ACCC welcomes funding

The Australian Competition and Consumer Commission (ACCC) has expressed its support for the establishment of the National Anti-Scam Centre (NASC) by the Australian Government. The recently announced budget allocated $US58 million to the ACCC for the setup of the NASC over the next two years.

The funding will be used to develop the necessary technology infrastructure for high-frequency data sharing with various agencies, law enforcement, and the private sector. The goal is to make Australia a more difficult target for scammers. The NASC will bring together expertise and resources to disrupt scammers’ contact with Australians, raise consumer awareness about avoiding scams, and connect scam victims with appropriate services.

By sharing scam reports and implementing other initiatives, the NASC will provide valuable insights to the finance, telecommunications, and digital platforms sectors, enabling them to take timely and effective measures to prevent scams. The NASC will be phased in from July 1, 2023, with the development of data-sharing technology taking place over the next three years.

Additionally, the NASC will establish fusion cells to coordinate efforts between the government and the private sector to combat specific scam activities more effectively. This enhanced coordination and focus will help target anti-scam activities and reduce losses to scams.

During its initial year of operation, the NASC will collaborate closely with the Australian Securities and Investments Commission (ASIC) to deliver a scam website takedown service and support the Australian Communications and Media Authority (ACMA) in combating telecommunications scams.

The ACCC welcomes the government’s commitment to introducing an SMS Sender ID register, similar to Singapore’s, which will aid in disrupting impersonation scams and help consumers verify the authenticity of text messages.

While these steps are positive in the fight against scams, the ACCC emphasizes the need for effective cross-industry standards to prevent scammers from exploiting weak links. The ACCC has been consulting on the future work of the NASC since receiving seed funding in October 2022, with the aim of better protecting consumers from scams through increased coordination across government, finance and telecommunications sectors, and digital platforms.

Tags: ACCCAnti-scamNASC

The post Establishing a National anti-scam centre appeared first on CIO Tech Asia.

The government is making new investments that align with their vision

The Australian Government has allocated an additional $US630 million to the Department of Home Affairs and the Australian Border Force to enhance Australia’s migration program and strengthen border and national security measures. These investments align with the government’s vision of a targeted and simplified migration system that serves the national interests and facilitates the integration of migrants into society and the economy. The key measures included in this investment are as follows:

Migration Program and Settlement Services: Approximately 70 per cent of places in the 2023-24 Permanent Migration Program will be allocated to the Skill stream to address skills shortages. Partner and child visas will continue to be demand driven. Efforts to address domestic skill deficits will be complemented by education, training, and sectoral reforms.

Temporary Skilled Migration Income Threshold (TSMIT): The TSMIT, which has been frozen for a decade, will be raised from $US53,900 to $US70,000 starting from July 1. This aims to eliminate wage suppression for both migrant and Australian workers.

Post-Study Work Rights: Temporary Graduate visa holders with select degrees will receive an additional two years of post-study work rights. This initiative aims to enhance the availability of skilled labour in key sectors.

Visa Processing and ICT Systems: An additional $US48.1 million will be allocated to support 500 visa processing officers, contributing to the management of visa applications. Furthermore, $US27.8 million will be invested in upgrading existing visa ICT systems to improve efficiency in visa service delivery and enhance Australia’s appeal to global talent, students, and tourists.

Youth Transition Support: $US9.1 million will be provided over 12 months to ensure the continuation of Youth Transition Support services. These services aim to improve employment, education, and social connections for refugees and vulnerable migrants aged 15 to 25.

Border Security: Additional funding will be allocated over the next two years to safeguard Australia’s borders. This includes maintaining the Airline Liaison Officer Program in the offshore network to deter and disrupt irregular travel. Furthermore, an initial investment of $US17.9 million in 2023-24 will be made to ensure the safety and global competitiveness of Western Sydney International Airport.

Critical Infrastructure and Systems of National Significance: $US19.5 million will be invested in managing threats to Australia’s critical infrastructure, enhancing security, and strengthening the resilience of systems and assets crucial to the nation’s functioning.

National Office for Cyber Security: In support of the establishment of a National Cyber Security Coordinator, the government will invest $US46.5 million over the next four years. This funding will facilitate leadership and coordination across the Australian Public Service in responding to major cyber security incidents. The National Office for Cyber Security will be established, and staff from the Department of Home Affairs will be assigned to bolster government information technology security.

Trade Modernisation: An allocation of $US8.0 million for 2023-24 will enable the Australian Border Force and Home Affairs to continue implementing whole-of-government reforms under the Simplified Trade System agenda. These reforms aim to diversify trade, improve supply chain productivity and resilience, and maintain effective border controls and community protection.

Tags: Australian GovernmentMinistry of home affairs

The post A safer and more secure future for Australia appeared first on CIO Tech Asia.

Tool used by Russia’s Federal Security Service

The Australian Cyber Security Centre has released a Joint Cybersecurity Advisory with its international partners on the Snake implant. The Snake implant is a sophisticated cyber espionage tool designed and used by Center 16 of Russia’s Federal Security Service for long-term intelligence collection on sensitive targets.

The Australian Cyber Security Centre has identified Snake infrastructure in over 50 countries; its targeting is purposeful and tactical, designed to collect intelligence from high-priority targets, such as government networks, research facilities, and journalists.

This Cybersecurity Advisory provides background on Snake’s attribution and detailed descriptions of the implant’s host architecture and network communications.

The technical information and mitigation recommendations provided are designed to assist network defenders in detecting Snake and associated activity. The Snake implant is considered the most sophisticated cyber espionage tool developed and used by Center 16 of Russia’s Federal Security Service (FSB) for long-term intelligence collection on sensitive targets.

To conduct operations using this tool, the FSB created a covert peer-to-peer (P2P) network of numerous Snake-infected computers worldwide. Many systems in this P2P network serve as relay nodes that route disguised operational traffic to and from Snake implants on the FSB’s ultimate targets.

Snake’s custom communications protocols employ encryption and fragmentation for confidentiality and are designed to hamper detection and collection efforts. We have identified Snake infrastructure in over 50 countries across North America, South America, Europe, Africa, Asia, and Australia, including the United States and Russia. Although Snake uses infrastructure across all industries, its targeting is purposeful and tactical.

Globally, the FSB has used Snake to collect sensitive intelligence from high-priority targets, such as government networks, research facilities, and journalists.

As one example, FSB actors used Snake to access and exfiltrate sensitive international relations documents and other diplomatic communications from a victim in a North Atlantic Treaty Organization (NATO) country.

The FSB has victimised industries within the United States, including education, small businesses, media organisations, and critical infrastructure sectors, including government facilities, financial services, critical manufacturing, and communications.

This Cybersecurity Advisory (CSA) provides background on Snake’s attribution to the FSB and detailed technical descriptions of the implant’s host architecture and network communications. This CSA also addresses a recent Snake variant that has not yet been widely disclosed.

The technical information and mitigation recommendations in this CSA are provided to assist network defenders in detecting Snake and associated activity.

For more information on FSB and Russian state-sponsored cyber activity, please see the joint advisory Russian State-Sponsored and Criminal Cyber Threats to Critical Infrastructure and CISA’s Russia Cyber Threat Overview and Advisories webpage. Introduction What is Snake? We consider Snake the most sophisticated cyber espionage tool in the FSB’s arsenal.

The sophistication of Snake stems from three principal areas. First, Snake employs means to achieve a rare level of stealth in its host components and network communications. Second, Snake’s internal technical architecture easily incorporates new or replacement components.

This design also facilitates the development and interoperability of Snake instances running on different host operating systems. We have observed interoperable Snake implants for Windows, MacOS, and Linux operating systems. Lastly, Snake demonstrates careful software engineering design and implementation, with the implant containing surprisingly few bugs, given its complexity.

Following open-source reporting by cybersecurity and threat intelligence companies on Snake tactics, techniques, and procedures (TTPs), the FSB implemented new techniques to evade detection. The modifications to the implant enhanced challenges in identifying and collecting Snake and related artifacts, directly hampering detection from both host- and network-based defensive tools.

The effectiveness of this type of cyber espionage implant depends entirely on its long-term stealth since the objective of an extended espionage operation involves remaining on the target for months or years to provide consistent access to important intelligence. The uniquely sophisticated aspects of Snake represent a significant effort by the FSB over many years to enable this type of covert access.

The FSB began developing Snake as “Uroburos” in late 2003. Development of the initial versions of the implant appeared to be completed around early 2004, with cyber operations first conducted using the implant shortly after that.

The name Uroburos is appropriate, as the FSB cycled it through nearly constant stages of upgrade and redevelopment, even after public disclosures, instead of abandoning it. The name appears throughout early versions of the code, and the FSB developers also left other unique strings, including “Ur0bUr()sGoTyOu#”, which have publicly returned to haunt them.

Unique features in early versions of Uroburos included a low-resolution image of a portion of a historical illustration of an Uroboros by the German philosopher and theologian Jakob Böhme. One approach to a tertiary backdoor used this image as the key. The same image had also been embedded in other Snake-related components. The image, blown up to a higher resolution, is shown right.

In addition, early FSB developers of the Snake implant left portions of unique code throughout the implant, which revealed inside jokes, personal interests, and taunts directed at security researchers. For instance, the “Ur0bUr()sGoTyOu#” string referenced above was replaced with “gLASs D1cK” in 2014 following some of the public cybersecurity reporting.

Snake operations have been attributed to an available unit within Center 16 of the FSB. This unit more broadly operates the numerous elements of the Turla2 toolset and has subunits spread throughout Russia reflecting historical KGB signals intelligence operations in the Soviet Union.

Snake has been a core component of this unit’s operations for almost as long as Center 16 has been part of the FSB.3 The extensive influence of Snake across the Turla toolset demonstrates its impact on practically every aspect of the unit’s modern era of cyber operations. Daily operations using Snake have been carried out from an FSB facility in Ryazan, Russia, with an increase in Snake activity during FSB working hours in Ryazan, approximately 7:00 AM to 8:00 PM, Moscow Standard Time (GMT+3).

The leading developers were Ryazan-based FSB officers known by monikers included in the code of some versions of Snake. In addition to developing Snake, Ryazan-based FSB officers used it to conduct worldwide operations; these operations differed from others launched from Moscow or other FSB sites based on infrastructure and techniques. While the development and re-tooling of Snake have historically been done by Ryazan-based FSB officers, Snake operations were also launched from an FSB Center 16-occupied building in Moscow.

According to the ACSC, the investigations have identified examples of FSB operators using Snake to their full potential and FSB operators who appeared unfamiliar with Snake’s more advanced capabilities. These observations illustrate the difficulty in using such an advanced toolset across the various geographically dispersed teams comprising this unit within FSB Center 16.

ACSC has been collectively investigating Snake and Snake-related tools for almost 20 years, and other operations by this unit since the 1990s. During that time, the FSB has used Snake in many different operations. They have demonstrated the value placed in this tool by making numerous adjustments and revisions to keep it viable after repeated public disclosures and other mitigations.

Snake’s code and multiple Snake-related tools have been either a starting point or a key influence factor for a diverse range of other highly prolific implants and operational tools in the Turla family. Most notably, this has included Carbon (aka Cobra)—derived from Snake’s code base—and the similarly Snake-adjacent implant Chinch (currently known in open sources as ComRAT).

ACSC has identified Snake infrastructure in over 50 countries across North America, South America, Europe, Africa, Asia, and Australia, including the United States and Russia. Although Snake leverages infrastructure across all industries, its targeting is purposeful and tactical. For instance, if an infected system did not respond to Snake communications, the FSB actors would strategically re-infect it within days.

Globally, the FSB has used Snake to collect sensitive intelligence from high-priority targets, such as government networks, research facilities, and journalists. As one example, FSB actors used Snake to access and exfiltrate sensitive international relations documents and other diplomatic communications from a victim in a NATO country.

Within the United States, the FSB has victimised industries, including education, small businesses, media organisations, and critical infrastructure sectors, including government facilities, financial services, critical manufacturing, and communications. Other Tools and TTPs Employed with Snake The FSB typically deploys Snake to external-facing infrastructure nodes on a network and, from there, uses other tools and TTPs on the internal network to conduct additional exploitation operations.

Upon gaining and cementing ingress into a target network, the FSB typically enumerates the network and works to obtain administrator credentials and access domain controllers. Various mechanisms have been employed to gather user and administrator credentials to expand laterally across the network, including keyloggers, network sniffers, and open-source tools.

Typically, after FSB operators map out a network and obtain administrator credentials for various domains in the network, regular collection operations begin. In most instances with Snake, further heavyweight implants are not deployed, and they rely on credentials and lightweight remote-access tools internally within a network. FSB operators sometimes deploy a small remote reverse shell and Snake to enable interactive operations.

This triggerable reverse shell, which the FSB has used for around 20 years, can be used as a backup access vector or to maintain a minimal presence in a network and avoid detection while moving laterally.

Snake Architecture Snake’s architectural design reflects professional software engineering practices. Critical pathways within the implant are stacks of loosely coupled components that implement well-designed interfaces. In addition to facilitating software development and debugging, this construction allows Snake to use multiple components for the same purpose, choosing the specific component based on environmental considerations.

For example, Snake’s custom network communications protocols function as a stack. All implementations use encryption and transport layers, such as Snake’s custom HTTP or raw TCP socket protocol. Each Snake network protocol stack layer solely implements a specified interface for operability with the two adjacent layers.

The encryption layer and underlying transport layer thus function independently, so any custom Snake network protocol can employ an encryption overlay without any change to the encryption layer code.[4] This modularity allows Snake operators to choose the most logical network transport for the given environment without affecting Snake’s other functionality.

When using a compromised HTTP server as part of the Snake P2P network, the operators can ensure that all traffic to this machine follows the Snake custom HTTP protocol and blends effectively with legitimate traffic.

In the context of a compromised machine that legitimately allows secure shell (SSH) connections, Snake can utilise its custom raw TCP socket protocol instead of its custom HTTP protocol. All other layers of the Snake protocol stack, from the immediately adjacent transport encryption layer to the distant command processing layer, can and do remain entirely agnostic to the transport layer as long as it implements its interface correctly.

This architecture also allows the Snake developers to easily substitute a new communications protocol when they believe one has been compromised without necessitating any downstream changes in the code base.

Lastly, this design facilitates the development of fully interoperable Snake implants running on different host operating systems. Snake’s technical sophistication extends from the software architecture to lower-level software implementation.

Original versions of Snake were developed as early as 2003 before many of the modern programming languages and frameworks that facilitate this type of modular development were available. Snake is written entirely in C, which provides significant advantages in low-level control and efficiency but does not provide direct support for objects or interfaces at the language level and provides no assistance with memory management.

The developers of Snake successfully implemented the implant’s complex design in C with very few bugs, including careful avoidance of the common pitfalls associated with null-terminated strings and the mixing of signed and unsigned integers. Additionally, the developers demonstrate an understanding of computer science principles throughout the implant’s implementation.

This includes selecting and correctly coding asymptotically optimal algorithms, designing and utilising efficient custom encoding methodologies that closely resemble common encoding schemes, and securely handling the numerous possible errors associated with systems-level programming. Capitalising on Mistakes Although the Snake implant is a highly sophisticated espionage tool, it does not escape human error.

A tool like Snake requires more familiarity and expertise to use correctly, and in several instances, Snake operators should have used it more effectively. Various mistakes in its development and operation provided us with a foothold into the inner workings of Snake. They were key factors in developing capabilities that have allowed for tracking Snake and manipulating its data.

The FSB used the OpenSSL library to handle its Diffie-Hellman key exchange. The Diffie-Hellman key set created by Snake during the key exchange needs to be longer to be secure. The FSB provided the function DH_generate_parameters with a prime length of only 128 bits, which is inadequate for asymmetric key systems.

Also, in some instances of what appeared to be rushed deployments of Snake, the operators should have stripped the Snake binary. This led to the discovery of numerous function names, cleartext strings, and developer comments, as seen in the following figure.

Tags: ACSCRussia

The post ACSC issues joint Advisory on Russian ‘Snake’ Cyber Espionage Tool” appeared first on CIO Tech Asia.

The funding will also help protect Australia’s critical infrastructure sectors

The Australian Government has committed $US1 billion in funding for cyber security and energy transition in the 2023 budget, focusing on addressing the skills gap in the cyber security sector and accelerating the country’s growth to a net-zero emissions economy.

The budget includes $US300 million for fee-free TAFE spots in emerging sectors, including cyber security. This investment is aimed at raising the cyber posture of governments and enterprises to meet the current challenges faced by the industry.

The funding will also help protect Australia’s critical infrastructure sectors and the digital economy.

In addition, the Government has committed to implementing the reforms detailed in the Defence Strategic Update (DSR), highlighting the importance of cyber security to national security and defence capabilities. The DSR also emphasises growing a sovereign industry to support cyber security efforts.

Adrian Tudehope, the CEO of Macquarie Government, has praised the Government’s commitment to cyber security and the measures outlined in the budget.

“Effective cyber security is critical to the success of any digital business, and the government’s investment in fee-free TAFE spots for emerging sectors, including cyber security, is a welcome step towards addressing the skills gap in the sector,” Tudehope said.

He also praised the Government’s commitment to implementing the reforms detailed in the DSR, stating that it will help strengthen Australia’s national security and defence capabilities.

“The cyber security landscape is constantly evolving, and it is essential that we have the right skills and capabilities to protect our critical infrastructure and digital economy. The Government’s commitment to growing a sovereign industry to support cyber security efforts will help to ensure that we are well-positioned to face the challenges ahead,” Tudehope added.

Overall, Tudehope believes that the Government’s investment in cyber security and energy transition is a positive step towards building a stronger and more resilient Australia.The budget includes $US310 million for a Small Business Energy Incentive, encouraging small businesses to invest in energy efficiency measures. However, some experts have criticised the measure, stating that most small businesses need spare cash to spend on non-core items in the current economic climate.

Huon Hoogesteger, Managing Director of Australian solar company Smart Commercial Solar, has welcomed the budget.

Hoogesteger has praised the Government’s commitment to energy transition and the establishment of a National Net Zero Authority, which he believes will help to re-skill workers and support the move away from coal-fired power stations.

He also welcomed the further $US20.9 million in funding for transport and infrastructure decarbonisation, recommending that funding be used to remove red tape for things like crossing boundaries.

Overall, the Government’s investment in cyber security and energy transition has been praised for its focus on addressing the country’s critical challenges.

With the support of these initiatives, Australia will be better equipped to face the growing threats in the cyber domain and accelerate its transition to a more sustainable future.

Tags: Australian GovernmentPrnasia

The post Australian Government Commits $US1B to Cyber Security and Energy Transition appeared first on CIO Tech Asia.

ASCA will be a key element of the Defence innovation, science, and technology program

The Albanese Government is transforming Australia’s defence innovation ecosystem to deliver the advanced technologies urgently needed for Australia’s national security.

The Government will invest $US3.4 billion over the next decade to establish the Advanced Strategic Capabilities Accelerator (ASCA). This is an additional $US591 million above current planned spending on defence innovation.

Australia has lost the ten-year warning time. The Defence Strategic Review concluded that we need more effective support for innovation, faster acquisition and better links between Defence and industry to deliver the capabilities the Australian Defence Force (ADF) needs.

ASCA will be a key element of the Defence innovation, science, and technology program. Priorities for the program are hypersonics, directed energy, trusted autonomy, quantum technology, information warfare and long-range fires.

It will focus on defined missions, solving the most relevant technical issues, and taking a more flexible and agile approach to procurement. This will ensure game-changing ideas are developed into capabilities that give the ADF an asymmetric advantage.

This is the most significant reshaping of defence innovation in decades that will deliver vital capabilities for the ADF, as well as create more jobs in the Australian defence industry commercialising the technologies. It will support innovative Australian solutions to the challenges we face.

ASCA will be guided by senior levels in Defence, the Vice Chief of the Defence Force, the Chief Defence Scientist and the Deputy Secretary, Capability Acquisition and Sustainment Group. This will allow it to be up and running quickly by 1 July 2023, with a phased start up over the first 18 months to develop, test and refine the operating model.

It will replace the Defence Innovation Hub and Next Generation Technologies Fund, which the Defence Strategic Review identified are no longer fit for purpose in Australia’s current strategic environment.

Quotes attributable to Deputy Prime Minister and Defence Minister, Richard Marles:

“At the heart of government’s ability to reshape the ADF for the strategic circumstances we face is ensuring we have the capabilities to do so.”

“The Defence Strategic Review makes clear that Australia must invest in the transition to new and innovative technologies for our Defence Force. This is precisely what the Advanced Strategic Capabilities Accelerator will deliver.”

“Central to this will be our ongoing work to operationalise Pillar Two of the AUKUS agreement, which seeks to develop and provide capabilities such as undersea warfare and hypersonics for Australia, the United Kingdom and the United States.”

“Together, these investments will contribute to Australia’s defence industrial base and build on the already strong cooperation with our international partners.”

Quotes attributable to Minister for Defence Industry, Pat Conroy:

“Our strategic circumstances require us to adapt our approach to innovation. The Advanced Strategic Capabilities Accelerator will lead the way in agile delivery of capability solutions to the Australian Defence Force.”

“The Government’s commitment to supporting innovation – in partnership with Australian industry and research organisations – is at the heart of our nation’s response to the challenges we face.”

“Delivering emerging disruptive technologies into the hands of the war fighter is critical. ASCA will respond to our highest priorities, bringing essential capabilities to our forces at the speed of relevance.”

“Innovation must translate into acquisition, and the Defence Accelerator will address the very real and urgent need to turn emerging technologies into game-changing capabilities. Linking technology development to speedy acquisition will also create many more jobs in the Australian defence industry.”

Tags: ASCAAustralian Defence Force

The post AU Government announces reshaping of defence innovation appeared first on CIO Tech Asia.

Macquarie Government welcomes enhanced cyber focus

Macquarie Government, part of Macquarie Telecom Group, has welcomed the Albanese Government’s release of the public version of the Defence Strategic Review (DSR) as the strongest indication yet of the importance of cybersecurity to Government and Defence capabilities.

The DSR, to which Macquarie contributed a detailed submission during public consultation, sets the agenda for ambitious, but necessary, reform to Defence’s posture and structure. The DSR notably places strong emphasis on cybersecurity as an important defensive and offensive capability within Defence, and hints at a new commitment by the Albanese Government to grow Australia’s sovereign industrial capability through the DSR’s updated uplift programs. Macquarie Government Managing Director Aidan Tudehope said, “the new regional strategic environment articulated in the DSR underscores the need to include cybersecurity in the Defence reform agenda given its horizontal effect across all five military domains, notwithstanding to Australia’s critical infrastructure and systems of national significance.

“Cyber is a form of power projection which can be used in advance of kinetic attacks, or to cripple critical national infrastructure. It is also a tool of statecraft that is used for coercion, as the DSR has rightly called out. To unilaterally deter offensive military action against Australia’s forces, and to protect Australia’s social and economic interests, high level cyber capability and the digital infrastructure that supports it, must be fundamental to Defence capability.

“The Prime Minister has rightly called out the ‘need to have greater control over our national sovereignty’,” said Tudehope. “In this context it’s important to call out local industries that are directly supporting Defence, including cyber security, ICT, and space. When these sectors are strong Australia is less vulnerable to global supply chain challenges and less reliant on our allies and partners for enabling capabilities during conflict.”

Macquarie also welcomed the recommendation for a biennial National Defence Strategy, particularly given the speed at which cyber threats continue to evolve. Macquarie’s cyber engineers now monitor between seven and eight billion cyber events every day, protecting nearly half of federal government agency personnel from cyberattacks.

Tudehope applauded the government’s recommendation to reform Defence capability procurement; specifically, to focus on ‘delivering timely and relevant capability’ and move away from ‘project management risk’ towards ‘strategic risk management’.

“This guidance will help Defence achieve the right balance of local-ally-partner capabilities to support the ADF war fighter. A balance that will ensure Australia is a capability contributor to AUKUS and not solely a capability consumer,” he said.

In conclusion, Tudehope said the DSR presents an opportunity for the Government and Defence to be bold in uplifting Australia’s sovereign industrial capability, and that doing so will provide national resilience through robust cyber security, data networks, and space capabilities with capacity to scale, just as the DSR calls for.

“The Defence Strategic Review has rightly articulated both the threat and the opportunity,” he said.

“We have, through the DSR, the opportunity for Australian primes to grow and thrive in partnership with our international partners, bolstering Australia’s security, creating jobs, and ensuring scientific and technological prowess that will improve knowledge, innovation and expertise for decades to come.”

Tags: Albanese governmentMacquarie

The post Macquarie defence strategic review appeared first on CIO Tech Asia.

First-ever ops revealed to industry

In line with the theme for this year’s RSA Conference, Stronger Together, Eric Goldstein, Executive Assistant Director for Cybersecurity, Cybersecurity, and Infrastructure Security Agency (CISA), and U.S. Army Maj. Gen. William J. Hartman, U.S. Cyber Command’s Cyber National Mission Force commander, delivered a presentation on the importance of partnership in defending America’s critical infrastructure while holding malicious cyber actors accountable.

Goldstein and Hartman shared newly declassified details of interagency responses to cyber-attacks from nation-state actors and cybercriminals, including how CNMF shares information from foreign operations to enable CISA’s domestic defensive mission. They also discussed how CISA shares information from domestic cyber incidents to enable CNMF’s operations to impose costs on foreign malicious cyber actors. Goldstein and Hartman discussed case studies, including the “SolarWinds” campaign, the mitigation of Chinese hacking of Microsoft Exchange, the disruption of Iranian targeting of an election reporting website, and ongoing data-sharing from cybercriminal targeting of federal agencies and educational institutions to enable CNMF operations.

“As our nation’s cyber defence agency, CISA recognizes that we must leverage all tools and capabilities to increase costs against our adversaries. Our work with CNMF enables us to not only more effectively defend our nation’s critical infrastructure from cyberattacks but also clearly demonstrate to our adversaries that there is a price to pay if you decide to attack American infrastructure,” said CISA EAD Goldstein. “Our presentation demonstrated for the first time how this partnership yields real-world operational benefits and how we rely upon collaboration with, and incident reporting from, the private sector to catalyse this work.”

Describing cybersecurity as a team sport, Goldstein and Hartman discussed how sharing expertise and insights bolster collective defence to meet national security objectives.

“On a daily basis, CNMF and CISA work side by side,” Hartman said. “We are collaborating on two things: what information does CISA have relevant to the DoD that allows us to disrupt an ongoing or prevent a future attack on the United States…and what threats are we seeing while we are executing operations that are relevant to the threats CISA sees in the United States.”

Both agencies prioritize efforts to secure and protect the nation’s election infrastructure.

Hartman and Goldstein described an operation in advance of the 2020 elections in which CNMF identified a compromise of an election reporting website which an Iranian actor, referred to by industry as PIONEERKITTEN, had access. CNMF immediately tipped CISA and then took action to mitigate the adversary’s access so it could not impact the reported results.

“There is no more important mission than ensuring there is a safe and secure election from foreign influence and interference,” said Hartman.

“There was no impact to election infrastructure, no impact to voting systems, no impact to the free and fair conduct of the election,” Goldstein said. “This is a case where we had an adversary with the potential intent to take action relating to an election, and we were able to effectively get in front of that activity.”

Goldstein also described several cases where CISA proactively identified potential intrusions targeting federal agencies and organizations in the educational sector and rapidly tipped CNMF with actionable information to take action against the malicious actor. In these cases, CISA’s incident response activities conducted in close coordination with CNMF’s operations against the adversary materially reduced impacts on the victims’ network.

“The maturation in this relationship in the last few years is impressive… and it happens in real-time and every day,” said Hartman. “It has become a significant driver for our mission and really a credit to CISA’s forward-looking approach to push information that is relevant to our foreign-focused mission so that we can rapidly make use of.”

The CNMF mission is broad, continuous, joint, and enduring in the combat against foreign malicious cyber actors. As the nation’s cyber defence agency, CISA provides guidance, services, and support help organizations prepare for, respond to, and mitigate the impact of cyber-attacks. Together, and in collaboration with partners across government and the private sector, we can make our nation more secure and resilient.

Tags: CISACNMF

The post CISA leaders share how they partner appeared first on CIO Tech Asia.

The technologies associated with the AUKUS pact have significant potential

Following the news that New Zealand expressed its willingness in joining the non-nuclear ‘pillar two’ of the AUKUS agreement that involves working on several emerging technologies.

Harshavardhan Dabbiru, Defence Analyst at GlobalData, a leading data and analytics company, offers his view:

“The technologies associated with the AUKUS pact have significant potential to enhance the defence capabilities of the New Zealand in a range of emerging military technologies. The development and manufacturing capabilities acquired as part of the cooperation may also assist the country in the development of sub-systems like C4ISR and Underwater Warfare Systems (UWS). According to GlobalData estimates, the New Zealand is likely to spend $US452.8 million on C4ISR systems and $US140.9 million on UWS over 2022-2032.

“According to the New Zealand Ministry of Defence, the country spends about 30 per cent of its capital expenditure on local suppliers, and hence the development of indigenous manufacturing capabilities in emerging technologies will enhance the participation of local suppliers in domestic programs with a potential to export such technologies to allies.

“Although the New Zealand maintains its stand towards its nuclear-free policy, the country said that it is open to cooperating with the AUKUS members in the areas of several emerging technologies such as artificial intelligence, quantum computing, and advanced information technology. From a strategic perspective, this could be seen as a pragmatic move from the country to enhance regional security and its own defence capabilities.

“Despite the initial concerns about the implications of the agreement in relation to nuclear weapons and the potential for a nuclear arms race in the region, the New Zealand is now taking a forward-looking approach to the regional security challenges and strengthening ties with its key ally Australia and other global military powerhouses active in the Indo-Pacific, a region which is increasingly becoming unstable in the wake of the growing territorial and maritime disputes.”

Tags: AUKUSGlobalDataNZ

The post New Zealand potential involvement in AUKUS agreement appeared first on CIO Tech Asia.

Yearlong programme with Science Centre Singapore to kick off on World DNA Day

Illumina Singapore, subsidiary of Illumina Inc today announced an inaugural partnership with the Science Centre Board to inspire 2,800 students through the power of genomics.

“The future of our Mission to improve human health is reliant on nurturing and equipping our future generations. We aim to inspire our youth to pursue STEM careers, support educators to bring genomics into the classroom, and remove barriers for under resourced groups,” said Sharon Vidal, Global Lead Corporate Social Responsibility, Illumina.

The yearlong initiative begins with 2,500 primary and secondary students attending the DNA themed sessions at the Science Centre to learn about DNA and life sciences through hands-on DNA extraction experiments on fruits and other living organisms.

“At Science Centre, we believe that everyone should have equal access to STEM education and exploration. Hence, we are heartened to partner Illumina to offer exciting and informative programmes to underserved communities as we celebrate our DNA Learning Lab’s 20th anniversary. Through initiatives like The Future is Bright, we are delivering programmes on DNA extraction to schools, the underserved, and the public,” said Associate Professor Lim Tit Meng, Chief Executive, Science Centre Board.

“Through this partnership, we will continue to engage the underserved communities so they can participate in the various science workshops and programmes we offer such as BrainFest and UNTAME. We want to empower students to explore the world of STEM and inspire the next generation of leaders. Together, we will ensure that all individuals can discover the wonders of science and technology,” said Lim Tit Meng.

STEM learning sessions will also be conducted for students from charity organizations and selected schools to grow their interest in life sciences and learn about different careers in the STEM sector.

Later in the year 300 students from underserved communities such as low-income families, at-risk youth and/or from social assistance programs will have the opportunity to take part in “STEM is FUN-tastic”, a four-part series to grow and deepen their interest in different areas of STEM.

“In celebration of DNA Day each year, we host the “Future Is Bright,” a genomic literacy initiative that takes place over spring. Illumina employees connect with students by hosting career panels, implementing genomics curriculum, and leading hands-on experiments. This learning opportunity ties together genomic research, education, and community impact,” Ms Vidal said.

Illumina is expanding its Future is Bright program in APAC in 2023 by more than doubling its outreach to close to 5,000 students, from 1,400 in 2022. Future is Bright is Illumina’s flagship program that seeks to increase equitable access to STEM education for all. Last year, the program reached more than 90,000 learners, 1,600 community partners and 130 events with 1,500 employee volunteer hours. Illumina aims to reach five million STEM learners by 2030 globally.

Tags: PrnasiaSingaporeSTEM

The post Singaporean students to benefit from new STEM Partnership appeared first on CIO Tech Asia.

Scammers steal over $USUS3bn from Australians

The latest Targeting Scams report has revealed Australians lost a record $US3.1 billion to scams in 2022, as government, law enforcement and the private sector look to improve collaborative efforts to support the community in the fight against scams.  This is an 80 per cent increase on total losses recorded in 2021.

The report compiles data reported to the ACCC’s Scamwatch, ReportCyber, the Australian Financial Crimes Exchange (AFCX), IDCARE and other government agencies.

It shows that investment scams were the highest loss category ($US1.5 billion), followed by remote access scams ($US229 million) and payment redirection scams ($US224 million).

“Australians lost more money to scams than ever before in 2022, but the true cost of scams is much more than a dollar figure as they also cause emotional distress to victims, their families and businesses,” ACCC Deputy Chair Catriona Lowe said.

“As scammers become increasingly sophisticated in their tactics, it is clear a co-ordinated response across government, law enforcement and the private sector is essential to combat scams more effectively.”

“That’s why we continue to lend our expertise and support to prepare for the establishment of the Government’s National Anti-Scam Centre, with the ultimate aim of making Australia the hardest target for scammers,” Lowe said.

Reports to Scamwatch

Scamwatch received 239,237 scam reports last year, a 16.5 per cent drop on the number of reports received in 2021.

However, financial losses reported to Scamwatch in 2022 totalled more than $US569 million, a 76 per cent increase compared to losses reported in the previous year.

Despite fewer reports to Scamwatch, losses experienced by each victim rose by more than 50 per cent last year, to an average of almost $US20,000.

This is due, in part, to scammers using new technology to lure and deceive victims.

“Scammers evolve quickly and unfortunately, many Australians are losing their life savings,” Lowe said.

“We have seen alarming new tactics emerge which make scams incredibly difficult to detect. This includes everything from impersonating official phone numbers, email addresses and websites of legitimate organisations to scam texts that appear in the same conversation thread as genuine messages. This means now more than ever; anyone can fall victim to a scam.”

“There has been an explosion of reported losses to phishing scams in the past year, such as “Hi Mum” and Toll/Linkt text scams, which skyrocketed by 469 per cent to $US24.6 million in 2022,” Lowe said.

Collaborative efforts increase.

Millions of Australians became more vulnerable to scams in 2022, following a spate of large-scale, high-profile data breaches late last year.

“Scammers are the most opportunistic of all criminals. Unfortunately, the more information a scammer has about you, the more convincing they can be,” Ms Lowe said.

“In the weeks after the data breaches, there were hundreds of reports to Scamwatch, including reports of scammers impersonating government departments and businesses to carry out identity theft and remote access scams.”

“While this brought about unprecedented collaboration across government, law enforcement and industry to share information and disrupt scams, there is still more work to be done,” Lowe said.

“Unfortunately, there are still significant gaps between and within the key sectors – banks, telcos, and digital platforms; and between regulators that scammers exploit to steal money from customers. So, we would like to see initiatives that apply across the sectors, knowing that scammers will target the weakest link.”

The ACCC continues to advocate for a three-pronged approach to tackling scams.

“First, we need to stop scammers reaching consumers by disrupting phone calls, SMS, email, social media messaging or other ways in which scammers contact would-be victims. Second, we need to make sure consumers are supported with up-to-date information, so they have the best chance of spotting a scammer when contacted. Finally, we need effective measures in place to prevent funds being transferred to scammers,” Lowe said.

People experiencing vulnerability suffered record financial losses.

In 2022, Australians that may have been experiencing vulnerability or hardship reported record losses.

People with a disability reported financial losses of $US33.7 million, a 71 per cent increase compared to 2021.

Indigenous Australians also reported losses of $US5.1 million (up five per cent compared to 2021) to Scamwatch, while the median loss for Indigenous Australian scam victims rose to $US754, from $US650 reported in 2021.

People from culturally and linguistically diverse communities made 11,418 scam reports which resulted in losses of $US56 million, up 36 per cent compared to 2021.

“We are very concerned that people experiencing vulnerability continue to be disproportionally impacted by scams,” Lowe said.

“Our report shows that people from culturally and linguistically diverse communities were significantly over-represented in terms of financial losses across a range of scam-types, accounting for more than one quarter (27.9 per cent) of total losses associated with identity theft and about a third (32.7 per cent) of all losses to pyramid schemes.”

“This is a worrying trend that urgently needs to be addressed by both government and industry with input from consumer advocacy groups.”

“Traditional bank transfers remain one of the most reported payment methods to scammers. While some banks have made recent positive steps to protect their customers, we would welcome uniform measures across the sector, like the UK’s Confirmation of Payee, which matches an account number to the intended recipient across all banks,” Lowe said.

Small and micro business’ losses doubled in 2022

Scamwatch data shows that small and micro businesses lost $US13.7 million to scams in 2022, a 95 per cent increase compared to the previous year. The biggest contributor to these losses were payment redirection scams, also known as business email compromise.

More broadly, there was a 73 per cent increase in scam losses across the Australian business community last year, totalling $US23.2 million.

Top tips for avoiding scams

• Stop – take your time before giving money or personal information.
• Think – ask yourself if the message or call could be fake?
• Protect – act quickly if something feels wrong. Contact your bank and report scams to Scamwatch.

Tags: ACCCAFCXReportCyber

The post The ACCC calls for a united front appeared first on CIO Tech Asia.