite a substantial number, it is expected to more than triple to 29 by 2020 and will also include devices such as fridges, televisions and indeed entire households that will run remotely.

Predicting patterns of cyber crime

While the IoT offers exciting opportunities to enhance our lives, it also offers opportunities for hackers to commit cyber attacks. Unlike traditional forms of crime, these attacks don’t just come from people living in your neighbourhood, state or country, they can come from anywhere in the world at any time of the day and from any device.

The only way we can ensure that we are best prepared to deal with these attacks is if we can predict patterns of cyber crime and learn how to mitigate it – this is where collaboration becomes crucial.

Shared knowledge is not just a good way to combat cyber crime, it is in fact the only way we will be able to succeed against it. The biggest problem with combating cyber crime is the speed at which technology advances – meaning it is vital that various agencies and organisations around the world are working together and sharing their knowledge and experience concurrently.

While the benefits of working together to combat the world’s biggest form of crime has its benefits, collaboration across the cybersecurity industry is itself is very valuable with the potential to create huge economic benefits for those in the game. Currently, cybersecurity industry’s estimated worth is over US$71 billion globally. This value is expected to double by 2020.

This industry has the potential to be a huge driver for Australian jobs and the economy, which is why Victoria is investing heavily in collaboration and collocation of allied interests.

In the past two years we have created Australia’s biggest cybersecurity cluster right in the heart of Melbourne. This hub includes Data61, the digital research arm of the CSIRO and Australia’s leading digital research agency; and the Oceania Cyber Security Centre, which brings together eight Victorian universities and major private sector partners.

Collocating at the Goods Shed in Melbourne’s Docklands precinct, the Oceania Cyber Security Centre will also work in partnership with Oxford University’s world-leading Global Cyber Security Capacity Centre, Israel’s Tel Aviv University, and the State of Virginia, the largest defence state in the USA.

These organisations and initiatives are undoubtedly reputable and capable of doing great things. Combining their knowledge and resources in a collaborative way creates an internationally connected cybersecurity powerhouse.

In Victoria, we are now leading Australia’s cybersecurity industry and emerging as a dominant player in the Asia Pacific but we cannot do it alone – we have acknowledged that, we have made moves to change that. In doing so we are increasing our cybersecurity capabilities and helping our allies to increase theirs.

While cybersecurity is a great example of how collaboration is currently working to secure the future of our digital economy, in many jobs and across many industries the situation is the same. In truth, it is simple – if you don’t work with others and learn from their mistakes or value their skills, you are sure to fail.

Hon Philip Dalidakis MP

Victorian Minister for Small Business, Innovation & Trade

Read next: Professor Zdenka Kuncic, Founding Co-Director of AINST, sheds light on opportunities to collaborate and accelerate through the U2B model.

Spread the word: Help Australia become a collaborative nation! Share this piece on collaboration against cyber crime using the social media buttons below.

More Thought Leaders: Click here to go back to the Thought Leadership Series homepage, or start reading the Digital Disruption Thought Leadership Series here.

cyber security

Cyber warfare: a battle plan

The Australian Cyber Security Centre (ACSC) 2016 Threat Report, just released, has some concerning details about the state of Australia’s cyber security. The report highlights the ubiquitous nature of cyber crime in Australia, the potential of cyber terrorism, and the vulnerability of data stored on government and commercial networks.

Several factors are driving these vulnerabilities. And there is considerable work to do to address them.

The cause

A big driver is the maturation and “professionalisation” of cyber criminals. They have businesses, plans, and online fora (support services offered in many languages). There are even services a potential criminal can easily hire – with botnets used for DDoS attacks going for as little as A$50. DDoS stands for Distributed Denial of Service, and involves attackers sending swarms of bots to overwhelm networks. Recently, DDoS attacks have been getting extremely powerful.

Eugene Kaspersky, chief executive of security group Kaspersky Lab, recently explained that:

“as the criminals mature in their operations, the criminals are now offering … “crime-as-a-service” … they are now moving to attacking transportation, and manufacturing … criminals are now hacking coal mine haulage trains, to steal coal or decreasing temperatures inside fuel tanks to steal 3% of fuel with every tank.”

The internet is a weapon

We have reached the stage at which the internet has been weaponised. This word was previously only used to discuss events such as Stuxnet, which was a cyber attack on an Iranian nuclear facility thought to be carried out by the United States and Israel. I would suggest we can extend this concept and realise that the internet’s corporate, personal and government systems now resemble weapons and weapon systems.

An old-fashioned criminal with a gun could hold up a bank and take customers’ money. Today’s criminal, depending on the size of their network-based “weapon”, can take our money, our data, our secrets, or disempower us by disabling our electricity, gas or water supply.

We are beyond a point of no return in our reliance on computers and networks, and the demand for innovation in technology is heightening our cyber security problem all the time.

So what should we do?

In a recent discussion paper, my colleague Greg Austin and I wrote:

“When it comes to addressing threats from advanced technologies, since Australia is a free and open society facing few enemies, and none that are powerful, the country has been … behind the pace. Awareness in the broader community and even in leadership circles of the threats from advanced technology is quite weak.”

We commended the Turnbull government, its innovation strategy, its Defence White Paper, and its Cyber Security Strategy. However, we also noted that:

“…there is a large gap between US assessments of advanced technology threats and the Australian government’s public assessments. These gaps have important policy implications, as well as negative impacts on the security and prosperity to Australians… The country’s education and training policy needs to make giant steps, of which an enhanced STEM approach is only one, and one that will have no strong pay-offs in the next decade at least.”

We are in a situation where Australia greatly lacks a trained and experienced cyber security workforce. Existing staff are fully stretched. We have only a trickle of students in the right disciplines in the VET and Higher Education pipelines. We also lack a local cyber security industry and we find that cyber security solutions are largely supplied by the United States, Israel, Europe, and Russia. We are forced to believe the vendors’ rhetoric rather than rely on local expertise.

A checklist for national cyber security

To remedy this situation we created a checklist for effective response to the cyber security situation that exists nationally:

  1. The states and Commonwealth should commit to a fast track process to set up a national cyber crime fighting unit to capture and convict more cyber criminals. This should include research staff, funded to at least $20 million per year for ten years.
  2. Australia needs to consider creating a National Cyber Security College to get focus and concentrate expertise. Such a body could help generate the following necessary actions:
  • Establish nationally approved undergraduate curricula across a range of disciplines in cyber security, using rewards to ensure that teaching is carried out to some national established standard.
  • Establish TAFE curricula at Certificate 1-6 since not all jobs are for graduates.
  • Determine a transition plan so professionals from a range of specified disciplines can be upskilled and converted into cyber security professionals.
  • Devise a dedicated, well-funded plan to generate the 8,000 to 10,000 cyber security professionals needed in the next few years.
  • Consider developing a private system and sector-specific initiatives for hybrid education initiatives around the country.

We would not leave our houses unlocked and allow criminals to walk in and steal our possessions. We now need to come up with clever ways of securing the cyber world and protecting Australians and our economy.

– Jill Slay

Director, Australian Centre for Cyber Security, UNSW Australia

This article was first published by The Conversation on October 12 2016. Read the original article here.