Blogs

30 Years 30 Stories

2 Nov 2023

AUSCERT 30 Years 30 Stories – Peter Newman Utilising AUSCERT’s services in the gambling industry, Peter Newman has a long history with AUSCERT. Initially working for University of Queensland (UQ), Peter Newman is now the Head of Threat at The Lottery Corporation. Providing insight into AUSCERT’s services and predicting its future, check out Peter’s AUSCERT connection story. What motivated your organisation to become a member? The Lottery Corporation is only a year old, recently splitting from Tabcorp. As a flow-on organisation of Tabcorp we utilise the same services. As Tabcorp were already AUSCERT members, we decided to continue the same framework with an AUSCERT membership for The Lottery Corporation. As an AUSCERT member, what are the key benefits? The Lottery Corporation use the bulletin service, which is a primary feed into our vulnerability management program. We also use AUSCERT’s seven-day feed for malware URLs. With this resource, we look at the domains our users are visiting, and if that domain is listed as a malicious URL, we investigate further. How has AUSCERT evolved over the years? When I began with AUSCERT, they were focused on incident response. Currently, AUSCERT have been developing its threat intelligence resources and feeds associated with that. Another aspect that AUSCERT has done well over the years, is maintaining relationships with other certs around the world – enabling them to become highly efficient at phishing take downs. What advice would you give to someone considering becoming an AUSCERT member? Understanding what AUSCERT can do for you is a challenge; a lot of the people that become members only use one or two services. Knowing everything AUSCERT can do for your business is the best advice I can give. What do you think the future holds for AUSCERT? AUSCERT will need to continually pivot even though its staples are solid. As a community organisation, AUSCERT must keep adjusting to the community itself and how it changes. I predict AUSCERT will continue to grow in the threat intelligence area and more in education. What sets AUSCERT apart from other organisations in the cyber security space? Being vendor-agnostic specifically sets AUSCERT apart – everybody in cyber security is trying to sell you something. Although AUSCERT is selling you something, it’s in a not-for-profit method. Due to this, AUSCERT can leverage their community to feedback on itself.

Learn more

Blogs

30 Years 30 Stories

31 Oct 2023

AUSCERT 30 Years 30 Stories – David Stockdale With a professional and ethical approach to delivering cyber security throughout Australia, the AUSCERT 30 Years 30 Stories would be incomplete without sitting down with current AUSCERT Director, David Stockdale. Praising AUSCERT’s trust and influential community, David’s insight into what sets our organisation apart is a heart-warming read. How did you first become involved with AUSCERT, and what motivated you to apply for your position? The Director of AUSCERT position was included in a job that I applied for at the University of Queensland. It was the area I least understood in the role, and yet it’s become the piece I adore most. How do you think AUSCERT has evolved over the years? What do you think our future holds? AUSCERT has experienced plenty of change in the last three decades – 30 years ago, AUSCERT was one of the first computer emergency response teams in the world. What AUSCERT provided then was unique, but there are now many big players in the sector. We’ve evolved to provide new and niche offerings, that other companies are not able to provide. As AUSCERT is a not-for-profit organisation, we’re not government-aligned nor commercial, we’re able to establish an element of trust. This trust is our superpower and means we can provide services others can’t. What are the key benefits of being a part of the AUSCERT community? AUSCERT transcends more than just its members, age, services and employees; it’s much bigger than that. To be part of an organisation that aims to provide good services and lift the security of our community – is a fantastic cause. What advice would you give to a prospective AUSCERT member? Do it! Looking at the low cost of our services, it’s easy to assume that they are not worth a lot. That couldn’t be further from the truth. Once you start using AUSCERT and leveraging our offerings, you’ll find there’s value-upon-value-upon-value. That said, the real value of being an AUSCERT member is not necessarily the services, but the community we create, whether it’s through our conference, or events. We connect sectors together, and it’s this quality that separates us from others. When you’re an AUSCERT member, you become part of a trusted community. What do you believe sets AUSCERT apart from other organisations in the cybersecurity space? It’s AUSCERT’s not-for-profit qualities – we aren’t aligned to any vendors so we are, in some ways, a trusted free spirit. This trust is what sets AUSCERT apart; and we do the best cybersecurity conference in Australia, without a doubt. AUSCERT, Happy 30th Birthday! You are the best organisation I’ve ever known, and I’m so proud to be part of it.  

Learn more

Blogs

30 Years 30 Stories

26 Oct 2023

AUSCERT 30 Years 30 Stories – Heath Marks Partnering with AUSCERT for 13 years, Heath Marks is the CEO of the Australian Access Federation (AAF), which provides the National Authentication Framework for Australian Higher Education Research. Assisting the Federal Government’s National Research Infrastructure Strategy, Heath leads development in the trust and identity sector. Through a mutual partnership with AUSCERT, Heath shares the benefits of aligning with cooperative communities like ours. What is your biggest takeaway from AUSCERT’s service? Working in the trust and identity environment, we are naturally linked to cyber security. Being aligned with AUSCERT’s deliverables and leveraging their services is highly important to us. Additionally, joining the community and further advancing the cyber security industry as a national strategy is considered invaluable to us at AAF. An initiative that the AAF and AUSCERT have partnered together from the beginning is the establishment of the Australasian Higher Education Cyber Security Service. Together with the entire AHECS group, we collectively advance cyber security initiatives within the sector. How long have you been an AUSCERT member? The AAF have been AUSCERT members from the very beginning.  We began with the certificate service and later continued that relationship throughout the years. AUSCERT provide training, support, engagement and a number of useful services that we enjoy engaging with as a team. What advice would you give to those considering to become an AUSCERT member? Why do you think the AUSCERT membership is valued in organisations? It’s critical that we’re part of initiatives like AUSCERT A key distinction of AUSCERT is that it’s a service delivered for the sector, by the sector. AUSCERT is a shared, cost-effective service. The membership costs are very low, for the value you receive. There’s a plethora of cyber security services available, the majority of which are expensive and often questionable. Being part of a passionate community, catered to sharing intelligence and knowledge on cyber security is vital and important – it’s the reason why we’re AUSCERT members. As AUSCERT turns 30, do you want to add anything else? Congratulations, AUSCERT, for making 30 years! AUSCERT is an integral part of the sector and we appreciate everything you do in supporting us, delivering what we need for our customers, our colleagues, and our daily jobs. Thank you very much.

Learn more

Blogs

30 Years 30 Stories

23 Oct 2023

AUSCERT 30 Years 30 Stories – Duke Erdenebat One of AUSCERT’s security analysts, Duke Erdenebat, shares how AUSCERT enables him to make positive contributions to the cybersecurity industry. Duke’s day-to-day work involves writing code, scripting, automation and a multitude of services that assist AUSCERT members. Inspired by AUSCERT’s goodwill, check out Duke’s AUSCERT connection story. Within your time in your role, what are the key benefits you’ve experienced? The main benefit has undoubtedly been AUSCERT’s not-for-profit status, with a focus on its members. This focus doesn’t just end with members but extends to the whole of Australia and the globe. We attempt to reach people who are in danger and try to enrich them. What do you envision for AUSCERT within the next 5 to 10 years? The current AUSCERT service is fantastic. But recently, we’re trying to integrate Malware Information Sharing Platform (MISP) in an attempt to share more information. This is an area where individuals can share threat activity and threat actors, helping others find compromise indicators. In the future, I believe our MISP integration will be strong enough to encourage members to check threats themselves. What advice would you give to someone considering becoming an AUSCERT member? Those considering an AUSCERT membership should research what AUSCERT services could benefit them and contact our team directly. Simply look through AUSCERT’s services – there are educational programs and plenty more – and see what AUSCERT is doing differently from other security companies. What does the AUSCERT community mean to you? AUSCERT has been around for 30 years – which means the community is robust. There are plenty of people who know about AUSCERT, and who AUSCERT know personally. If there’s a new source of information or incident, there’s open communication and sharing of that information, which makes it a great community to be a part of. What do you believe sets AUSCERT apart from other organisations in the cyber security space? AUSCERT has utmost respect for its members and there’s open communication of information, through Slack channels, MISP events and emails.

Learn more

Blogs

30 Years 30 Stories

19 Oct 2023

  AUSCERT 30 Years 30 Stories – Mark Carey-Smith A staff member of AUSCERT for the past two and a half years, but long-time member, Mark Carey-Smith is AUSCERT’s Principal Analyst. As an organisation whose sole focus is to benefit its members and wider community, Mark is a proud AUSCERT employee, and continues to improve AUSCERT’s educational offerings and other services. What motivated you to apply for a job at AUSCERT? With thanks to the conference, I had six or seven years of experience with AUSCERT. I knew some of AUSCERT’s main employees and had developed a good relationship with them over the years. I wanted to pursue cyber security education more, so I spoke with AUSCERT about how I could contribute to the development and improvement of AUSCERT’s educational services. What are some of the key benefits you’ve experienced being a part of the AUSCERT community? Community is the main word – at events, when we’ve run into members, community always comes up. A tight-knit community is certainly how I envisaged AUSCERT both before I was a staff member and now that I am, and there’s no doubt a micro-community between AUSCERT, its staff and members. How has AUSCERT evolved over the years that you’ve been with them? With my experience with AUSCERT as both a member and now employee, I’ve been involved with AUSCERT for about eight years in total. Some of the ways that we’ve evolved have been in the maturing of existing services and the development of new services. There are many ways AUSCERT remains true to its roots and community. I think in more recent times, there’s been a focus on getting in touch with our members and understanding their needs. We focus our future development on what our members need from us. What do you think the future holds for AUSCERT? I hope that in some ways it’s more of the same. I hope that we expand our range of educational offerings in particular so they suit member needs, and we continue to grow while maintaining our focus on community. Many vendors have no interest in community and just want to take money. With AUSCERT, we’re much more concerned with creating a space that works for the community. What do you believe sets AUSCERT apart from other organisations in the cyber security industry? Compared to other vendors, AUSCERT is not-for-profit, meaning we operate in a space where the focus is on our member’s needs. Without a focus on profit margins, we don’t cut corners, dissemble or exaggerate. Unfortunately, the cyber security vendor space is one where there’s some unethical behaviour. The focus on behaving ethically and supporting our mission, which is member-focused, is a main differentiator. As a staff member, I also think one of our differentiators is the way in which we support one another, providing a positive and friendly environment. What does AUSCERT mean to you? It all comes back to community. There are different ways you can interpret that word, and there are different ways in which we facilitate and nurture community. The conference is certainly not the only community-focused offering, but it’s a beautiful example of how we collectively create a community space.

Learn more

Blogs

30 Years 30 Stories

17 Oct 2023

AUSCERT 30 Years 30 Stories – Hank Opdam Chief Information Security Officer of Ausgrid, Hank Opdam, has enjoyed a 20-year friendship with AUSCERT. Going to his first AUSCERT conference in the early 2000s, Hank has partnered with AUSCERT through a variety of companies, valuing AUSCERT’s open communication and collaborative services. No matter your company size, Hank recommends an AUSCERT membership. So how did you first become involved with AUSCERT and what motivated you to become a member? I was working in financial services at the time, and back then, phishing takedowns were a large gap in the industry. That’s where my relationship with AUSCERT first started. These days it’s a very different exercise and we’ve been benefiting from AUSCERT’s security bulletins mostly along with having AUSCERT as a phone-a-friend organisation to bounce ideas and receive assistance with an incident. What are the key benefits of being an AUSCERT member? Apart from the services we receive, the bouncing of ideas and bulletins, the other main benefit is the relationship you build with the AUSCERT team. They are a knowledgeable group of people who care and are backed by a community that’s grown at conferences each year. What advice would you give to someone considering becoming an AUSCERT member? If you’re an organisation considering an AUSCERT membership – it’s great value, regardless of your company’s size. For smaller organisations, there’s great insights into the threat landscape and the intelligence they can receive. For bigger organisations, it’s about the community, and giving back. What do you think the future holds for AUSCERT? Realistically, who knows what the future holds for all things cyber? But one thing that has been clear is that AUSCERT will continue to facilitate events where they’ll listen to their members and community – offering to fill the gaps not being filled by others. What do you believe sets AUSCERT apart from other organisations in the cyber security space? AUSCERT is independent, and not-for-profit. You know the information you’ll receive is sound and without influence and that’s helpful when there’s so much noise in the cyber security landscape.

Learn more

Blogs

30 Years 30 Stories

11 Oct 2023

AUSCERT 30 Years 30 Stories – Shelly Mills Championing AUSCERT’s passion for positive change, Shelly Mills shares why she thinks AUSCERT is the best cyber organisation an organisation could partner with. Shelly has attended the AUSCERT conference four years in a row. As the Cyber Security Improvements Manager at the University of Queensland, Shelly speaks testament to AUSCERT’s virtues. How did you first become involved with AUSCERT? I started my first role at the University of Queensland, right before the AUSCERT conference. I remember having my first one-on-one with my boss, and my question was – can I go to the AUSCERT conference? That’s how I initially got involved with AUSCERT – it was the first thing I wanted to do. What are the key benefits as an AUSCERT member? A great benefit is the professional development offered by AUSCERT. The amount of professional development and networking you receive from the conference is awesome. Building those networks throughout your industry and other industries, including knowledge sharing, is a great benefit. How has AUSCERT evolved over the years? AUSCERT has definitely grown over the years – but a great thing is when you look at the management team at AUSCERT, they’re focused on giving back to the community. They strive to understand the community and make sure the services and provisioning align with what the community wants. What advice would you give someone considering becoming an AUSCERT member? You’ve got to join and be an AUSCERT member because they have the best conferences! I know it’s hard to justify budgets to go to conferences, but AUSCERT’s comes in its membership, so you’ll get to go to the conference. What do you think the future holds for AUSCERT? I know the AUSCERT management team are going to keep aligning their services to what the community wants. I predict there will be more training on a variety of different topics. How has your AUSCERT membership impacted your organisation’s overall approach to cyber security? AUSCERT also sits under the University of Queensland, so we’re somewhat related. We’re very lucky that our Cyber Security Operations Manager has been working with AUSCERT to share knowledge. Therefore, our membership has been very beneficial, especially for our Cyber Security Operations Centre. We learn from AUSCERT analysts as to how they do things and bring those skills back to our team. What sets AUSCERT apart from other organisations in the cyber security industry? Honestly, everyone at AUSCERT goes in with the purest of intentions, wanting to make a positive difference for the cyber security community and the community at large. Unfortunately, that’s not true everywhere else. I actually sent both AUSCERT managers an email two days ago saying thank you. They lead with such genuineness, authenticity and care, and that’s what makes AUSCERT so special. There’s a lot of people in the industry out for profit, who don’t care about the community. AUSCERT embodies all that’s good within the cyber security industry.

Learn more

Blogs

30 Years 30 Stories

9 Oct 2023

AUSCERT 30 Years 30 Stories – Chris Horsley Who better to hear from than one of AUSCERT’s original seven security analysts, Chris Horsley. Working with AUSCERT from 2004 to 2006, Chris is now the Chief Technology Officer at Cosive, a cyber security consultancy firm based in Melbourne, Sydney and New Zealand. From helping victims get their credentials returned to utilising cryptographic analysis, Chris’ years of experience in the evolving cyber world is worth a read. Can you describe a memorable experience you had while working with AUSCERT? We dealt with a lot of financial malware back in those days — it was the early days of criminals writing malware to steal money from bank accounts, usually by stealing passwords. There was one malware crew who were more sophisticated than others and they would encrypt their data. To get their victims, they would place malware on the machines they would upload the credentials to, taking them to another server. We managed to get our hands on the encrypted data to find out whose data was stolen. We then used cryptographic analysis to work out how they were doing that encryption. We managed to break their encryptions and then we went into a big program trying to get those credentials back to the people — the bank customers, the university employees and the government employees. It was a really meaningful job and very interesting in terms of the analysis work required. Can you briefly describe your role and responsibilities during your time at AUSCERT? Between 2004 to 2006 I was one of AUSCERT’s security analysts. It was a time when there were only seven of us, meaning we all had to do a bit of everything. We had what we called ‘point’, where we triaged all the correspondence coming in; whether it was a report about incident handling or a query from a member about how to approach a certain problem. We did a lot of security vulnerability work too and were constantly flooded with new information about patches and vulnerabilities. We had to analyse each and re-bundle them for AUSCERT members. Outside of this, we travelled to many conferences because we were the national CERT at this particular point in time. We would go to international conferences and talk to our counterparts in Europe, Asia, and the United States. I got a lot of opportunities to go travelling which was an amazing experience. With AUSCERT’s vast history, did you get to work on the beginning cases of phishing in Australia? Around 2004, phishing became a big problem in Australia. AUSCERT did a lot of groundbreaking work because Australia was one of the first countries to be hit. As a team, we did a lot of analysis to find out how phishing worked, how they run their servers and where they were in order to figure out the most effective way for us to take them down. We would often try to chase the credentials and get them back into the hands of the victims. Recapping on the 30 years AUSCERT has been around, how would you say the cyber security landscape has changed? The cyber security landscape has changed drastically. We didn’t have smartphones in this era – it was all desktop machines and there were no operating systems that were self-contained mobile operators. However, despite the changes, phishing is still around and continues to this day. I still do that type of work and it’s 20 years since I joined AUSCERT and started working in this industry. One thing that has been a big change in the landscape is how mainstream cyber security has become. In the early days, a lot of companies weren’t thinking about cyber security as a problem. Businesses didn’t have cyber security officers and the board didn’t think about cyber security problems. These days cyber security is very mainstream. Another big change has been the consideration of the threat of cyber warfare. Back then, a lot of people were debating whether cyber warfare could become ‘a thing’. These days, cyber warfare has definitely eventuated and it’s definitely a different playing field in terms of how cyber security and attacks on computer systems are accepted as a serious problem. What was the most significant security incident you dealt with while at AUSCERT? One of the most significant incidents I dealt with was what I called ‘credential repatriation’ where I would find financial malware uploading to servers, often gigabytes worth of stolen credentials. I ended up writing a lot of software that analysed who got their credentials stolen. I would try to write software as best I could to get their credentials back into the hands of the organisations it was stolen from. I spent a lot of time pouring through these logs and trying to get them back into the right hands so that the owners of the accounts could change passwords and remediate damages. I remember that being very rewarding work. How did AUSCERT support its members in improving their security posture, and what were some of the most effective strategies you used? Quite often members will ring us because they would be going through an incident. At that time, there was a lot less public information and supporting documentation around. Members would often have an incident that they were trying to handle, and they would ring us, so we could be a sounding board for them. When you’re handling an incident, it can be a very stressful experience and often by talking to us, we could give feedback or listen to what they had done so far and provide them with assistance. How has your experience working at AUSCERT influenced your career path and approach to cyber security? I view my time at AUSCERT as foundational. It was my first cyber security role – prior to it I’d been a software developer building web applications. My time at AUSCERT taught me so much about incident response, coordination and vulnerability handling. One of my most rewarding experiences was the relationships I built with the other seven analysts I worked with. They were a great group of people who I stay in touch with to this day. I have so many great memories of that time.

Learn more

Blogs

Stay Cyber Safe

6 Oct 2023

Here are a few of our key tips to share with your family, friends, or colleagues on how to stay cyber safe! Update your devices and apps regularly Software updates often provide crucial security fixes that can rectify weaknesses that attackers can use to exploit devices. Ensure all your systems are being regularly updated, preferably automatically. Utilise strong multi-factor authentication The primary objective of multi-factor authentication is to reduce the risk of account takeovers and enhance security for users. It provides an added layer of security necessary to protect users and their data. Use passphrases and password managers A password manager is an application or program that stores passwords or passphrases for all your accounts. With a password manager, you only need to remember one master password and it can create and store complex and unique passwords. Be careful clicking links Exercise caution when encountering any links, especially those from unknown or untrusted sources. Phishing emails are often disguised as legitimate messages from reputable sources aiming to trick individuals into clicking malicious links. QR Code Phishing (“Quishing”) Only scan QR codes from trusted sources, be cautious when scanning codes received through unsolicited messages or unknown websites.[Read more about it on our blog here] Be careful using Public USB Ports  Using USB ports in public places, such as airports, can pose a security risk. Using a USB Data Blocker can block any unwanted transfer, preventing any unauthorized access or malware installation. Be mindful of Social Engineering tactics and techniques. Social engineering attacks involve manipulating individuals into revealing confidential information, performing certain actions or making security mistakes. These attacks exploit human psychology and trust to deceive victims. Educate yourself and others about common tactics such as phishing emails, pretexting (creating false scenarios to obtain information), baiting (enticing victims to download malware) and tailgating (unauthorized access to a secure area). Be careful using Public WIFI Public, or free Wi-Fi can be used to intercept data, redirect users to malicious sites and to attack devices directly. It is much safer to use the hotspot functionality of your phone. Never leave your devices unattended. You never know what criminals are lurking so it’s safe to always keep an eye on all your devices! As mobile phones are commonly used as part of multi-factor authentication they are a target for attackers. Report Report any suspicious activity! If you’re a member feel free to contact us directly and we can assist. Otherwise you can contact [Scam Watch] (https://www.scamwatch.gov.au/) Undertake training courses to better educate yourself We run a diverse range of training courses to enable you to better understand and respond to cyber threats. [For more information click here] (https://wordpress-admin.auscert.org.au/services/auscert-education/)

Learn more

Blogs

30 Years 30 Stories

4 Oct 2023

AUSCERT 30 years 30 Stories – Brian Hay Long term AUSCERT Cyber Security Conference presenter and supporter Brian Hay, speaks of the importance and unique qualities of AUSCERT. With a background in law enforcement within the Queensland Police, Brian now works with Cultural Cyber Security, a business whose mission is to build cyber security confidence across Australia. If you want to know why Brian wholeheartedly supports AUSCERT – read on. Working for Cultural Cyber Security, could you give us a brief history of your connection to AUSCERT? I’ve been coming to AUSCERT Cyber Security Conference for what feels like most of my life. I can’t believe it’s been 30 years! Cultural Cyber Security was born out of a need for building cyber resilience across businesses, organisations, and within people themselves. I have 37 years of experience in law enforcement as a former Detective Superintendent for Queensland Police, giving me a wonderful association with AUSCERT and an insight into how incredibly relevant the issue of cyber security is. Q: What do you think is most significant about AUSCERT? AUSCERT to me is about community, leadership and defining a difference that is meaningful for the communities of this great nation. If I had to define AUSCERT in one word, it would be thought leadership because AUSCERT brings together governments, law enforcement agencies, vendors, global brands and global speakers. The AUSCERT conference is a brilliant forum for getting thought leaders in one location to stimulate thinking today, so we’re in a better place tomorrow. How does the AUSCERT Cyber Security Conference stand out from other conferences?  When I look around at other events and I speak to a lot of people in different locations, not just in Australia but overseas, the difference is at AUSCERT you know you’re part of a community. To show you how powerful and what great allies they are, I contacted AUSCERT back in my law enforcement days if I needed a website taken down. AUSCERT could achieve it within 24 hours, as opposed to a formal process which could take weeks to achieve the same outcome. Every member needs AUSCERT as allies because we don’t know where our adversaries are and they constantly change. It’s AUSCERT and the activities that AUSCERT do with similar entities around the world, that are our best chance of defence. Looking ahead, what do you think the future holds for AUSCERT, and how do you see the organisation continuing to play a vital role in the cyber security community? The cyber security community has many moving parts and lots of self-interest, but the beauty of AUSCERT is that it’s not about self-interest. AUSCERT is more about the interests of the greater Australian community. When I look at other events, what I see is a focus on the vendor. Vendors are important, but what’s more important is the technology conversation. With AUSCERT it’s about the technology, community, leadership and what’s coming next. It may involve technology, humanity, criminals and challenges we haven’t even thought of yet. Why do you support AUSCERT? AUSCERT provides a lot of support to organisations, and I’ve connected with them throughout my career. I’ve reached out to AUSCERT to support people or entities who are not members and they do so without question. You know they’re not negotiating a contract or seeking a financial return; they are doing it because it’s simply the right thing to do. In these ever-changing times, I have faith that integrity means something. When I think of AUSCERT I think of integrity, leadership, collaboration, community, and future. Australia needs AUSCERT and AUSCERT needs Australia to support it because the future of our children rests in the hands of entities like AUSCERT, its membership base and those who support it every year. The people in the cyber community are champions, and they need a platform to share their voice, which AUSCERT provides brilliantly.

Learn more

Blogs

Quishing Attacks

3 Oct 2023

AUSCERT has recently observed a surge in incidents of “quishing” and aims to proactively inform its members regarding this emerging threat. Quishing, also known as QR Code phishing is a type of cyber attack which involves tricking someone into scanning a QR code using a mobile device. These QR codes are designed to mislead users by appearing legitimate, often resembling QR codes found on product packaging, promotional materials, or even in public spaces. Upon scanning, the malicious QR code has the potential to redirect users to fraudulent websites, thereby exposing them to risks such as identity theft, financial fraud, or the installation of malware on their devices. The distribution of malicious QR codes can take place through various channels including email, social media, or even physical flyers. During the previous week, AUSCERT conducted analysis of email samples submitted by its member organisations. The findings revealed that email recipients were being prompted to scan a QR code, and the majority of these emails falsely claimed to originate from a manager within the respective organisation. AUSCERT observed that the QR code embedded within the email contained a URL leading to a deceptive website, impersonating reputable brands or organisations such as Microsoft. This fraudulent site then prompted the recipient to provide their credentials. To avoid falling victim to QR code phishing, here are some recommended precautions: Be cautious of the source: Only scan QR codes from trusted and reputable sources. Avoid scanning codes from unknown or suspicious sources, especially if received through unsolicited messages or emails. Preview the URL behind the QR Code: To reduce risk, utilize a QR scanning tool that provides a preview of the URL contained within the QR Code. Options available include Inbuilt camera of an iPhone previews the domain that is encoded in the QR Code. You can also use a Free QR Code Scanner to read the content of a QR code (Note: Please make sure to check privacy policies first). DNS Checker (https://dnschecker.org/qr-code-scanner.php) is one of the free tools that is available online. Use a QR code scanner with built-in security features: Opt for a reliable QR code scanner app that includes security features, such as URL scanning or warning notifications for potentially harmful websites (Ex: QR Scanner-Safe QR Code Reader (https://play.google.com/store/apps/details?id=com.trendmicro.qrscan)) Keep your devices updated: Regularly update your smartphone or other scanning devices with the latest security patches and firmware updates. This helps protect against known vulnerabilities that attackers may exploit. Be cautious of personal information requests: If a scanned QR code prompts you to provide personal information, such as login credentials or financial details, exercise caution. Legitimate sources typically do not request sensitive information through QR codes. Additionally, organisations are encouraged to promote awareness and educate their staff about the risks associated with QR code phishing and implement security measures to mitigate these threats. By staying informed and taking proactive steps, we can help minimise the impact of QR code phishing attacks. More information: https://techwireasia.com/2023/08/quishing-attacks-on-the-rise/ https://www.malwarebytes.com/blog/news/2023/08/qr-codes-deployed-in-targeted-phishing-campaigns https://www.microsoft.com/en-us/microsoft-365-life-hacks/privacy-and-safety/five-common-qr-code-scams

Learn more