I got 99 problems but a vuln ain’t one

I got 99 problems but a vuln ain’t one by team AusCERT

Image source: screenshot from the music video by JAY-Z performing 99 Problems. (C) 2004 Roc-A-Fella Records, LLC.

Image source: screenshot from the music video by JAY-Z performing 99 Problems. (C) 2004 Roc-A-Fella Records, LLC.

Ninety nine problems but a vuln ain't one
If you’re having cyber problems, I feel bad for your SOC
I got ninety nine problems but a vuln ain't one, hit us!

Okay, cheesy (revised) lyrics aside, I caught up with my colleague Sean McIntyre - Information Security Analyst at AusCERT - to discuss our shared thoughts on the common misconception that cyber criminals are “hooded / masked baddies” and we outlined some ways in which AusCERT, as a not-for-profit security group can help our members and the general public avoid the common pitfalls of falling victim to a cybercrime and/or incident.

Sean, it isn’t unusual for our collective cultural community to think of cyber security in terms of tired clichés and common tropes.

In your opinion, what can we do to help people understand that a cybercriminal and victim could look like anyone, including you and me.

I think it is really important to talk to folks - family, friends, neighbours even - about how cyber-crime isn’t discriminatory, that it can happen to anyone.

I feel it’s great that the media draws attention to cyber related incidents, it helps bring the topic to the mainstream. People relate to examples like Nine Network or domain.com.au.

However, I do think we can do better at the grassroots-level. We should start talking about it with kids in schools etc., avoid making “cyber” a scary topic. I think organisations like eSafety do some good work in this space.

The eSafety Commissioner's office empowers all Australians to have safer, more positive experiences online

You’ve been working at AusCERT for close to 18 months now, in your opinion and observations, what cyber security challenges are the most common in terms of our membership audience?

Personally, my top 3 observed challenges are as follows ...
 

1. Staying on top of the countless advisories, vulnerabilities and CVEs that come through daily.

Identify all of your infrastructure; systems, operating systems, patch levels, appliances, applications.

This may sound elementary, but sometimes the concept of going back to the basics is a great starting point.

Actually, Jess Dodson, one of our keynotes and speakers at the AusCERT2021 conference does a great job of this through her personal website, definitely worth checking out!

Members, once you’ve done this audit, make sure you subscribe to the appropriate AusCERT security bulletins through our member portal function.

AusCERT's unique range of services means we can be your main point of contact when dealing with data security incidents.

AusCERT's unique range of services means we can be your main point of contact when dealing with data security incidents.

2. Identifying Business Email Compromise (BEC) attempts from what can be extremely confusing email headers and what to do from there.

BECs are such a common scam - so much so that the ACCC had recently reported that payment redirection scams, also known as business email compromise (BEC) scams, resulted in $128 million of losses in the year 2020 - see infographic below.

Members, the AusCERT team is always happy to assist with the analysis of phishing email attempts and headers and will contact and assist affected member organisations where a BEC has occurred.

Don’t forget that public agencies such as Scamwatch can also assist.

Targeting scams: report of the ACCC on scam activity 2020

3. Domain impersonation or squatting and brand protection.

This one is a particularly challenging one, as AusCERT would love to help members who find themselves in such cases - however our success in getting websites taken down relies on malicious activity such as phishing or malware delivery being present.

In cases where a brand is being impersonated, registrars and website hosts will request that the owner of the trademark contacts them directly. Abuse contacts can generally be found in the ‘whois’ info of a domain.

Members can always reach out to our team for assistance and we are happy to walk through the necessary steps with them.

We sat down and did one of these sessions at the end of last year, when you and I presented a case study on the AusCERT Incident Management service. Can you reiterate the key take-aways for our readers again?

Of course! For those who haven’t had a read of that piece we did together, definitely check it out on the AusCERT website.

If you’re an AusCERT member, definitely utilise our 24/7 Incident Hotline or email us at auscert@auscert.org.au for any cyber related incidents.

Where possible, implement the “Essential 8” as outlined by the ACSC" *. This protocol provides a baseline for cyber security incident mitigation. Implementing these strategies as a minimum makes it much harder for adversaries to compromise systems.

* Source: ACSC, cyber.gov.au

While no single mitigation strategy is guaranteed to prevent cyber security incidents, organisations are recommended to implement eight essential mitigation strategies as a baseline. This baseline, known as the Essential Eight, makes it much harder for adversaries to compromise systems.

Thanks so much for the chat Sean!

Essential Eight Explained

This article first appeared on the Demystify Cyber blog hosted by Mandy Turner (@empressbat), an award-winning cybercrime specialist who is an avid supporter of AusCERT's work.

It will also be featured on Edition 4 of the Women in Security Magazine by team Source2Create.