With the tax season just around the corner, AUSCERT is urging individuals to remain vigilant. This period is a prime time for cybercriminals to target unsuspecting individuals through phishing scams. These are typically circulated via various channels, including phishing emails, phone calls, text messages, and even fake websites. Malicious threat actors tend to increase their fraudulent activities utilising various phishing techniques to take advantage of the heightened financial activity during this period. AUSCERT has observed a significant increase in phishing scams impersonating MyGov and the Australian Taxation Office (ATO) during previous tax seasons. From July to October in 2022, AUSCERT received reports of around 1100 tax-related phishing emails and scams, a number that surged to approximately 2500 in 2023. These phishing emails typically impersonate official entities and may contain convincing logos and language to deceive recipients and urge users to click on a link, scan a QR code or download an attachment. The emails also claim that urgent action is required to avoid account suspension, try to trick users about a pending tax refund, highlight issues with a tax return or demand immediate action to avoid penalties. However, clicking on these links can potentially lead to malicious websites that steal Personally Identifiable Information (PII) or sensitive data like user credentials or credit card details. Additionally, clicking on the links may install malware on the user’s device, creating a backdoor for cybercriminals to monitor activities, track user behaviour, and steal login information. To protect yourself from ATO and MyGov related phishing scams during the upcoming tax season, it is crucial to take precautions like: Verify the source: Do not respond to unsolicited emails, text messages, or phone calls claiming to be from the ATO or MyGov. If it is an email, double-check the email address and sender information to confirm authenticity. Remember, the ATO or MyGov will never ask for sensitive information via email or SMS. Before providing any personal information, verify the legitimacy of the request by contacting the ATO or tax professionals through their official channels. Be wary of suspicious calls: If you receive a suspicious call from someone claiming to be from the ATO and demanding payment to receive a tax refund, it is advisable to end the call immediately. Keep in mind that the ATO will not threaten you with immediate arrest or use abusive language. Exercise caution with links and attachments: Avoid clicking on links or downloading attachments from unsolicited emails or text messages. Be cautious of urgent requests: Be wary of emails, text messages and phone calls pressuring you to act quickly or provide personal information. Take the time to verify the legitimacy of the communication. Protect personal information: Avoid sharing personal or financial details in response to emails, phone calls or text messages. Always be careful when providing information online. Report suspicious activity: If you receive a suspicious email claiming to be from the ATO or MyGov, report it to the appropriate authorities, such as the ATO’s scam reporting email address, the ACSC, or IDCARE. Keep software up to date: Ensure that your devices have the latest security updates and antivirus software to protect against malware and phishing attempts. By staying informed and vigilant, and following best practices for online security, individuals can reduce the risk of falling victim to ATO and MyGov related phishing scams during tax season. If you believe that your identity has been compromised or you have fallen a victim to a tax related scam, contact IDCARE on 1800 595 160.   Written by  Senior Information Security Analyst Vishaka 

The year 2023 has been a period of remarkable achievements and developments. This comprehensive report highlights the key successes, accomplishments, and projects undertaken by AUSCERT over the past year. From strategic initiatives and performance to market expansion and operational improvements, this review provides an in-depth analysis of our progress and sets the stage for our future endeavours. Contents  Foreword by Dr. David Stockdale Membership Overview Incident Support Vulnerability Management Threat Intelligence Training AUSCERT Conference Community Outreach Share Today Save Tomorrow Conclusion Click here to read the report  or head over to this link: https://auscert.shorthandstories.com/auscert-year-in-review-2023/index.html

Introduction: Valentine’s Day, often associated with expressions of love and affection, unfortunately also provides an opportune time for scammers to prey on unsuspecting individuals seeking romance. As we approach this annual celebration, it is crucial to remain vigilant and aware of the various scams and frauds that can lead to financial losses and emotional distress. The Australian government and major financial institutions have issued warnings about the rise in Valentine’s Day scams, highlighting the need for caution in online interactions and financial transactions [1][2]. The Scams and Frauds to Watch Out For: 1. Fraudulent Investment Opportunities Scammers use various methods to lure unsuspecting victims into their trap. They might promise high returns with little risk, exclusive insider information, or guaranteed profits within a short period. These scams may involve investments in stocks, cryptocurrencies, or even fictitious businesses. Victims are convinced to invest their hard-earned money, believing they have found a secure and profitable venture. 2. Gift Card Scams Scammers can pose as sellers offering discounted or limited-edition gift cards. They lure victims into purchasing these seemingly irresistible deals, but the gift cards turn out to be fake or previously used. Victims are left empty-handed, and their hard-earned money is gone. – Only purchase gift cards from trusted retailers or directly from their websites – Be cautious of deals that appear too good to be true – Verify the card’s balance before making any transactions. 3. Flower Delivery Scams Scammers set up fake florist websites or pose as legitimate flower delivery services. Victims place orders, pay in advance, but never receive the promised bouquets. This not only results in financial loss but also leaves disappointment and emotional distress. – Research the legitimacy of the florist before placing an order – Look for customer reviews and check their contact information – Consider using well-established flower delivery services with trusted reputations. 4. Online Shopping Fraud With the rise of online shopping, individuals often turn to the internet to purchase gifts for their loved ones. However, scammers take advantage of the increased online traffic by creating fake websites, social media pages, or advertisements offering attractive deals and discounts. Victims unknowingly share their payment information, only to receive counterfeit or never receive anything at all. – Stick to reputable online retailers with secure payment systems – Double-check website URLs for any misspellings or suspicious elements – Use secure payment methods which offer fraud protection. Protecting Yourself from Valentine’s Day Scams: 1. Stay Informed Stay updated on the latest scams and frauds by following alerts issued by government agencies, law enforcement, and trusted news sources. The more informed you are, the better prepared you will be to identify and avoid potential scams. 2. Trust Your Gut If something feels too good to be true or raises suspicions, trust your instincts. Scammers often exploit emotions and vulnerability, so be cautious before sharing personal information or engaging in financial transactions. 3. Watch out for phishing attempts Phishing is a common tactic used by scammers to trick individuals into revealing personal information or login credentials. Be wary of messages that ask for sensitive data, such as your credit card details. Legitimate organizations will never ask for such information via unsolicited messages. 4. Avoid clicking on suspicious links One of the most crucial steps in protecting yourself from scams is to refrain from clicking on links in messages, especially those that appear suspicious or unfamiliar. Scammers often use these links to redirect you to fraudulent websites or to install malware on your device. 5. Research Before Engaging Before interacting with someone online, take the time to research their profile, photos, and background information. Conducting a simple online search can sometimes reveal if the person is using fake pictures or has been involved in previously reported scams. 6. Report Suspicious Activity If you encounter suspicious profiles, emails, or messages, report them to the relevant dating platform or local authorities. Reporting such activities helps to protect others from falling victim to scams. 7. Educate Yourself and Others Share information about common scams and frauds with your friends, family, and social networks. By spreading awareness, you can collectively combat the efforts of scammers and protect those around you. Reference: [1] https://www.theaustralian.com.au/breaking-news/australians-warned-of-romance-scams-ahead-of-valentines-day/news-story/9a21c7a2ad7697980f291ffa87a439d5 [2] https://www.nationaltribune.com.au/government-warns-against-ruthless-romance-scammers-this-valentines-day/

In the digital age, data breaches have become an unfortunate reality, with cybercriminals constantly seeking vulnerabilities to gain unauthorized access to sensitive information. Recent incidents, such as the Mother of All Breaches and Naz.api, have highlighted the severity and potential consequences of leaked credential dumps. This article aims to provide insights into these incidents, their impact, and the importance of safeguarding personal information. Naz.api: Naz.api is a recent credential dump that gained attention in the cybersecurity community. The credentials are believed to have been obtained from credential stuffing lists and information-stealing malware logs. AUSCERT conducted a scan of the dump to identify credentials belonging to its members and has contacted the affected members through the Sensitive Information Alert (SIA) service. Mother of All Breaches: Mother of All Breaches (MOAB) is another dump that recently surfaced, revealing a vast collection of 26 billion records of user information from popular services like Twitter, Dropbox, LinkedIn, Adobe, Canva and Telegram. Although this is not a new breach, it is a compilation of earlier breaches. Nonetheless, the release of such sensitive information is highly concerning. Impact and Consequences: These credential dumps pose significant threats to both individuals and organizations. Cybercriminals could potentially exploit the leaked data for malicious purposes, including identity theft, phishing scams and targeted cyberattacks. It is crucial to remain vigilant and be on the lookout for any increased phishing attempts via email, text or other media. Protecting Against Credential Dumps: To mitigate the risks associated with credential dumps, individuals and organizations must practice good credential hygiene and adopt proactive security measures. Here are some essential steps to consider: Use unique and strong passwords: Avoid reusing passwords across multiple accounts and create strong, complex passwords. Multi-Factor Authentication (MFA): Enable MFA whenever possible to add an extra layer of security to your accounts. Regular Password Updates: Change passwords periodically to minimize the impact of potential breaches. Security Awareness: Stay informed about the latest cybersecurity threats and educate yourself and your employees about best practices for online security. Monitoring Services: Consider using monitoring services that can alert you if your credentials are found in a data breach. Websites like Have I Been Pwned (haveibeenpwned.com) can help you check if your email address or username has been compromised in known breaches.

AUSCERT 30 Years 30 Stories – Mark Chin Valuing the trusted and easily accessible information provided by AUSCERT, Mark Chin reflects on why he remains an AUSCERT member. As a Security Specialist at Carsales.com, receiving up-to-date information regarding threats and phishing tactics is a must. Mark recommends all organisations do their research into the services AUSCERT provides. How did you first become involved with AUSCERT? Initially, I learned of AUSCERT through my organisation’s membership. At first I didn’t know what membership entailed, until my colleagues showed me how to request phishing domain takedowns with AUSCERT. That’s how I initially started engaging with AUSCERT, and they’ve been great ever since. Having someone who can investigate suspicious emails or share them amongst their community to triage a solution has been amazing. What AUSCERT service do you use the most? Apart from the phishing takedowns, I am also part of the Slack channel. The channel is good for finding out what the latest ransoms are circulating to the public. It’s a great forum for networking and being able to ask the questions you don’t have answers to. How has AUSCERT evolved over the years? I haven’t been around long enough to observe changes in AUSCERT, but being around for 30 years, you must be doing something right. What I like about AUSCERT is that it’s a neutral organisation. You’re not competing with a vendor or coming from the government. People are more open to working with AUSCERT and networking with AUSCERT members due to this. What advice would you give to someone considering an AUSCERT membership? Start by doing your research into AUSCERT and gaining knowledge of the services they provide to see what’s on offer. What does the future hold for AUSCERT? I hope AUSCERT sticks around and can continue to support its members. How has your AUSCERT membership impacted your organisation? In a very positive way – we have a lot of threat intel coming through from AUSCERT. This is through the bulletins that share new vulnerabilities. AUSCERT has its finger on the pulse and is a trusted source of information. Rather than trying to find information, you can see similar organisations encountering the same issues.  

AUSCERT 30 Years 30 Stories – Megan Cox As AUSCERT’s Event Coordinator, Megan Cox knows a thing or two about what it’s like to be part of the Australian cyber security community. Reflecting on the positive culture of AUSCERT and the cybersecurity industry, Megan encourages people from all walks of life to become a member. Getting to share this space with great people is what drives Megan’s passion as she shares her voice in the AUSCERT 30 Years 30 Stories series. What is your favourite highlight about the AUSCERT conference? The conference is a truly unique experience. At its essence, it is a bunch of industry professionals getting together from across Australia and internationally, which is cool to see. I don’t come from a cyber background, so it was interesting for me to learn a lot in a very short amount of time about the industry. I get to meet so many great people who are members, prospective members, and conference attendees, and we get the great opportunity to tell them more about AUSCERT. What attracted you to work for AUSCERT? All of the reviews online regarding AUSCERT as an organisation were highly positive. At the time I was looking for an opportunity like this, and wanted a role that had a nice culture that supported its people, and encouraged staff to have career progression. When I saw that AUSCERT had the backing of UQ, I was like, “Oh, that can only be a good organisation.” What is your most significant highlight from your time working with AUSCERT? Besides the podcast, it’s the little bits and bobs we do on the sides like the monthly wine and cheese nights. I love getting to know everyone in our office in a more casual atmosphere. As a woman in the industry, what would you say to other young professional women wanting to enter the industry and are hesitant about the barriers? What words of encouragement would you give them? I can understand 100% where they’re coming from. I think that of all the male-dominated industries, cyber is probably the most accepting of anyone and everyone. Giving it a go is probably the best advice there is for any profession. If it’s not for you, then it’s not for you, but at least you know you’re not going to sit there in 50 years and wonder “What could have been”?    

Meet Joshua Finley, Data Centre Services Engineer at the Port of Melbourne. Having had personal experience with AUSCERT through website security and later with AUSCERT’s partnership with the Port of Melbourne, Joshua explains why he finds the membership to be well worth his time and money. Read on to find out more about Joshua’s AUSCERT connection. How did you first become involved with AUSCERT? For a long time, I hosted a large variety of websites, and back then, there wasn’t a great deal of cybersecurity resources. I became an AUSCERT member because I was looking for some help. Luckily when I started at the Port of Melbourne, as critical national infrastructure, they were already members and I got to pick up and run with our membership. What are the key benefits you’ve experienced as an AUSCERT member? Meeting the community in Melbourne has been super helpful; being able to network, and additionally receive timely alerts and notifications about the latest threats is very important. Lastly, having a point of contact to reach out to if we ever get into any trouble is reassuring. What advice would you give to someone who isn’t already an AUSCERT member? Simply, become a member and don’t think about it. We use the notification and alarms extensively and I also find the threat feed very useful. Also it’s very helpful having a point of contact to reach out to if we ever find ourselves in trouble. Looking ahead, what do you think the future holds for AUSCERT? There’s a huge space that AUSCERT could play in by extending services to a variety of non-government organisations as these organisations don’t have the footprint to do it themselves. What do you believe sets AUSCERT apart from other organisations in the cybersecurity space? Being non-for-profit, the motivations behind AUSCERT are true and pure – you don’t get this with a commercial organisation. Having a non-commercial partner  

  AUSCERT 30 Years 30 Stories – Mark Jackson Viewing the AUSCERT membership as a two-way value exchange, Mark Jackson hopes to put in just as much as he receives working alongside AUSCERT. As the Security Services Lead at MYOB, providing tax, accounting, and other business services to multiple individuals and companies across Australia, Mark’s AUSCERT story spans years. How did you first become involved with AUSCERT, and what motivated you to become a member? I’ve worked in many different organisations and at one in particular, I was prompted to investigate AUSCERT and sign up. Many years later, I’ve crossed multiple organisations and am still a member. What are some of the key benefits and experiences of an AUSCERT membership? The key services that I’ve used across my career are AUSCERT’s threat and vulnerability intelligence, along with takedown services. These services have been invaluable to the workplaces I’ve been a part of providing guidance through various incidents, good advice, and leading us to the right people to workshop a solution. How has AUSCERT evolved over the years, and what changes have you seen in the cybersecurity landscape that have affected the organisation’s work? Back in the day, cybersecurity was only attached to infrastructure. Just about every company needs to mature to deal with today’s challenges. The services AUSCERT offers and how they approach security have changed to match modern threats. What advice would you give to someone considering becoming an AUSCERT member? Be sure to lean on the network and stay in contact. Like anything, you get out what you put in. Looking ahead, what do you think the future holds for AUSCERT, and how do you see the organisation continue to play a role in the cybersecurity community? Given the depth and breadth of AUSCERT’s connections within the community, the organisation’s pool of information will be highly valuable. It’s the community that gives AUSCERT a much broader picture of things that might impact individual companies that they might not see otherwise. What do you believe sets AUSCERT apart from other organisations in the cybersecurity space? AUSCERT’s connection to a wider set of industries and partnerships than cybersecurity silos is their most significant drawcard. AUSCERT collates a broader view of the threats that are out there and what’s happening in general.

 AUSCERT 30 Years 30 Stories – Dave O’Loan Long-time AUSCERT affiliate and member, Dave O’Loan shares his journey with AUSCERT. As Head of Cyber Relations at the Australian Academic Research Network (AARNet), Dave has had many touchpoints with AUSCERT throughout his career. The sharing of information and diverse collaboration is why Dave continues to support and remain a member of AUSCERT. How did you first get involved with AUSCERT and what motivated you to become a member? AUSCERT is a partner with AARNet within AHECS, the Australian Higher Education Cyber Security Service. Prior to that, I had a long history of working within the academic and research sector. AUSCERT is part of The University of Queensland, linking with AARNet as a shareholder. Therefore, we have a close relationship around securing our sector and broadly sharing information. What are some of the key benefits and experiences of an AUSCERT membership? AARNet gains a lot of benefits through the sharing of threat intelligence, technical indicators, advisories, and bulletins. We also gain a lot from the AUSCERT community, including the conference, and other communities that bring security individuals together to share information effectively. How has AUSCERT evolved over the years, and what changes have you seen in the cybersecurity landscape that have affected the organisation’s work? AUSCERT has evolved by leveraging events like the annual conference and building a strong, information-sharing community. The evolution includes stronger partnerships, distributing information, and bringing different industry verticals together. AUSCERT plays a significant role in ensuring the CERT function is carried out and making sure there’s timely advice available for members. What advice would you give to someone considering becoming an AUSCERT member? AUSCERT memberships have numerous benefits, providing access to information, people, skills, and knowledge that an organisation might not have in-house. The membership allows for asking questions, gaining guidance, and receiving information that helps protect systems, networks, and people. AUSCERT’s training contributes to the cybersecurity maturity of an organisation. What do you think the future holds for AUSCERT, and how do you see the organisation continuing to play a vital role in the cybersecurity community? Many people don’t like answering this question, but I see a bright future for AUSCERT. With the evolving cybersecurity landscape, more entities need to be involved in the broader uplift. AUSCERT’s long history of support and leveraging its capabilities will contribute significantly to achieving a more secure nation. How has your membership in AUSCERT impacted your organisation’s overall approach to cybersecurity? The membership has provided unique information sharing, a subscription model with significant value, and the ability to maintain multiple cybersecurity partners. Different partners contribute advice and guidance across various aspects like risk, threat intel, and governance. What do you believe sets AUSCERT apart from other organisations in the cybersecurity space? AUSCERT’s unique nature lies in the shared information it has available through different partners. Maintaining different cybersecurity partners is critical because no single organisation has the knowledge or capacity to understand all risks, threats and governance challenges an organisation could face.

AUSCERT 30 Years 30 Stories – Trace Borrero Trace Borrero works at the University of Southern Queensland and through the university’s connection to AUSCERT, Trace has developed into a well-trained and active part of the AUSCERT community. From graduate to professional, check out Trace’s AUSCERT story. How did you first become a member of AUSCERT? I came directly out of my degree in cyber security and landed in a role at the University of Southern Queensland. The university were already members, so I became a member. How do you use the AUSCERT service and what benefit do you receive? We use the Malware Information Sharing Platform (MISP) a lot, and we’ve learned to automate from there. When I graduated there was a lot of talk about the intel and IOCs that came from AUSCERT. We would be looking for them in our environment and acting on them if needed. Whenever we’d see widespread phishing, we’d be able to send it to AUSCERT and they would handle it. To me as a graduate, it was magic. I didn’t understand what was going on, but I knew that it was taken care of. Now that I’ve learned the ropes, it’s a plus, because there is a lot of groundwork in the backend that AUSCERT handle for you. How do you think AUSCERT has evolved over the years? I’ve been a member for five years, so I’ve seen lots of change in the direction the industry is heading. AUSCERT is trying to remain cutting edge, which is important. Recently, automation is the new buzzword. Automation is one place that AUSCERT have adapted successfully, preparing their members to automate and thinking about what type of automation that members want. What advice would you give to someone considering becoming an AUSCERT member? It’s worth it – one of the best things you could do, is simply attend the conference and see what it’s all about. It’s hard to see AUSCERT’s benefit purely from the website. Meeting AUSCERT’s members, attending events, or just the conference, is a good place to start. What do you think the future holds for AUSCERT? I assume AUSCERT will continue to try and stay cutting edge. They will also continue to look out for their members as best they can, in whatever way that means. What sets AUSCERT apart from other organisations in the cyber security industry? AUSCERT are looking out for you. Obviously, they have their own interests, but their interests are their members. You don’t see that very often, specifically when you look at other vendors. Simply having someone to bounce your ideas off, and then receiving feedback from AUSCERT and its member community is fantastic. To be able to say: “Oh, hey, I’ve seen this phishing email. Has anyone else seen it?” “Oh, yes, we’ve seen it, and these are the other IOCs or other attributes of it.” It’s truly a community of learning and collaboration.

AUSCERT 30 Years 30 Stories – Peter Degotardi AUSCERT member in the education industry, Peter Degotardi is the Manager of Cyber Security Capability at the University of Technology Sydney. Joining the University in 2015, Peter has benefited from the information his AUSCERT membership provides. Keeping his organisation up-to-date and ahead of the game, Peter’s AUSCERT story is one of community and collaboration. What are some of the key benefits you’ve experienced as an AUSCERT member? The main benefit I receive from AUSCERT is the community and the sense of camaraderie we have. This community is a sight to behold; everyone talks to each other and trusts one another. The information we receive is phenomenal, giving great value out of the membership. Often, we’re alerted to vulnerable hosts before we’re even aware it’s happened. We can’t live without [phishing] site takedown services, along with phishing emails that AUSCERT handles for us. How has AUSCERT evolved over the years? I was involved with AUSCERT before I started in the cyber security sector, and I’ve always dreamed of going to the AUSCERT conference. Initially, AUSCERT was a ‘techie’ organisation but now it’s evolved to helping businesses secure themselves. Although technology is one part of the AUSCERT offering, they now focus on the governance and risk management services. What advice would you give to someone considering becoming an AUSCERT member, and why do you believe that membership is valuable for organisations of all sizes and industries? Be ready to ingest a huge amount of information; you’re going to receive a lot. The value is in the information sharing you receive, not just from AUSCERT itself but other members – everyone helps everyone else. What do you think the future holds for AUSCERT? Everything evolves – technology, processes, people, organisations, but no matter what changes, it needs to be secured. I’m looking at AUSCERT to provide timely information to be able to do just that – provide recommendations to stay one step ahead of the baddies. What do you believe sets AUSCERT apart from other organisations in the cyber security space? AUSCERT is Australian born and bred and it has the connections to its equivalents across the world. AUSCERT gives me the information I don’t have readily accessible, which will help us to develop a better security position for the organisation.

AUSCERT 30 Years 30 Stories – Bek Cheb Hard-working Bek Cheb embodies the heart of AUSCERT’s passion and community and is responsible for keeping the business side of AUSCERT running. As Business Manager, Bek oversees AUSCERT’s events, marketing, communications, and membership. Read on to discover Bek’s fondest AUSCERT moments and where she sees the future of AUSCERT headed. Whilst working at AUSCERT, is there a memorable experience that stands out? Not surprisingly, many of my memorable moments have been at the AUSCERT conference. AUSCERT attracts plenty of big-industry names that I’ve fanned over for years.  To meet these inspirations face-to-face and feel their human compassion is amazing. Adam Spencer is our MC, and each year I still get excited to hang out with Adam for a few days. This year Rachel Tobac, an expert in the world of social engineering, was AUSCERT’s keynote. To have such expertise on stage and learn from them is just magical. What would you say to someone considering becoming an AUSCERT member? Every organisation should become an AUSCERT member and I’m not just saying that because I work for AUSCERT. I understand the pressure there is on individuals and businesses to understand cyber security. Knowing that you’ve got a community ready to assist you, let alone the value in the individual services, builds confidence. There are many obvious services that AUSCERT are known for such as security bulletins and early warning SMS, but recently phishing takedowns are requested more often; where AUSCERT acts as an extension of your team. Where do you see AUSCERT going in the future? Thinking about AUSCERT’s future is thrilling – I think we have a lot of opportunities. Because we’re not owned by the government, the best part of AUSCERT is our agility. We can grow and change to whatever our members need us to be – so the growth opportunities for AUSCERT are endless. Education is going to play a big role in our future, innovating how we can expand our courses and offerings. There’s a high demand for new skill sets and growth within our industry, so I can’t wait to see our numbers grow. What sets AUSCERT apart from other organisations in the cyber security space? Every organisation needs to consider their network of cyber security partners. There’s no one-size-fits-all when it comes to protection, and you can’t put all your eggs in one basket. It’s important to have a layered approach by ensuring you’ve got different people representing your business on different issues. AUSCERT is that important piece of the puzzle, where you won’t find a sales pitch. We’re not trying to make an extra buck in our sales targets that month – instead we’re part of the cyber security community.