Written by AUSCERT Principal Analyst, Mark Carey-Smith Tabletop exercises are referred to by different terms, including “drills”, “simulations”, just “exercises” or “discussion exercises”, though these terms don’t always mean the same thing. NIST’s definition in SP 800-84 is: “Tabletop exercises are discussion-based exercises where personnel meet in a classroom setting or in breakout groups to discuss their roles during an emergency and their responses to a particular emergency situation. A facilitator presents a scenario and asks the exercise participants questions related to the scenario, which initiates a discussion among the participants of roles, responsibilities, coordination, and decision-making. A tabletop exercise is discussion-based only and does not involve deploying equipment or other resources.” In our context, the emergency situation usually involves a cyber incident. Tabletop exercises, or TTXs, can be oriented towards cyber incident response, business continuity, crisis management or elements of all three, depending on what the organisation running the TTX wants to achieve. Participants can be from any role; operational, cyber security, communications, executives or a combination. Why perform tabletop exercises? Having accurate and easy to understand incident response plans and playbooks is obviously important, but we just don’t know how effective they are until they are tested through use. It’s far safer to do that testing via a simulated incident in a TTX rather than a real one. Running TTXs can help provide an understanding for how people will respond to an incident. Even when we know it’s a simulation, it still gets some of the same juices flowing, which should also help people respond with lower levels of stress during an actual incident. TTXs can engage stakeholders, particularly executive ones, in a way that risk heat maps and logically structured arguments simply don’t, because if they are done well, TTXs can engage stakeholders emotionally. Emotional engagement can be a strong lever for change. By planning and executing TTXs in a progressive and supportive way that values opportunities for improvement, a culture of learning can be created that does not penalise mistakes but instead sees them as teachable moments. Some organisations have contractual obligations, for example from clients, to perform regular TTXs. Some insurance policies may require, or apply pressure via pricing mechanisms, for their clients to perform TTXs. Regulatory requirements, such as for some of the specific entities that fall under the SoCI ACT, require exercises to be performed, while others have implied obligations. The Australian Prudential Regulation Authority has requirements in CPS234 for regulated entities to: “…annually review and test its information security response plans to ensure they remain effective and fit-for-purpose”. In the associated CPG234, tabletop exercises are a recommended way to test incident preparedness. Audit findings may recommend the use of tabletops to improve or validate incident response practices. Such audits might be organisation-specific or sector-wide. To help non-technical stakeholders, like managers or execs, understand the difficulties and complexities of incident response better, such as the considerable amount of time that an incident can take to resolve, including recovery. Some useful information for designing and running TTXs: CISA’s tabletop exercise resources. Use google search “CISA CTEP filetype:docx” to find editable versions of some of their documents. ANSSI has some good resources for what they call ‘cyber crisis management’ exercises The ACSC has re-badged the original Exercise in a Box platform created by the UK’s NCSC and adapted the language and context for Australian audiences. It can be an easier and more structured way to deliver TTXs for first time facilitators. AUSCERT now delivers TTXs as part of our GRC services. We can design and deliver custom-created TTXs for organisations to suit their specific objectives. We can also assist organisations to deliver their own TTXs through assistance with planning, execution and evaluation. Please contact us for more information.

Introduction Medibank experienced a significant data breach in 2022, impacting the sensitive information of 9.7 million customers. The Office of the Australian Information Commissioner (OAIC) alleges that a contributing factor to this breach may have been the absence of Multi-Factor Authentication (MFA), which could have potentially hindered the attackers. AUSCERT compiled this information for its members and the broader community, urging organisations to consider implementing MFA as an additional verification layer before accessing accounts or sensitive information. It is important to note, however, that while MFA enhances security and reduces unauthorised access risks, it does not provide absolute protection for accounts – instances of MFA bypass by attackers have been observed for some time now.   What is Multi-Factor Authentication (MFA)? MFA goes beyond the traditional username-password combination by requiring two or more forms of identity verification to authorise access. These typically include: – Something you know (e.g., password) – Something you have (e.g., mobile device for receiving verification code) – Something you are (e.g., biometric data like fingerprints or facial recognition)   Why MFA is Essential for Security? Enhanced Security Against Password Theft: MFA adds an extra layer of protection by requiring a second form of authentication, like a mobile code or biometric scan, reducing the risk of unauthorised access even if passwords are stolen. Mitigation of Credential Stuffing: MFA disrupts credential stuffing attempts by requiring an additional factor beyond usernames and passwords. User-Friendly Security: Modern MFA solutions balance security with user-friendly options like biometric authentication and push notifications, ensuring a seamless experience while maintaining robust security. Protection of Remote Workforce: With the rise of remote work, MFA secures access to corporate networks from any location, potentially preventing unauthorised entry even on unsecured networks. Long-Term Cost-Effectiveness: Despite initial setup costs, MFA significantly reduces potential costs from data breaches and cyberattacks, safeguarding financial assets and reputation. Enhanced Consumer Trust: Implementing MFA assures customers that the organisation is implementing robust cyber security practices; this in turn can foster lasting client relationships.   Best Practices for Implementing MFA in Organisations While specific practices may vary, common best practices include: Clearly defining which systems and data assets require MFA based on risk assessments and compliance needs. Choosing authentication factors based on security requirements and user convenience. Ensuring compatibility with existing IT systems and applications using standard protocols. Implementing user-friendly MFA methods such as push notifications or biometrics to encourage adoption. Conducting regular training sessions to educate users on MFA usage and security best practices. Maintaining robust monitoring, incident response, and regular updates to keep MFA systems secure and effective. Monitoring performance metrics, gathering feedback, and adjusting MFA policies as needed to address evolving threats.   Challenges in Adopting MFA Despite its benefits, organisations may face challenges such as user resistance, integration with legacy systems, and initial investment costs during MFA implementation.   Conclusion It is crucial for organisations to adopt MFA to protect their data and maintain trust with customers and partners. By effectively implementing MFA, organisations can better defend against cyber threats and ensure the security of sensitive information. While MFA does not offer complete protection against all threats, it remains an essential component in reducing cybersecurity risks and safeguarding sensitive data.

We are continuously striving to help our members minimise their exposure to cyber threats and understand that managing effective prioritisation in vulnerability management is a growing concern. To assist with these efforts, AUSCERT is pleased to introduce the Exploitation Prediction Scoring System (EPSS) within our bulletins and Critical MSINs, starting August 12 2024. Important: AUSCERT advises members to research EPSS thoroughly before considering its application in vulnerability management. What is EPSS? EPSS, developed by FIRST (Forum of Incident Response and Security Teams), employs advanced algorithms to forecast the likelihood of vulnerabilities being exploited in real-world scenarios. Higher EPSS scores indicate a heightened risk of exploitation, enabling our members to prioritise their remediation efforts on the most critical vulnerabilities. This initiative is designed to bolster proactive cybersecurity measures and enhance overall resilience against potential threats. EPSS vs CVSS: CVSS serves as a reliable framework for assessing vulnerability severity, whereas EPSS offers an additional layer of insight by predicting the likelihood of exploitation. CVSS evaluates vulnerabilities based on their characteristics and potential impacts but lacks real-world threat data. In contrast, EPSS predictions draw from the latest risk intelligence sourced from the CVE repository and empirical data on actual system attacks. Where does the EPSS score appear in the AUSCERT bulletin? The EPSS (Max) score appears for each bulletin in the comments section, below the CVSS (Max) Score. Where does the EPSS score appear in the Critical MSIN? The EPSS (Max) score appears in the overview section of the AUSCERT’s Critical MSIN. Syntax: EPSS (Max): (*Probability) (**Percentile) (CVE Number) (Date EPSS calculated) For Example: EPSS (Max): 0.2% (51st) CVE-2024-XXXXX 2024-07-02 *The likelihood of exploitation of the given CVE within the next 30 days ** The vulnerability’s relative severity compared to others, ranking it within a distribution of similar security issues based on their assessed risks and potential impacts. (Important: Note that EPSS scores can change over time, so if making decisions based on EPSS it is recommended to ensure you are using a recently updated value available from FIRST) (See articles below for further details on use and interpretation) References: Understanding EPSS can require effort, and its suitability can vary depending on the environment. For those interested in exploring EPSS further and understanding its functionality, informative articles are available: [1] https://www.first.org/epss/ [2] https://www.first.org/epss/user-guide [3] https://www.first.org/epss/faq [4] https://vulners.com/blog/epss-exploit-prediction-scoring-system/ [5] https://blog.stackaware.com/p/deep-dive-into-the-epss [6] https://asimily.com/blog/epss-and-its-role-in-vulnerability-management/ [7] https://security.cms.gov/posts/assessing-vulnerability-risks-exploit-prediction-scoring-system-epss [8] https://insights.sei.cmu.edu/blog/probably-dont-rely-on-epss-yet/

Gathering Intel from the Certificate Transparency Initiative for the recent Crowdstrike incident and other tailored cases. The indicators of compromise listed in the Crowdstrike article of the 19th July [1] has a list of hostnames and domains that could impersonate Crowdstrike brands. The Crowdstrike article provides a disclaimer that “Some domains in this list are not currently serving malicious content or could be intended to amplify negative sentiment. However, these sites may support future social-engineering operations”. They also provide a pointer to their LogScale query to collect this information. There is another way to get similar information straight from the TLS certificates being issued through the Certificate Transparency Initiative[2]. A general overview of the Certificate Transparency scheme is also outlined on Wikipedia [3]. The following article describes steps that can be taken to collect hostnames and domains that have recently been issued a TLS certificate and check if they hold the word “crowdstrike”. In case you are looking for permutations of words from “crowdstrike” (or any other search term), you will be able to re-run your new queries on the locally collected data. The technique uses the stream of certificates being issued and published through the Certificate Transparency Initiative with a python module created by CaliDog [4]. The python module is duly named “certstream” [5][6] and running it will start to collect current certificates being issued through CaliDog’s collection and distribution server through a secure web socket [7]. This is a “live” feed and there are potentially hundreds of items every minute. Once the certstream python module[5] has been installed locally and you also have jq [8] utility installed, you are now ready to start collecting all the certificates being issued. Recording all the details of the certificate takes up significant disk space so it is recommended to just save the fields that will be useful for future queries. It is recommended to save the following information: 1) Certificate-ID, 2) Issuer Organisation Name, and 3) All listed domains in the certificate This can be achieved by using the following commands: certstream –json | jq -r ‘.data | [[(.cert_index|tostring)], [.leaf_cert.issuer.O], .leaf_cert.all_domains | join(“,”)] | join(“\t”)’ This will collect the certificate ID, the Issuer Organisation and the domains listed in that certificate as a tab separated row, and is output to the current terminal session in a scrolling fashion. A way to save the output in convenient TSV files (in batches) is as follows: certstream –json | jq -r ‘.data | [[(.cert_index|tostring)], [.leaf_cert.issuer.O], .leaf_cert.all_domains | join(“,”)] | join(“\t”)’ >> certificate-data.tsv After an amount of time (and of your choosing), you may stop the query and relaunch the query to write to a different file, to ensure continuity of collection. On the file, you may then use a utility such as “grep” [9], to find matches in the following manner : cat certificate-data.tsv | grep crowdstrike This will yield matches containing the text “crowdstrike”. If there are other key words to be searched, this can be done by substituting the word “crowdstrike” from the above example with your search term. You may also crosscheck and get further details of the certificate by searching online repositories such as in crt.sh [10] The disclaimer used in the Crowdstrike article applies to the data found through this technique. Domains and hostnames discovered may be online, not yet online, or they may be legitimate domains. Further interpretation is required but at least you now have visibility on the hostnames being registered with a TLS certificates, which is an action of intent of bringing the hostname online. AUSCERT has a number of MISP events available to members that utilise certificate transparency logs as one of the threat intelligence sources. Happy hunting! References: [1] https://www.crowdstrike.com/blog/falcon-sensor-issue-use-to-target-crowdstrike-customers/ [2] https://certificate.transparency.dev/ [3] https://en.wikipedia.org/wiki/Certificate_Transparency [4] https://calidog.io/ [5] https://certstream.calidog.io/ [6] https://github.com/CaliDog/certstream-python [7] wss://certstream.calidog.io/ [8] https://jqlang.github.io/jq/tutorial/ [9] https://www.digitalocean.com/community/tutorials/grep-command-in-linux-unix [10] https://crt.sh/ Written by AUSCERT

CrowdStrike Technical Outage Exploited by Cyber Criminals – Stay Vigilant! On Friday 19 July, CrowdStrike released a sensor configuration update that triggered errors and system crashes in millions of Windows systems causing major business outages worldwide [2][3].  CrowdStrike has assured users that the outage was not due to a cyberattack [2]. Reports have since surfaced indicating that malicious actors are swiftly capitalising on the disruption created by this technical issue [1][4]. Reports from cybersecurity experts and industry analysts suggest that cyber criminals are leveraging the outage window to launch phishing campaigns and other malicious activities. These efforts aim to exploit emotions such as fear or urgency to manipulate users into making quick, uninformed decisions. This tactic aims to bypass users’ critical thinking and make fraudulent schemes more successful. Phishing attacks, in particular, have been observed mimicking CrowdStrike support communications. There also have been incidents where cyber criminals impersonated CrowdStrike staff in phone calls [1]. CrowdStrike has additionally noted instances where cyber criminals posed as independent researchers, falsely asserting evidence linking the technical issue to a cyberattack. They have offered supposed remediation insights and marketed scripts claiming to automate recovery from the content update problem [1]. In response to these developments, cybersecurity organisations and authorities have issued advisories urging heightened vigilance. Users are encouraged to verify the authenticity of communications, especially during service disruptions, and to adhere strictly to official channels for updates and support. CrowdStrike has shared a list of domains impersonating CrowdStrike’s brand during the outage. While some domains in this list are not currently hosting malicious content and may be intended to amplify negative sentiment, they could potentially support future social-engineering operations [1]. As CrowdStrike continues to restore full service functionality, the incident serves as a stark reminder of the evolving tactics used by cyber criminals. Organizations and individuals alike must remain vigilant, maintain updated security measures, and exercise caution in response to such incidents to mitigate potential risks effectively. The swift and coordinated response from cybersecurity communities highlights the importance of proactive measures in safeguarding against opportunistic cyber threats, ensuring resilience in the face of technical disruptions and potential exploitation by malicious actors. [1] “Falcon Sensor Content Issue from July 19, 2024, Likely Used to Target CrowdStrike Customers” – https://www.crowdstrike.com/blog/falcon-sensor-issue-use-to-target-crowdstrike-customers/ [2] “Technical Details: Falcon Content Update for Windows Hosts” – https://www.crowdstrike.com/blog/falcon-update-for-windows-hosts-technical-details/ [3] “CrowdStrike Falcon flaw sends Windows computers into chaos worldwide” – https://cyberscoop.com/crowdstrike-falcon-flaw-microsoft-outage-flights-grounded-windows/ [4] “Widespread outages relating to CrowdStrike software update” – https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/widespread-outages-relating-crowdstrike-software-update Written by Vishaka Wijekoon for AUSCERT

With the tax season just around the corner, AUSCERT is urging individuals to remain vigilant. This period is a prime time for cybercriminals to target unsuspecting individuals through phishing scams. These are typically circulated via various channels, including phishing emails, phone calls, text messages, and even fake websites. Malicious threat actors tend to increase their fraudulent activities utilising various phishing techniques to take advantage of the heightened financial activity during this period. AUSCERT has observed a significant increase in phishing scams impersonating MyGov and the Australian Taxation Office (ATO) during previous tax seasons. From July to October in 2022, AUSCERT received reports of around 1100 tax-related phishing emails and scams, a number that surged to approximately 2500 in 2023. These phishing emails typically impersonate official entities and may contain convincing logos and language to deceive recipients and urge users to click on a link, scan a QR code or download an attachment. The emails also claim that urgent action is required to avoid account suspension, try to trick users about a pending tax refund, highlight issues with a tax return or demand immediate action to avoid penalties. However, clicking on these links can potentially lead to malicious websites that steal Personally Identifiable Information (PII) or sensitive data like user credentials or credit card details. Additionally, clicking on the links may install malware on the user’s device, creating a backdoor for cybercriminals to monitor activities, track user behaviour, and steal login information. To protect yourself from ATO and MyGov related phishing scams during the upcoming tax season, it is crucial to take precautions like: Verify the source: Do not respond to unsolicited emails, text messages, or phone calls claiming to be from the ATO or MyGov. If it is an email, double-check the email address and sender information to confirm authenticity. Remember, the ATO or MyGov will never ask for sensitive information via email or SMS. Before providing any personal information, verify the legitimacy of the request by contacting the ATO or tax professionals through their official channels. Be wary of suspicious calls: If you receive a suspicious call from someone claiming to be from the ATO and demanding payment to receive a tax refund, it is advisable to end the call immediately. Keep in mind that the ATO will not threaten you with immediate arrest or use abusive language. Exercise caution with links and attachments: Avoid clicking on links or downloading attachments from unsolicited emails or text messages. Be cautious of urgent requests: Be wary of emails, text messages and phone calls pressuring you to act quickly or provide personal information. Take the time to verify the legitimacy of the communication. Protect personal information: Avoid sharing personal or financial details in response to emails, phone calls or text messages. Always be careful when providing information online. Report suspicious activity: If you receive a suspicious email claiming to be from the ATO or MyGov, report it to the appropriate authorities, such as the ATO’s scam reporting email address, the ACSC, or IDCARE. Keep software up to date: Ensure that your devices have the latest security updates and antivirus software to protect against malware and phishing attempts. By staying informed and vigilant, and following best practices for online security, individuals can reduce the risk of falling victim to ATO and MyGov related phishing scams during tax season. If you believe that your identity has been compromised or you have fallen a victim to a tax related scam, contact IDCARE on 1800 595 160.   Written by  Senior Information Security Analyst Vishaka 

The year 2023 has been a period of remarkable achievements and developments. This comprehensive report highlights the key successes, accomplishments, and projects undertaken by AUSCERT over the past year. From strategic initiatives and performance to market expansion and operational improvements, this review provides an in-depth analysis of our progress and sets the stage for our future endeavours. Contents  Foreword by Dr. David Stockdale Membership Overview Incident Support Vulnerability Management Threat Intelligence Training AUSCERT Conference Community Outreach Share Today Save Tomorrow Conclusion Click here to read the report  or head over to this link: https://auscert.shorthandstories.com/auscert-year-in-review-2023/index.html

Introduction: Valentine’s Day, often associated with expressions of love and affection, unfortunately also provides an opportune time for scammers to prey on unsuspecting individuals seeking romance. As we approach this annual celebration, it is crucial to remain vigilant and aware of the various scams and frauds that can lead to financial losses and emotional distress. The Australian government and major financial institutions have issued warnings about the rise in Valentine’s Day scams, highlighting the need for caution in online interactions and financial transactions [1][2]. The Scams and Frauds to Watch Out For: 1. Fraudulent Investment Opportunities Scammers use various methods to lure unsuspecting victims into their trap. They might promise high returns with little risk, exclusive insider information, or guaranteed profits within a short period. These scams may involve investments in stocks, cryptocurrencies, or even fictitious businesses. Victims are convinced to invest their hard-earned money, believing they have found a secure and profitable venture. 2. Gift Card Scams Scammers can pose as sellers offering discounted or limited-edition gift cards. They lure victims into purchasing these seemingly irresistible deals, but the gift cards turn out to be fake or previously used. Victims are left empty-handed, and their hard-earned money is gone. – Only purchase gift cards from trusted retailers or directly from their websites – Be cautious of deals that appear too good to be true – Verify the card’s balance before making any transactions. 3. Flower Delivery Scams Scammers set up fake florist websites or pose as legitimate flower delivery services. Victims place orders, pay in advance, but never receive the promised bouquets. This not only results in financial loss but also leaves disappointment and emotional distress. – Research the legitimacy of the florist before placing an order – Look for customer reviews and check their contact information – Consider using well-established flower delivery services with trusted reputations. 4. Online Shopping Fraud With the rise of online shopping, individuals often turn to the internet to purchase gifts for their loved ones. However, scammers take advantage of the increased online traffic by creating fake websites, social media pages, or advertisements offering attractive deals and discounts. Victims unknowingly share their payment information, only to receive counterfeit or never receive anything at all. – Stick to reputable online retailers with secure payment systems – Double-check website URLs for any misspellings or suspicious elements – Use secure payment methods which offer fraud protection. Protecting Yourself from Valentine’s Day Scams: 1. Stay Informed Stay updated on the latest scams and frauds by following alerts issued by government agencies, law enforcement, and trusted news sources. The more informed you are, the better prepared you will be to identify and avoid potential scams. 2. Trust Your Gut If something feels too good to be true or raises suspicions, trust your instincts. Scammers often exploit emotions and vulnerability, so be cautious before sharing personal information or engaging in financial transactions. 3. Watch out for phishing attempts Phishing is a common tactic used by scammers to trick individuals into revealing personal information or login credentials. Be wary of messages that ask for sensitive data, such as your credit card details. Legitimate organizations will never ask for such information via unsolicited messages. 4. Avoid clicking on suspicious links One of the most crucial steps in protecting yourself from scams is to refrain from clicking on links in messages, especially those that appear suspicious or unfamiliar. Scammers often use these links to redirect you to fraudulent websites or to install malware on your device. 5. Research Before Engaging Before interacting with someone online, take the time to research their profile, photos, and background information. Conducting a simple online search can sometimes reveal if the person is using fake pictures or has been involved in previously reported scams. 6. Report Suspicious Activity If you encounter suspicious profiles, emails, or messages, report them to the relevant dating platform or local authorities. Reporting such activities helps to protect others from falling victim to scams. 7. Educate Yourself and Others Share information about common scams and frauds with your friends, family, and social networks. By spreading awareness, you can collectively combat the efforts of scammers and protect those around you. Reference: [1] https://www.theaustralian.com.au/breaking-news/australians-warned-of-romance-scams-ahead-of-valentines-day/news-story/9a21c7a2ad7697980f291ffa87a439d5 [2] https://www.nationaltribune.com.au/government-warns-against-ruthless-romance-scammers-this-valentines-day/

In the digital age, data breaches have become an unfortunate reality, with cybercriminals constantly seeking vulnerabilities to gain unauthorized access to sensitive information. Recent incidents, such as the Mother of All Breaches and Naz.api, have highlighted the severity and potential consequences of leaked credential dumps. This article aims to provide insights into these incidents, their impact, and the importance of safeguarding personal information. Naz.api: Naz.api is a recent credential dump that gained attention in the cybersecurity community. The credentials are believed to have been obtained from credential stuffing lists and information-stealing malware logs. AUSCERT conducted a scan of the dump to identify credentials belonging to its members and has contacted the affected members through the Sensitive Information Alert (SIA) service. Mother of All Breaches: Mother of All Breaches (MOAB) is another dump that recently surfaced, revealing a vast collection of 26 billion records of user information from popular services like Twitter, Dropbox, LinkedIn, Adobe, Canva and Telegram. Although this is not a new breach, it is a compilation of earlier breaches. Nonetheless, the release of such sensitive information is highly concerning. Impact and Consequences: These credential dumps pose significant threats to both individuals and organizations. Cybercriminals could potentially exploit the leaked data for malicious purposes, including identity theft, phishing scams and targeted cyberattacks. It is crucial to remain vigilant and be on the lookout for any increased phishing attempts via email, text or other media. Protecting Against Credential Dumps: To mitigate the risks associated with credential dumps, individuals and organizations must practice good credential hygiene and adopt proactive security measures. Here are some essential steps to consider: Use unique and strong passwords: Avoid reusing passwords across multiple accounts and create strong, complex passwords. Multi-Factor Authentication (MFA): Enable MFA whenever possible to add an extra layer of security to your accounts. Regular Password Updates: Change passwords periodically to minimize the impact of potential breaches. Security Awareness: Stay informed about the latest cybersecurity threats and educate yourself and your employees about best practices for online security. Monitoring Services: Consider using monitoring services that can alert you if your credentials are found in a data breach. Websites like Have I Been Pwned (haveibeenpwned.com) can help you check if your email address or username has been compromised in known breaches.

AUSCERT 30 Years 30 Stories – Mark Chin Valuing the trusted and easily accessible information provided by AUSCERT, Mark Chin reflects on why he remains an AUSCERT member. As a Security Specialist at Carsales.com, receiving up-to-date information regarding threats and phishing tactics is a must. Mark recommends all organisations do their research into the services AUSCERT provides. How did you first become involved with AUSCERT? Initially, I learned of AUSCERT through my organisation’s membership. At first I didn’t know what membership entailed, until my colleagues showed me how to request phishing domain takedowns with AUSCERT. That’s how I initially started engaging with AUSCERT, and they’ve been great ever since. Having someone who can investigate suspicious emails or share them amongst their community to triage a solution has been amazing. What AUSCERT service do you use the most? Apart from the phishing takedowns, I am also part of the Slack channel. The channel is good for finding out what the latest ransoms are circulating to the public. It’s a great forum for networking and being able to ask the questions you don’t have answers to. How has AUSCERT evolved over the years? I haven’t been around long enough to observe changes in AUSCERT, but being around for 30 years, you must be doing something right. What I like about AUSCERT is that it’s a neutral organisation. You’re not competing with a vendor or coming from the government. People are more open to working with AUSCERT and networking with AUSCERT members due to this. What advice would you give to someone considering an AUSCERT membership? Start by doing your research into AUSCERT and gaining knowledge of the services they provide to see what’s on offer. What does the future hold for AUSCERT? I hope AUSCERT sticks around and can continue to support its members. How has your AUSCERT membership impacted your organisation? In a very positive way – we have a lot of threat intel coming through from AUSCERT. This is through the bulletins that share new vulnerabilities. AUSCERT has its finger on the pulse and is a trusted source of information. Rather than trying to find information, you can see similar organisations encountering the same issues.  

AUSCERT 30 Years 30 Stories – Megan Cox As AUSCERT’s Event Coordinator, Megan Cox knows a thing or two about what it’s like to be part of the Australian cyber security community. Reflecting on the positive culture of AUSCERT and the cybersecurity industry, Megan encourages people from all walks of life to become a member. Getting to share this space with great people is what drives Megan’s passion as she shares her voice in the AUSCERT 30 Years 30 Stories series. What is your favourite highlight about the AUSCERT conference? The conference is a truly unique experience. At its essence, it is a bunch of industry professionals getting together from across Australia and internationally, which is cool to see. I don’t come from a cyber background, so it was interesting for me to learn a lot in a very short amount of time about the industry. I get to meet so many great people who are members, prospective members, and conference attendees, and we get the great opportunity to tell them more about AUSCERT. What attracted you to work for AUSCERT? All of the reviews online regarding AUSCERT as an organisation were highly positive. At the time I was looking for an opportunity like this, and wanted a role that had a nice culture that supported its people, and encouraged staff to have career progression. When I saw that AUSCERT had the backing of UQ, I was like, “Oh, that can only be a good organisation.” What is your most significant highlight from your time working with AUSCERT? Besides the podcast, it’s the little bits and bobs we do on the sides like the monthly wine and cheese nights. I love getting to know everyone in our office in a more casual atmosphere. As a woman in the industry, what would you say to other young professional women wanting to enter the industry and are hesitant about the barriers? What words of encouragement would you give them? I can understand 100% where they’re coming from. I think that of all the male-dominated industries, cyber is probably the most accepting of anyone and everyone. Giving it a go is probably the best advice there is for any profession. If it’s not for you, then it’s not for you, but at least you know you’re not going to sit there in 50 years and wonder “What could have been”?    

Meet Joshua Finley, Data Centre Services Engineer at the Port of Melbourne. Having had personal experience with AUSCERT through website security and later with AUSCERT’s partnership with the Port of Melbourne, Joshua explains why he finds the membership to be well worth his time and money. Read on to find out more about Joshua’s AUSCERT connection. How did you first become involved with AUSCERT? For a long time, I hosted a large variety of websites, and back then, there wasn’t a great deal of cybersecurity resources. I became an AUSCERT member because I was looking for some help. Luckily when I started at the Port of Melbourne, as critical national infrastructure, they were already members and I got to pick up and run with our membership. What are the key benefits you’ve experienced as an AUSCERT member? Meeting the community in Melbourne has been super helpful; being able to network, and additionally receive timely alerts and notifications about the latest threats is very important. Lastly, having a point of contact to reach out to if we ever get into any trouble is reassuring. What advice would you give to someone who isn’t already an AUSCERT member? Simply, become a member and don’t think about it. We use the notification and alarms extensively and I also find the threat feed very useful. Also it’s very helpful having a point of contact to reach out to if we ever find ourselves in trouble. Looking ahead, what do you think the future holds for AUSCERT? There’s a huge space that AUSCERT could play in by extending services to a variety of non-government organisations as these organisations don’t have the footprint to do it themselves. What do you believe sets AUSCERT apart from other organisations in the cybersecurity space? Being non-for-profit, the motivations behind AUSCERT are true and pure – you don’t get this with a commercial organisation. Having a non-commercial partner