AUSCERT 30 Years 30 Stories – Gary Gaskell With three decades of experience in cyber security, Gary Gaskell has been putting his skills to good use by helping those with limited cyber security knowledge grow their capabilities. Based in Brisbane, Gary is a long-time AUSCERT supporter and delivers some of AUSCERT’s training programs. With a long history in cyber security, how does the industry compare from when you started? Starting 30 years ago, it was exciting. We were on the edge of something new, doing business over the Internet. We began communicating simply across borders and much faster than fax machines and letters. For the past 20 years, I’ve been working for myself, which specifically means working for others. I help individuals lift their security levels, developing strategies and understanding their risk environment. What kind of training do you provide? And why do you think this training is important? For those who have been in the industry from the start, it’s time to give back. There’s a big skill shortage in this country, where everyone should benefit from experiences like mine. I can assist clients in tackling novel situations, direct them to good information and help improve security for their organisations. Training is a challenge due to a diversity of knowledge required to secure our complex systems today. In the beginning, we had computers we called mainframes and they were easily controlled. Now there are thousands of different technologies. Our main goal is to help individuals understand the fundamental principles. What does the future hold for AUSCERT? And how do you see the organisation continuing to play a vital role in the cyber security community? AUSCERT creates huge awareness and provides opportunities for individuals to lift their knowledge and skills. For example, leading and starting the AUSCERT conference. With AUSCERT’s leadership, they created this conference, providing a platform for practitioners to share case studies. We began to share what worked and what didn’t work, learning about the future. I go to other conferences in Australia as well, but when I return to work, the things I add to my checklist are from the high-quality speakers that attend AUSCERT. I wouldn’t miss it. What sets AUSCERT apart from other organisations in the cyber security space? AUSCERT is unique in our community. They’re eager to share their information, whilst commercial suppliers typically share a limited selection of their data. Many government competitors are conscious of classification, regulating who and what they share. Whilst AUSCERT provides a holistic approach for its members, enabling agility. It’s that can-do attitude, joined by many great technicians that makes AUSCERT stand out. How should organisations facilitate skill improvement? And why is this important? AUSCERT’s training programs aim to address the skill shortages in our community. Often incidents occur due to individuals being unaware of free security features. I believe problems occur due to a lack of awareness.  AUSCERT is here to rectify this. The Cyber Security 101 course helps organisations understand the basic features available to keep companies secure. The classes are very popular and appreciated by all those who attend. Why would you encourage others to become AUSCERT members? AUSCERT has a depth of experience in responding to crises due to its long history. Their mature approach to understanding incidents and providing management is unlike any other organisation. AUSCERT’s incident management is preparing you for the unexpected. It’s not just an individual playbook for ransomware on a Windows product. That’s a key value that AUSCERT provides.  

  AUSCERT 30 Years 30 Stories – Jamie Gillespie Past AUSCERT employee and long-time supporter, Jamie Gillespie kickstarted his career in cyber security as AUSCERT experienced massive growth in the early 2000s. Allowing Jamie to travel internationally, he looks back on his time with AUSCERT with appreciation. Now working at the Asia-Pacific Network Information Centre (APNIC), Jamie is a repeat speaker at AUSCERT conferences. How long did you work for AUSCERT? I was a senior security analyst for eight years in the early 2000s when AUSCERT was small and experiencing lots of growth. In 2002 AUSCERT held its first conference, which I was lucky enough to help plan, organise and execute, doing so for several years after that. We also conducted the first computer crime and security survey in 2002. Working with Katherine Kerr and the rest of the team, we asked the questions, analysed the data, and created presentations to showcase at AUSCERT and other conferences as well. What’s it like being a speaker at the AUSCERT conference? What will you be talking about this year? I’ve spoken at the AUSCERT conference for a couple of years now. Last year my presentation was on APNIC’s Vulnerability Reporting Program. This year, my presentation was on TLS implementations of SMTP servers. It’s a niche topic, but I had a good time putting the data together, and a lot of delegates were interested as well. It was great to be able to share my research and tips on improving SMTP and email security. Can you describe a particularly memorable experience you had when working at AUSCERT? The most memorable parts of working at AUSCERT was when I moved into the training team. We were delivering training in capital cities around Australia and New Zealand. We delivered technical training as well as security management training. I went to many countries doing Computer Security Incident Response Team training (CSIRT), helping them to grow or establish their teams. Thailand was my favourite, but I also travelled to Papua New Guinea, Mexico, Chile, Peru, and Singapore. I found helping other countries create their own national security teams to be very rewarding. Some governments took longer than others, but now I can look back and see these countries with established national security teams, participating in global cooperative efforts to make the internet more secure. How has the cyber security landscape changed since you worked at AUSCERT, and what new threats have emerged? Security has changed a lot since my time at AUSCERT. In the eight years I was there, we began selling security to organisations, informing them of the importance of security programs and technical security uplifts. Now with the high publicity of major security breaches, such as Optus and Medibank, it’s impacting almost everyone on a personal level. It doesn’t matter if they’re regular employees in an organisation or on the board and C-suite, employees understand security because they’re being impacted day to day. On a corporate level, this has made security discussions much easier. How do you think AUSCERT support their members in achieving their security posture and what are some of the most effective strategies you used? In the early 2000s, we had the basic incident response and training services, but now AUSCERT has expanded. The number of services that they’re providing, both technical and human interaction are wonderful. The AUSCERT Cyber Security Conference is a great forum for raising security awareness and providing knowledge sharing. When AUSCERT started in 2002, there were no good independent security conferences in Australia. Some were vendor-based, but it was largely vendor pitches. The general services that AUSCERT provide to all members have been growing and I’m excited to see what AUSCERT does next. How has your experience working at AUSCERT influenced your career path and approach to cyber security? When I started at AUSCERT in 2001, I had recently moved from Canada and while I was working in IT, I didn’t have the opportunity to concentrate on a dedicated information security role. My senior security analyst role at AUSCERT gave me the opportunity to concentrate on security. The eight years that I spent at AUSCERT really kickstarted my information and cyber security career. I have a lot to pay back to AUSCERT for the opportunity that they gave me at that time and how they helped me progress in my career. AUSCERT is responsible for a significant portion of where I am today.  

AUSCERT 30 Years 30 Stories – Victor Bradbury Manager of Information Technology at St. Michael’s College, Victor Bradbury has been attending the AUSCERT Conference for seven years. Grateful for the trust and community built at AUSCERT, Victor reflects on his conference visits as not only the perfect way for him to safeguard his school, but to constantly stay up to date with cyber security information and to consecutively win the speed Lego building competition. After your first conference, what motivated you to become a member? St. Michael’s is a small school so when I attended my first conference, there were all the big boys, the corporates and a lot of the universities. After talking to everyone, I quickly realised what I didn’t know, but everyone looks after you at AUSCERT. It’s a strong community that all the people I spoke to at the first conference I speak to now, seven years later. I learned all my security basics from that first conference. What are some key benefits you’ve experienced as an AUSCERT member? The main benefits would be the certificate service. Additionally, the contacts you make are so important. If I have any issues, I can go straight to them to ask. We thankfully haven’t had to use any of AUSCERT serious takedown services yet, and hopefully, we never do, but having AUSCERT in our back pocket gives us peace of mind. Looking ahead, what do you think the future holds for AUSCERT, and how do you see the organisation continuing to play a vital role in the cyber security community? I think AUSCERT’s future is bright because it’s not-for-profit. You can trust what everyone’s telling you and what they’re doing. AUSCERT has set the industry standard and is highly respected. From corporates and universities down to small businesses like us, this sense of trust is so important.  How has your membership in AUSCERT impacted your organisation’s overall approach to cyber security, and what changes have you implemented as a result of your involvement with the organisation? When I first came to the conference, I didn’t know what was going on in the cyber security world, and it could have been very intimidating. Each year there seems to be a new threat, which can be hard to keep up. AUSCERT is three to six months ahead of what you might see on the media and they keep me ahead of the game. I look at what the corporate organisations are doing and then scale it down to suit us. Can you speak to that point specifically about cyber security for schools? Do you think your school is ahead of other schools? I’m unsure if we’re ahead but I take the approach that if I look at what people are doing in the industry and scale it for our use, we can minimise risk. We have security 24/7 for our school. That would be unheard of five years ago. Anything else you would like to add? I would like to say thank you to the team. They are a great bunch of people to work with. As a small fish in this industry, we are treated just as well as the large corporations that partner with AUSCERT and I think that’s amazing.

AUSCERT 30 Years 30 Stories – Dushyant Sattiraju Attending the AUSCERT conference for the past six years and presenting for the past four, Dushyant Sattiraju speaks of the helpful platform AUSCERT has provided. As the Security Operations Manager at Deakin University, AUSCERT membership has enabled Dushyant to bounce ideas and receive timely, supportive feedback ensuring the university’s cyber safety. How did you first get involved with AUSCERT and what motivated you to become a member? When I first started at Deakin, I was the only security staff. As we didn’t have a history of security, I needed support. I reached out to the community to see if anyone was willing to share their stories about what they were doing and what they were they prioritising. AUSCERT was a welcoming community and I got to connect with other universities and organisations that had similar security history as me. The ongoing sharing of stories and learnings has been one of the main reasons for my involvement. What are some of the key benefits you’ve experienced as an AUSCERT member, both in terms of the resources and support offered? One of the key benefits of membership are the AUSCERT services. I used a few services at Deakin such as the take down system, along with the threat intel platform. I found the analyst in the team very supportive and ideal for bouncing ideas off. AUSCERT’s conferences are an interesting avenue to meet different people from different organisations and various sectors, which has been great as well. What advice would you give to someone considering becoming an AUSCERT member, and why do you believe that membership is valuable for organisations of all sizes and industries? You get a lot for what you pay for with the AUSCERT membership. Not only do you get access to the conferences and events, but you also get access to the community. The community is very generous in sharing and forthcoming. Trying to implement new technology? Ask your questions to the community and they’ll get back to you within minutes. AUSCERT has connected me to organisations that I had never met before, supporting discussions about our technology and security journey overall. Looking ahead, what do you think the future holds for AUSCERT, and how do you see the organisation continuing to play a vital role in the cyber security community? AUSCERT is great for connecting people. For example, there are a few subgroups, such as the university sharing community to increase collaboration and knowledge sharing. The past few years I’ve talked about our experiences and incidents we’ve had. I predict we will see a lot more of these stories in the future – a fantastic opportunity to continue learning.

AUSCERT 30 Years 30 stories – Daisy Wong Defining results-focused leadership, with a strong management connection, Daisy Wong is the Security Culture and Awareness Lead at Flybuys. Working with a disability, Daisy is an amazing thought leader and advocate for inclusive work environments. Daisy champions those with disabilities and shares why she appreciates AUSCERT’s inclusivity efforts. What advice would you give an organisation looking to prioritise diversity and inclusion, when hiring and retaining talent? For those reading, I have a physical disability which means I am in a wheelchair. Over the years, I have worked in a few organisations that weren’t prepared for me. I have arrived and found stairs, meaning I couldn’t even get into my workplace. I’ve experienced hiring managers ask inappropriate questions in interview settings such as – how do I make a cup of coffee and get back to my desk – a strange question, with nothing to do with the job. The number one thing I would recommend for organisations wanting to improve inclusivity is to ask the candidate or the person what they need to succeed. Don’t make assumptions that they cannot do something or make assumptions that they can. Create the ability during applications for accessibility information to be very clear. Although I have a physical disability, there are all different kinds of disabilities, for example, colour blindness, or audio issues, so it’s important to consider all disabilities – not just the visible ones. How has AUSCERT played a part in helping generate diversity and inclusion in the industry? AUSCERT has done a lot of good things relating to diversity in the industry. Firstly, the conference is always accessible. I’ve seen two other people in wheelchairs, and I’ve never had an issue getting up on the stage when presenting. Regarding the industry, AUSCERT is highly supportive of the Australian Women Security Network. I volunteer with this network, and they’ve always had a booth at the conference. AUSCERT also works with BDO, an inclusion technology company, showcasing how they support their initiatives. What strategies have you found most effective in creating an inclusive workplace culture? To create an inclusive culture for organisations, the best way is to ask the individuals and listen to their needs. Flybuys has done a great job; when I started, we had a conversation about my limitations and what I can do and can’t do. Since then, every event I’ve attended has been accessible and I don’t have to continually inform Flybuys. As an employer, you need open communication, a willingness to listen, and an ability to adapt and be flexible. How would you recommend organisations address discrimination bias in the workplace? Unfortunately, discrimination bias still happens, and organisations need to find ways to address them. The first thing to do is lead with empathy. Many individuals don’t understand that what they say hurts my feelings or makes me feel like I can’t ask for help next time. From a corporate or organisation point of view, training should be provided to staff because so many people make comments unconsciously. They may not have met someone in a wheelchair before and therefore might not know how to be helpful. For example, I don’t like my wheelchair being pushed without you asking, but if you see me struggling and you want to offer help, I do appreciate it. It’s about asking the person. How far do you think the industry has come and what do you think we can expect for the future? This is AUSCERT’s 30th year and 22nd conference, and only my second time, but I’ve noticed many changes. I’ve been in cyber industry for eight years, and I’ve already seen a lot of change. Firstly, there are more women. However, women still only represent 17% of the whole industry, meaning we’ve got a long way to go. That said, compared to other conferences, AUSCERT has a much healthier balance. AUSCERT values the encouragement of women in the industry, which I’ve observed AUSCERT apply to their own organisation by hiring females in roles.

My Time on the BSide This week, a few AUSCERT staff members journeyed from sunny Brisbane to brave the crisp Melbourne air and participate in the annual BSides conference. BSides is a volunteer-driven initiative spearheaded by members of the infosec industry who share a common objective: to foster and support a thriving cybersecurity community. The conference offers a platform for first-time speakers, students, as well as new and experienced professionals to showcase their work in a friendly and welcoming environment. AUSCERT takes great pride in sponsoring this event and contributing to the growth of the cybersecurity industry in Australia. One of our AUSCERT team members who participated in BSides Melbourne last weekend was our Senior Software Developer, Lucas. This week, we had the opportunity to sit down with Lucas to delve into his highlights, favourite sessions, and other noteworthy aspects of the event. Here’s his first-hand account of the experience. Highlights One of my standout moments from the conference was teaming up with a colleague to take part in the Capture the Flag (CTF) competition. A CTF competition is composed of many different challenges that fall under different cybersecurity categories. The challenges vary in difficulty and are designed to test the participants cybersecurity skills, whilst also offering valuable hands-on learning and networking opportunities. These challenges provide a unique educational and training experience within a fun and competitive environment. As a software developer, I typically don’t engage in offensive security work. However, this challenge provided me with a unique opportunity to broaden my expertise and skills in this particular field. Achieving the 11th position in the challenge among 53 other competing teams was a proud moment for me. It demonstrated that I do possess a certain level of proficiency in this area and continues to motivate me to pursue further skill development in this field. Favourite Session One session that left a lasting impact on me was Paul McCarty’s talk on defending the software supply chain. As a software developer focusing on the development operations space, this session provided invaluable insights into crucial considerations and areas for improvement. In an era where the software supply chain faces increasingly sophisticated attacks, it’s imperative for software developers and engineers like me to comprehend how to safeguard against emerging and existing threats to the software supply chain. The session explored valuable open-source tools that can assist organisations in establishing new processes and developing tools to enhance the security of their software supply chains. The session put into perspective the breadth of the software supply chain and how it can be attacked, and it introduced me to some very useful open-source tools for visualising and improving the security of AUSCERT’s software supply chain. Interesting Aspects One particularly interesting aspect of the conference was the extensive focus on career support and guidance they offered. It was truly inspiring to witness the dedication to fostering professional development and the readiness to assist attendees at various stages of their careers. The conference featured sessions led by experts who offered invaluable advice and support, enabling individuals to expand and evolve in various aspects of their careers. Moreover, it encouraged attendees to explore new passions that might not yet exist in their current fields. In summary, my experience at BSides Melbourne was truly memorable, primarily due to the opportunity to connect with numerous outstanding individuals in the industry. The sessions were both relevant and engaging, and the warm and inviting attitude of the entire staff and community contributed to a friendly and welcoming atmosphere that everyone enjoyed!

Mikhail Lopushanski is the Chief Information Security Officer for Heritage Bank and has been in the information security space for close to 30 years. Involved with AUSCERT in its early days, Mikhail has an appreciation for the partnership that AUSCERT offers and its mission to help all organisation improve their information security.  How did you first become involved with AUSCERT, and what motivated you to become a member? I became an AUSCERT member in the late 90s. As an organisation, we required a partner, somebody that could help advise and mature our information security space. It was great having an organization that wasn’t connected to a vendor, government, or any particular area. AUSCERT helped my organisation to mature in that area with guidance, as well as providing us with alerts and starting to give us broader levels of alert capability than what we could do internally. How has AUSCERT evolved over the years, and what changes have you seen in the cyber security landscape that have affected the organisation’s work? AUSCERT has greatly developed since the late 90s. As a start-up coordinating globally, AUSCERT was able to provide information back to its members that was significantly up to date. You have to remember this is early days of internet and browser access. As AUSCERT developed, I’ve moved to several organisations and our needs have changed depending on our maturity. I found that AUSCERT was able to meet those needs regardless of what stage we were in. I’ve worked with AUSCERT across many projects, including setting up a threat intel group across the financial sector. AUSCERT fundamentally assisted me to set this up and to reach out to certain numbers that met the criteria of financial service spaces. I view AUSCERT as a true partner. How has your membership in AUSCERT impacted your organisation’s overall approach to cyber security? And what changes have you implemented as a result? AUSCERT is a partner that can help an organisation mature in this space. In my experience going from several organisations that are less mature in information security to other organisations that are quite mature, the needs from what we wanted AUSCERT to do changed from place to place. AUSCERT has certainly matured in this space over time. For a time they offered flying doctor service for incident response and they have really developed their capability for incident response, but also identification and threat intelligence and starting to provide quality IOCs and quality information to organisations. They shared this intelligence making it available across multiple industries. That development that AUSCERT created fell in line with how the industry over the years has also developed, becoming a real industry leader. Is there anything else you would like to add? Happy 30th AUSCERT and I look forward to working with you in the next few years!

AUSCERT is a world-renowned organisation that has been providing cybersecurity services and expertise to small and large businesses, universities and government agencies in Australia and neighbouring countries for almost three decades. Since its establishment in 1993, AUSCERT has built a reputation as a trusted advisor and a provider of critical incident response and security analysis services. In March this year, AUSCERT sheds its “young adulthood” status and will celebrate its thirtieth birthday! AUSCERT’s history is rooted in its mission to protect the digital assets of its members by providing practical and expert cybersecurity advice and support. Over the years, AUSCERT has responded to thousands of cyber incidents and worked tirelessly to develop and promote cybersecurity awareness, education, and best practices, both locally and internationally. Most importantly, AUSCERT is a not-for-profit organisation which exists only for its members, providing unique cybersecurity services which complement government and commercially available offerings. Based at The University of Queensland, AUSCERT works closely with UQ Cyber and global networks such as APCERT and FIRST, having built excellent relationships worldwide over nearly thirty years. AUSCERT funds the provision of its cybersecurity services from not-for-profit membership fees, reinvesting a small surplus into the development of its team members, with emphasis on continuous learning and improvement in culture. Generous sponsors allow AUSCERT to host the longest running cybersecurity conference in Australia each year since 2002. Known for its great atmosphere and opportunities to collaborate with peers in all industries, presentations and tutorials are sourced from the very best practitioners locally and worldwide. Members receive free or discounted attendance to excellent, low-cost professional learning and development in a welcoming environment. Registrations for the 2023 event open soon! In recent years, AUSCERT has expanded its services to include a range of cybersecurity training courses. With the growing demand for cybersecurity expertise, the AUSCERT Education program has become increasingly important, providing individuals and organisations with the skills and knowledge they need to stay ahead of the rapidly evolving cyber threat landscape. The AUSCERT Education program ranges from an introductory course for IT professionals who wish to learn the current terminology, practices and controls in cybersecurity to more advanced training such as cybersecurity risk management and forming an incident response plan. In recognition of the critical importance of areas such as board and executive cybersecurity awareness and data governance practices, during 2023 AUSCERT will expand its education programs into these areas. Together with this new direction in the AUSCERT Education program, other future services will include briefings for board members and executives, and implementation assistance for data governance practices. Overall, AUSCERT’s direction is to continue providing not-for-profit, high quality cybersecurity services and education for its members.

The 2032 Olympic Games (to be held in AUSCERT’s home city of Brisbane) are less than 10 years away. That may seem a long way off from the present time, but consider this: the recent global pandemic caused significant suffering and loss on a personal level, while disrupting 2, maybe 3 years of industrial progress worldwide with supply chain issues and the like. Natural disasters, which Australia seems to have more than its fair share of, also disrupt our lives personally and professionally.   We know preparedness is important for dealing with natural disasters and pandemics, but we still don’t always get it right. The well-established insurance and trade industries responsible for rebuilding houses is an example of this – I know of many families affected in Brisbane’s Feb 2022 floods who are still living in alternative accommodation, waiting on rebuilding efforts to even begin.  My point is, with cybersecurity a relatively new industry, now is the time to lay solid foundations for the future and “get it right” from the start. We don’t want to be looking back in a hundred years’ time in 2123 thinking “we’re still not getting it right”.   This may seem like a problem for senior management, although it’s our job as cyber security professionals to advise on these matters. Depending on the culture in your organisation this could be challenging, so why not reach out to other like-mind professionals in AUSCERT’s Member Slack to ask how they’ve been successful?   One suggestion is to talk about preparedness generally, rather than specifically about cyber. Help management understand that “cyber” isn’t just an “IT department thing” and speak about it as a normal business function. It’s just like completing your Business Activity Statement, running payroll, managing the lifecycle of your customers or any other function a business needs to do to retain relevance and solvency. Also, management should assume a cyber security incident WILL occur and keep that in mind when preparing. It’s possible risk assessments were calculated using “rare” or “unlikely” likelihood ratings to negate the “catastrophic” consequence, however as a professional you’ll be able to provide information about current events in cyber to make these assessments as accurate as possible. If you want some assistance keeping up with cyber security news, subscribe to AUSCERT’s ADIR for a daily digest.   In your briefings with management, talk about that crisis in the back of your mind – you know, the one that occasionally wakes you up in a sweat that you know would significantly impact lives (human or animal), livelihoods or the viability of your business. These days it’s usually ransomware, and because the actual risk is to the entire business we need to focus far wider than just the technical means by which ransomware is perpetrated, such as Lockbit or Royal.   In recent examples of both, the British Royal Mail were hit with Lockbit and QUT suffered a breach from Royal over the Christmas period. In both cases, the business impact was significant and ongoing. For example, courses and exams at QUT were suspended, and Royal Mail advised customers not to attempt to send letters and parcels overseas until the issue was resolved. Even more serious was the subsequent news that the Royal gang allegedly released the data stolen from QUT.   Whatever the crisis, you’ll need clarity on roles, responsibilities, and escalation protocols. This is far bigger than the IT department or the cyber security team. Your business will need to plan how internal and public communications are handled, have a war room, and manage handovers to prevent fatigue. If you don’t have a good plan already, why not lead a charge in your organisation to create one? Here’s a great template from the ACSC.   There are more considerations you may be called to advise upon, which are not traditionally “the IT dept’s problems”. You might need to help your organisation define a risk appetite. If we’re talking about ransoms, would your organisation pay a ransom? What legal and/or regulatory considerations are there? You might be in a situation in which lives depend upon payment of a ransom, and there’ve been rumours that cyber insurers may insist that you do pay the ransom to claim overall damages.   One of the best ways to draw out answers to these sorts of questions is to undertake a tabletop exercise. In these events you will bring together key decision makers from all parts of your business and simulate an actual crisis. There are plenty of consultants who’ll provide this as a paid service, and if you don’t know of any, reach out in AUSCERT’s Member Slack to ask your peers who they’d recommend. The ACSC’s Critical Infrastructure Uplift Program also provides tabletop exercises to certain industries, along with unique insights into national cyber security incidents they’ve responded to. At the very least you could run your own scenario using the ACSC’s Exercise in a Box, although sometimes bringing in outside advisors (particularly the Federal Government) does give your cyber preparedness plan extra credibility.   To help you with all of these concerns in 2023, we’ll continue providing our incident support and cyber threat intel for our members, and we’ll add additional training and awareness programs that aim to help with cyber-preparedness. We know that all of you are extremely busy with day-to-day activities, ever-increasing regulatory requirements and fighting cyber incidents. The new training courses will help you learn the very latest techniques in areas such as data governance, practical applications of cyber threat intelligence, and awareness of cybersecurity at the executive and board level. Hopefully you’ll all enjoy a prosperous, safe, happy and cyber-prepared 2023!   Mike Holm AUSCERT Senior Manager

RECENT TARGETS AUSCERT has been receiving reports of various RFQ scams spoofing Australian Universities and targeting vendors via the spoofed domain. THE TRIED AND TESTED METHOD A scammer creates an identical-looking domain impersonating a university. The spoofed domain with active MX records is then used to send emails to various vendors asking for quotes for the products they sell. The MX record allows email replies to be directed back to the scammer. The email address usually impersonates a staff member on the executive level. In some cases, the emails may be blocked or quarantined depending on the vendor’s security policy. Hence, small, and medium-sized companies are targeted as they might have a lower maturity level in their security policies. When such reports are sent to AUSCERT, it can be acted upon quickly if we are provided with email headers as evidence, and the domain registrar will usually suspend the domain successfully with such details. HOW IT HAS CHANGED Some scammers have now changed their methods of delivering such RFQ scams. To avoid the quarantine of emails and to avoid being taken down by the registrar (as the registrar usually requires email headers in such cases), scammers now use the built-in web forms located on the websites of small-medium-sized companies. The submitted email address is an address from the spoofed domain. In such cases, it is difficult for the targeted university to reach out to the companies asking for more information. Furthermore, since no email headers are recorded, submitting a takedown request to the domain registrar is difficult without much evidence. WHAT THE UNIVERSITY CAN DO Submit as much information as possible in such a situation. It is also recommended that the university should also reach out to the company that communicated with the scammer to obtain any related information. For e.g., the webform chat in this case. If the university is unable to contact the vendor, AUSCERT might be able to assist.

AUSCERT was delighted to sponsor the Best Security Student Award at the recent Women in Security Awards held in Sydney. Five outstanding finalists were in the running, each achieving success with their respective pursuits, with Elena Scifleet from CyberCX declared the winner! Congratulations to all the winners and everyone that contributed to such a successful and enjoyable event – we can’t wait for 2023! To see who else was recognised, visit the Women in Security Awards 2022 winners page. Members of the AUSCERT team were in attendance for the occasion with Analyst, Vishaka, providing a summary of her experience, below: It was a privilege to have been able to attend the Australian Women in Cyber Security Gala night 2022 along with my colleagues, on the evening of Wednesday, October 12. The event kicked off with a Cocktail networking hour. It was exciting to see so many familiar faces and meet new ones who are either pursuing their higher education in Cyber Security or just stepping into a career in Cyber Security. This year’s celebrations saw a staggering 826 nominations with 81 finalists, 19 winners, 17 Highly Commended and 2 Special Recognition recipients for 18 different award categories including Best Female Secure Coder, Protective Security Champion, IT Security Champion and Australia’s Most Outstanding Woman in IT Security. Kudos to AUSCERT’s former employee, Laura Jiew for taking the Best Volunteer award home! I felt absolutely honoured to witness the talented women who received awards for their accomplishments, value, and contributions to Cyber Security – most of them had a truly inspirational and motivational story to share! While celebrating women in Cyber Security, the event also acknowledged male counterparts in the field who have contributed to eliminating gender-based discrimination and bias in the workplace and promoting equality in the IT security industry. Dushyant Sattiraju and Dave O’Loan were recognised as Highly Commended in the Male Champion of Change category while Clive Rees bagged the award. Throughout the event, the importance and need of being a mentor for other women in the field were highlighted. Thank you to Abigail Swabey and her team for pulling off such a successful and fabulous event and thank you to the AUSCERT management for giving me an opportunity to participate in the event.

BSides Melbourne is a not-for-profit event that is wholly run by volunteers for the benefit of the community. It’s a community-driven conference that encourages and welcomes first-time speakers and students along with industry professionals, experienced and new alike! AUSCERT was delighted to sponsor the event, providing the tote bags for all attendees to fill with the array of goodies on offer. Some of the AUSCERT team ventured south to participate in the long-awaited (thanks to COVID delays) BSides Melbourne 2022. The following is an account of events from one of our Analysts, Vishaka. Day 1 The conference started with Joff Thyer’s keynote presentation that told of his inspirational journey in Information Security. He highlighted the key skills and qualities for a successful 21st-century career with my main takeaways from his speech being: If you make a mistake, do not walk away from it but take the owners of it and learn from it. Learn a programming language (he specifically mentioned Python) Afterwards, Mike Pritchard and Shanna Daly showcased how the craft of traditional espionage maps to the modern cyber world. Mike who is a passionate collector of historical espionage presented his extensive collection of spy gadgets – I found this to be super cool! I then made my way to a presentation about the data leak published on Twitter about the Conti ransomware gang that uses Ransomware as Service (RaaS). The presentation by Thomas Roccia, a Senior Security Researcher at Microsoft, highlighted how the leaked chat logs revealed private discussions between Conti members and how the data provided a unique insight into the inner workings of the group. I next ventured to Data, Demogorgons and the Upside-down world… and a Battleforce Angel by Tara Dharnikota which discussed data breaches and data thefts. Specifically, how it gets sold and distributed on darknet forums and marketplaces. Tara also emphasized the power of OSINT and how it can be used for the good. One of my favourites of the day was the talk by Jo, “How to (almost) get a DEFCON black badge”. She is the runner-up of The DefCon Social Engineering CTF (SECTF) competition and shared her experience at the 2019 SECTF in the battle for the DefCon Black badge. The last talker of the day was Emerald Sage who spoke about APT Catfishing and demonstrated how Open Source Intelligence tools and techniques can reconstruct the APT actor playbook for engineering and executing catfishing facilitated attacks. Day 2 Laura Bell kicked off the second day with a talk that demonstrated how proximity affects human behaviour, and how we as a cyber security community can embrace this knowledge to secure an entire country. My quest for knowledge and insight delivered me to “The Socio-Economic Impact of Women in Tech” by Kathy Robins. In this fascinating talk, she discussed the lack of female participation in the technical fields within the cyber security sector and STEM and how it creates a ripple effect throughout the development of technologies, systems and services.