Cyber wrap
8 Feb 2017|

Image courtesy of Pixabay user JeongGuHyeok.

Australia and Indonesia have agreed to deepen their cooperation on cyber security issues following the latest meeting of the bilateral Ministerial Council on Law and Security. The joint communique noted the Ministers had agreed to new initiatives including a new Australia–Indonesia Cyber Policy Dialogue later this year, cyber strategy workshops in Australia to share best practice for policy development, and exchanges on lessons learned from the establishment of the Australian Cyber Security Centre to assist the creation of Indonesia’s new cyber security agency. Cyber security has been a sensitive issue between the two countries since the Snowden leaks revealed that Australia had spied on former president Susilo Bambang Yudhoyono, and the new initiatives are a welcome sign of cooperation with a key regional player.

Yesterday Justice Minister Michael Keenan released the 2016 statistics for the Australian Cybercrime Online Reporting Network (ACORN), revealing that there wwere about 44,500 reports of cybercrime in Australia last year. The figures show that Victorians were the biggest victims of cybercrime, and that nearly half of reported incidents related to online fraud and scams. The ACORN report was released on international Safer Internet Day, an initiative that seeks to raise awareness of cyber security and safety issues, with a particular focus on children.

The Australian Signals Directorate has built on the success of its award winning Top 4 mitigation strategies this week, releasing the ‘Essential Eight’ as part of its new Strategies to Mitigate Cyber Security Incidents. ASD considers the eight mitigation measures to be the cyber security baseline for organisations, and additional measures should be adopted based on the risk profile of the organisation. Combined, the eight measures create a defence posture by seeking to prevent malware running on networks, limiting the extent of incidents and aiding the recovery of data. Implementation of the Top 4 is mandatory for Australian government agencies, but it’s not clear if it will be expanded to include the four new essential mitigation measures.

Saudi Arabia and Iran’s ongoing cyber spat has sparked up again as up to 15 Saudi government agencies and companies have been hit by a renewed wave of Shamoon 2 malware. Famously used in 2012 against Saudi Aramco, the virus wipes the data on affected machines. Shamoon 2 emerged late last year and reportedly affected Saudi Arabia’s Civil Aviation Authority. Cyber security firms Symantec and Palo Alto have released analysis that indicates Shamoon 2’s creators have undertaken significant preparatory work to assist its spread. That includes the use of stolen passwords that Palo Alto reported are likely to have been taken through phishing, based on the passwords’ strength.

The second edition of the Tallinn Manual was released this week by the NATO Cooperative Cyber Defense Centre of Excellence (CCDCOE). The manual addresses the application of international law to cyber operations in peacetime or in conflict short of war, following on from the first manual that addressed the law of armed conflict and its application to cyberspace. ICPC is pleased to be hosting the Australian launch of the Tallinn Manual 2.0 on 24 February. Register here if you would like to come along.

And finally, in the news this week, Samoa has launched a five year cyber security strategy, noting the need to protect Samoans and build confidence in the country’s economy. In the UK the Public Accounts Committee has criticised the government’s approach to cyber security. The Committee’s report calls out ‘chaotic’ data breach processes, and lack of action on personnel shortages, and calls for a plan for the new National Cyber Security Centre. In the US, Treasury has already eased some of the sanctions imposed on the Russian Federal Security Service (FSB) in response to malicious Russian cyber activities including attempting to influence the 2016 US election. The changes specifically ease the restrictions on the supply of IT products to the FSB. Also in the US, a court has issued an order to Google to retrieve information from a foreign server, reversing the precedent set by an earlier case involving Microsoft in which the court ruled data stored overseas was beyond the reach of a US warrant. In darker places, a vigilante has brought down about one fifth of the ‘Dark Web’. The unknown actor hacked Tor hosting service Freedom Hosting II because they believed the company was knowingly hoisting large child pornography sited. And here is an interesting account of how Google fought the massive DDoS on KrebsOnSecurity last September.