Quarter 1, 2021

Membership matters at AusCERT

By Laura Jiew

As reported in the following AusCERT Year in Review 2020 piece, AusCERT is currently made up of 605 member organisations comprising several tiers of membership levels (small to enterprise).

Members are grouped into defined Australian and New Zealand Standard Industrial Classification categories and the top 3 industries represented by our members are from the following sectors: 

1. Education & Training
2. Financial & Insurance Services
3. Public Administration & Safety.

This Q1, 2021 report provides an overview of the cyber security incidents reported by members, from 1 Jan - 31 March 2021 and includes a summary of other key achievements this quarter. 

INCIDENT MANAGEMENT

AusCERT’s Incident Management Service (sometimes referred to as incident response) includes incident coordination and incident handling, both of which are standard inclusions as part of AusCERT’s membership services. As a 24/7 membership benefit, it is perhaps AusCERT's most focal service offering.

The above table is the statistics of incidents that were reported by members and acted on by our analyst team.

Overall, AusCERT serviced 583 tickets which resulted in an average of approximately 9 tickets per each business day of operation in Q1, 2021.

AusCERT members can utilise AusCERT’s considerably large overseas and local contact networks for removal of phishing and malware sites.

SECURITY BULLETINS

AusCERT distributes security advisories and bulletins to its members by email and publishes a portion of them to its public website. Bulletins are published in a standardised format with a consistent approach to classifications of vulnerabilities, impacts and affected operating systems.

In Q1, 2021 a total of 1188 External Security Bulletins (ESBs) and 64 AusCERT Security Bulletins (ASBs) were published.

AusCERT members receive consistent security bulletins across a wide range of vendors, enabling the practice of streamlined security patching.

AusCERT analysts specialise in vulnerability research to deliver members a consistently formatted feed of bulletins across major platforms and vendors.

MEMBER SECURITY INCIDENT NOTIFICATIONS (MSINs)

AusCERT members benefit from its considerably large overseas and local threat intelligence feeds with respect to incidents that have been detected by other parties but concern the members.

There are several categories of incidents and this service has been running for members for several years. These notifications are a mix of Indicators of Vulnerabilities (IoV) and Indicators of Compromise (IoC).

These customised security reports contain notifications for organisations’ domains and IP ranges.

AusCERT MSINs are customised for each members’ organisation, based on their IPs and domains.

MEMBER ENGAGEMENT INITIATIVES

Communications

Q1, 2021 kicked off with the release of our 2021 strategy. In mid January, the team provided a widely circulated QuoVadis assistance statement (NB. The AusCERT Digital Certificate Service will be de-commissioned in December 2021)

In early February, news broke regarding an internationally coordinated action against Emotet, known as the "world's most dangerous malware". AusCERT wrote an opinion piece about it here. We also encouraged folks to "start the chat" to mark Safer Internet Day 2021.

By March, our sector witnessed a mass exploitation of multiple 0-day Microsoft Exchange vulnerabilities by HAFNIUM, a group assessed to be state-sponsored and operating out of China, based on observed victimology, tactics and procedures. These vulnerabilities are now better known as ProxyLogon and we summarised our team's incident response initiatives through the following article.

Events

Q1, 2021 kicked off with the AusCERT team joining forces with Digital Shadows on a webinar discussing the topic of "Automation when you can't automate - the human process journey"

In March, AusCERT was a sponsor partner of the Human Layer Summit with Tessian.

And last but not least, Q1, 2021 also marked the return of AusCERT to its first in-person event post Covid-19 event in the form of BrisSEC21, AISA's annual Brisbane chapter event.

TopBuilt with Shorthand