Gathering Intel from the Certificate Transparency Initiative for the recent Crowdstrike incident and other tailored cases. The indicators of compromise listed in the Crowdstrike article of the 19th July [1] has a list of hostnames and domains that could impersonate Crowdstrike brands. The Crowdstrike article provides a disclaimer that “Some domains in this list are not currently serving malicious content or could be intended to amplify negative sentiment. However, these sites may support future social-engineering operations”. They also provide a pointer to their LogScale query to collect this information. There is another way to get similar information straight from the TLS certificates being issued through the Certificate Transparency Initiative[2]. A general overview of the Certificate Transparency scheme is also outlined on Wikipedia [3]. The following article describes steps that can be taken to collect hostnames and domains that have recently been issued a TLS certificate and check if they hold the word “crowdstrike”. In case you are looking for permutations of words from “crowdstrike” (or any other search term), you will be able to re-run your new queries on the locally collected data. The technique uses the stream of certificates being issued and published through the Certificate Transparency Initiative with a python module created by CaliDog [4]. The python module is duly named “certstream” [5][6] and running it will start to collect current certificates being issued through CaliDog’s collection and distribution server through a secure web socket [7]. This is a “live” feed and there are potentially hundreds of items every minute. Once the certstream python module[5] has been installed locally and you also have jq [8] utility installed, you are now ready to start collecting all the certificates being issued. Recording all the details of the certificate takes up significant disk space so it is recommended to just save the fields that will be useful for future queries. It is recommended to save the following information: 1) Certificate-ID, 2) Issuer Organisation Name, and 3) All listed domains in the certificate This can be achieved by using the following commands: certstream –json | jq -r ‘.data | [[(.cert_index|tostring)], [.leaf_cert.issuer.O], .leaf_cert.all_domains | join(“,”)] | join(“\t”)’ This will collect the certificate ID, the Issuer Organisation and the domains listed in that certificate as a tab separated row, and is output to the current terminal session in a scrolling fashion. A way to save the output in convenient TSV files (in batches) is as follows: certstream –json | jq -r ‘.data | [[(.cert_index|tostring)], [.leaf_cert.issuer.O], .leaf_cert.all_domains | join(“,”)] | join(“\t”)’ >> certificate-data.tsv After an amount of time (and of your choosing), you may stop the query and relaunch the query to write to a different file, to ensure continuity of collection. On the file, you may then use a utility such as “grep” [9], to find matches in the following manner : cat certificate-data.tsv | grep crowdstrike This will yield matches containing the text “crowdstrike”. If there are other key words to be searched, this can be done by substituting the word “crowdstrike” from the above example with your search term. You may also crosscheck and get further details of the certificate by searching online repositories such as in crt.sh [10] The disclaimer used in the Crowdstrike article applies to the data found through this technique. Domains and hostnames discovered may be online, not yet online, or they may be legitimate domains. Further interpretation is required but at least you now have visibility on the hostnames being registered with a TLS certificates, which is an action of intent of bringing the hostname online. AUSCERT has a number of MISP events available to members that utilise certificate transparency logs as one of the threat intelligence sources. Happy hunting! References: [1] https://www.crowdstrike.com/blog/falcon-sensor-issue-use-to-target-crowdstrike-customers/ [2] https://certificate.transparency.dev/ [3] https://en.wikipedia.org/wiki/Certificate_Transparency [4] https://calidog.io/ [5] https://certstream.calidog.io/ [6] https://github.com/CaliDog/certstream-python [7] wss://certstream.calidog.io/ [8] https://jqlang.github.io/jq/tutorial/ [9] https://www.digitalocean.com/community/tutorials/grep-command-in-linux-unix [10] https://crt.sh/ Written by AUSCERT

CrowdStrike Technical Outage Exploited by Cyber Criminals – Stay Vigilant! On Friday 19 July, CrowdStrike released a sensor configuration update that triggered errors and system crashes in millions of Windows systems causing major business outages worldwide [2][3].  CrowdStrike has assured users that the outage was not due to a cyberattack [2]. Reports have since surfaced indicating that malicious actors are swiftly capitalising on the disruption created by this technical issue [1][4]. Reports from cybersecurity experts and industry analysts suggest that cyber criminals are leveraging the outage window to launch phishing campaigns and other malicious activities. These efforts aim to exploit emotions such as fear or urgency to manipulate users into making quick, uninformed decisions. This tactic aims to bypass users’ critical thinking and make fraudulent schemes more successful. Phishing attacks, in particular, have been observed mimicking CrowdStrike support communications. There also have been incidents where cyber criminals impersonated CrowdStrike staff in phone calls [1]. CrowdStrike has additionally noted instances where cyber criminals posed as independent researchers, falsely asserting evidence linking the technical issue to a cyberattack. They have offered supposed remediation insights and marketed scripts claiming to automate recovery from the content update problem [1]. In response to these developments, cybersecurity organisations and authorities have issued advisories urging heightened vigilance. Users are encouraged to verify the authenticity of communications, especially during service disruptions, and to adhere strictly to official channels for updates and support. CrowdStrike has shared a list of domains impersonating CrowdStrike’s brand during the outage. While some domains in this list are not currently hosting malicious content and may be intended to amplify negative sentiment, they could potentially support future social-engineering operations [1]. As CrowdStrike continues to restore full service functionality, the incident serves as a stark reminder of the evolving tactics used by cyber criminals. Organizations and individuals alike must remain vigilant, maintain updated security measures, and exercise caution in response to such incidents to mitigate potential risks effectively. The swift and coordinated response from cybersecurity communities highlights the importance of proactive measures in safeguarding against opportunistic cyber threats, ensuring resilience in the face of technical disruptions and potential exploitation by malicious actors. [1] “Falcon Sensor Content Issue from July 19, 2024, Likely Used to Target CrowdStrike Customers” – https://www.crowdstrike.com/blog/falcon-sensor-issue-use-to-target-crowdstrike-customers/ [2] “Technical Details: Falcon Content Update for Windows Hosts” – https://www.crowdstrike.com/blog/falcon-update-for-windows-hosts-technical-details/ [3] “CrowdStrike Falcon flaw sends Windows computers into chaos worldwide” – https://cyberscoop.com/crowdstrike-falcon-flaw-microsoft-outage-flights-grounded-windows/ [4] “Widespread outages relating to CrowdStrike software update” – https://www.cyber.gov.au/about-us/view-all-content/alerts-and-advisories/widespread-outages-relating-crowdstrike-software-update Written by Vishaka Wijekoon for AUSCERT

With the tax season just around the corner, AUSCERT is urging individuals to remain vigilant. This period is a prime time for cybercriminals to target unsuspecting individuals through phishing scams. These are typically circulated via various channels, including phishing emails, phone calls, text messages, and even fake websites. Malicious threat actors tend to increase their fraudulent activities utilising various phishing techniques to take advantage of the heightened financial activity during this period. AUSCERT has observed a significant increase in phishing scams impersonating MyGov and the Australian Taxation Office (ATO) during previous tax seasons. From July to October in 2022, AUSCERT received reports of around 1100 tax-related phishing emails and scams, a number that surged to approximately 2500 in 2023. These phishing emails typically impersonate official entities and may contain convincing logos and language to deceive recipients and urge users to click on a link, scan a QR code or download an attachment. The emails also claim that urgent action is required to avoid account suspension, try to trick users about a pending tax refund, highlight issues with a tax return or demand immediate action to avoid penalties. However, clicking on these links can potentially lead to malicious websites that steal Personally Identifiable Information (PII) or sensitive data like user credentials or credit card details. Additionally, clicking on the links may install malware on the user’s device, creating a backdoor for cybercriminals to monitor activities, track user behaviour, and steal login information. To protect yourself from ATO and MyGov related phishing scams during the upcoming tax season, it is crucial to take precautions like: Verify the source: Do not respond to unsolicited emails, text messages, or phone calls claiming to be from the ATO or MyGov. If it is an email, double-check the email address and sender information to confirm authenticity. Remember, the ATO or MyGov will never ask for sensitive information via email or SMS. Before providing any personal information, verify the legitimacy of the request by contacting the ATO or tax professionals through their official channels. Be wary of suspicious calls: If you receive a suspicious call from someone claiming to be from the ATO and demanding payment to receive a tax refund, it is advisable to end the call immediately. Keep in mind that the ATO will not threaten you with immediate arrest or use abusive language. Exercise caution with links and attachments: Avoid clicking on links or downloading attachments from unsolicited emails or text messages. Be cautious of urgent requests: Be wary of emails, text messages and phone calls pressuring you to act quickly or provide personal information. Take the time to verify the legitimacy of the communication. Protect personal information: Avoid sharing personal or financial details in response to emails, phone calls or text messages. Always be careful when providing information online. Report suspicious activity: If you receive a suspicious email claiming to be from the ATO or MyGov, report it to the appropriate authorities, such as the ATO’s scam reporting email address, the ACSC, or IDCARE. Keep software up to date: Ensure that your devices have the latest security updates and antivirus software to protect against malware and phishing attempts. By staying informed and vigilant, and following best practices for online security, individuals can reduce the risk of falling victim to ATO and MyGov related phishing scams during tax season. If you believe that your identity has been compromised or you have fallen a victim to a tax related scam, contact IDCARE on 1800 595 160.   Written by  Senior Information Security Analyst Vishaka 

The year 2023 has been a period of remarkable achievements and developments. This comprehensive report highlights the key successes, accomplishments, and projects undertaken by AUSCERT over the past year. From strategic initiatives and performance to market expansion and operational improvements, this review provides an in-depth analysis of our progress and sets the stage for our future endeavours. Contents  Foreword by Dr. David Stockdale Membership Overview Incident Support Vulnerability Management Threat Intelligence Training AUSCERT Conference Community Outreach Share Today Save Tomorrow Conclusion Click here to read the report  or head over to this link: https://auscert.shorthandstories.com/auscert-year-in-review-2023/index.html

Introduction: Valentine’s Day, often associated with expressions of love and affection, unfortunately also provides an opportune time for scammers to prey on unsuspecting individuals seeking romance. As we approach this annual celebration, it is crucial to remain vigilant and aware of the various scams and frauds that can lead to financial losses and emotional distress. The Australian government and major financial institutions have issued warnings about the rise in Valentine’s Day scams, highlighting the need for caution in online interactions and financial transactions [1][2]. The Scams and Frauds to Watch Out For: 1. Fraudulent Investment Opportunities Scammers use various methods to lure unsuspecting victims into their trap. They might promise high returns with little risk, exclusive insider information, or guaranteed profits within a short period. These scams may involve investments in stocks, cryptocurrencies, or even fictitious businesses. Victims are convinced to invest their hard-earned money, believing they have found a secure and profitable venture. 2. Gift Card Scams Scammers can pose as sellers offering discounted or limited-edition gift cards. They lure victims into purchasing these seemingly irresistible deals, but the gift cards turn out to be fake or previously used. Victims are left empty-handed, and their hard-earned money is gone. – Only purchase gift cards from trusted retailers or directly from their websites – Be cautious of deals that appear too good to be true – Verify the card’s balance before making any transactions. 3. Flower Delivery Scams Scammers set up fake florist websites or pose as legitimate flower delivery services. Victims place orders, pay in advance, but never receive the promised bouquets. This not only results in financial loss but also leaves disappointment and emotional distress. – Research the legitimacy of the florist before placing an order – Look for customer reviews and check their contact information – Consider using well-established flower delivery services with trusted reputations. 4. Online Shopping Fraud With the rise of online shopping, individuals often turn to the internet to purchase gifts for their loved ones. However, scammers take advantage of the increased online traffic by creating fake websites, social media pages, or advertisements offering attractive deals and discounts. Victims unknowingly share their payment information, only to receive counterfeit or never receive anything at all. – Stick to reputable online retailers with secure payment systems – Double-check website URLs for any misspellings or suspicious elements – Use secure payment methods which offer fraud protection. Protecting Yourself from Valentine’s Day Scams: 1. Stay Informed Stay updated on the latest scams and frauds by following alerts issued by government agencies, law enforcement, and trusted news sources. The more informed you are, the better prepared you will be to identify and avoid potential scams. 2. Trust Your Gut If something feels too good to be true or raises suspicions, trust your instincts. Scammers often exploit emotions and vulnerability, so be cautious before sharing personal information or engaging in financial transactions. 3. Watch out for phishing attempts Phishing is a common tactic used by scammers to trick individuals into revealing personal information or login credentials. Be wary of messages that ask for sensitive data, such as your credit card details. Legitimate organizations will never ask for such information via unsolicited messages. 4. Avoid clicking on suspicious links One of the most crucial steps in protecting yourself from scams is to refrain from clicking on links in messages, especially those that appear suspicious or unfamiliar. Scammers often use these links to redirect you to fraudulent websites or to install malware on your device. 5. Research Before Engaging Before interacting with someone online, take the time to research their profile, photos, and background information. Conducting a simple online search can sometimes reveal if the person is using fake pictures or has been involved in previously reported scams. 6. Report Suspicious Activity If you encounter suspicious profiles, emails, or messages, report them to the relevant dating platform or local authorities. Reporting such activities helps to protect others from falling victim to scams. 7. Educate Yourself and Others Share information about common scams and frauds with your friends, family, and social networks. By spreading awareness, you can collectively combat the efforts of scammers and protect those around you. Reference: [1] https://www.theaustralian.com.au/breaking-news/australians-warned-of-romance-scams-ahead-of-valentines-day/news-story/9a21c7a2ad7697980f291ffa87a439d5 [2] https://www.nationaltribune.com.au/government-warns-against-ruthless-romance-scammers-this-valentines-day/

In the digital age, data breaches have become an unfortunate reality, with cybercriminals constantly seeking vulnerabilities to gain unauthorized access to sensitive information. Recent incidents, such as the Mother of All Breaches and Naz.api, have highlighted the severity and potential consequences of leaked credential dumps. This article aims to provide insights into these incidents, their impact, and the importance of safeguarding personal information. Naz.api: Naz.api is a recent credential dump that gained attention in the cybersecurity community. The credentials are believed to have been obtained from credential stuffing lists and information-stealing malware logs. AUSCERT conducted a scan of the dump to identify credentials belonging to its members and has contacted the affected members through the Sensitive Information Alert (SIA) service. Mother of All Breaches: Mother of All Breaches (MOAB) is another dump that recently surfaced, revealing a vast collection of 26 billion records of user information from popular services like Twitter, Dropbox, LinkedIn, Adobe, Canva and Telegram. Although this is not a new breach, it is a compilation of earlier breaches. Nonetheless, the release of such sensitive information is highly concerning. Impact and Consequences: These credential dumps pose significant threats to both individuals and organizations. Cybercriminals could potentially exploit the leaked data for malicious purposes, including identity theft, phishing scams and targeted cyberattacks. It is crucial to remain vigilant and be on the lookout for any increased phishing attempts via email, text or other media. Protecting Against Credential Dumps: To mitigate the risks associated with credential dumps, individuals and organizations must practice good credential hygiene and adopt proactive security measures. Here are some essential steps to consider: Use unique and strong passwords: Avoid reusing passwords across multiple accounts and create strong, complex passwords. Multi-Factor Authentication (MFA): Enable MFA whenever possible to add an extra layer of security to your accounts. Regular Password Updates: Change passwords periodically to minimize the impact of potential breaches. Security Awareness: Stay informed about the latest cybersecurity threats and educate yourself and your employees about best practices for online security. Monitoring Services: Consider using monitoring services that can alert you if your credentials are found in a data breach. Websites like Have I Been Pwned (haveibeenpwned.com) can help you check if your email address or username has been compromised in known breaches.

AUSCERT 30 Years 30 Stories – Mark Chin Valuing the trusted and easily accessible information provided by AUSCERT, Mark Chin reflects on why he remains an AUSCERT member. As a Security Specialist at Carsales.com, receiving up-to-date information regarding threats and phishing tactics is a must. Mark recommends all organisations do their research into the services AUSCERT provides. How did you first become involved with AUSCERT? Initially, I learned of AUSCERT through my organisation’s membership. At first I didn’t know what membership entailed, until my colleagues showed me how to request phishing domain takedowns with AUSCERT. That’s how I initially started engaging with AUSCERT, and they’ve been great ever since. Having someone who can investigate suspicious emails or share them amongst their community to triage a solution has been amazing. What AUSCERT service do you use the most? Apart from the phishing takedowns, I am also part of the Slack channel. The channel is good for finding out what the latest ransoms are circulating to the public. It’s a great forum for networking and being able to ask the questions you don’t have answers to. How has AUSCERT evolved over the years? I haven’t been around long enough to observe changes in AUSCERT, but being around for 30 years, you must be doing something right. What I like about AUSCERT is that it’s a neutral organisation. You’re not competing with a vendor or coming from the government. People are more open to working with AUSCERT and networking with AUSCERT members due to this. What advice would you give to someone considering an AUSCERT membership? Start by doing your research into AUSCERT and gaining knowledge of the services they provide to see what’s on offer. What does the future hold for AUSCERT? I hope AUSCERT sticks around and can continue to support its members. How has your AUSCERT membership impacted your organisation? In a very positive way – we have a lot of threat intel coming through from AUSCERT. This is through the bulletins that share new vulnerabilities. AUSCERT has its finger on the pulse and is a trusted source of information. Rather than trying to find information, you can see similar organisations encountering the same issues.  

AUSCERT 30 Years 30 Stories – Megan Cox As AUSCERT’s Event Coordinator, Megan Cox knows a thing or two about what it’s like to be part of the Australian cyber security community. Reflecting on the positive culture of AUSCERT and the cybersecurity industry, Megan encourages people from all walks of life to become a member. Getting to share this space with great people is what drives Megan’s passion as she shares her voice in the AUSCERT 30 Years 30 Stories series. What is your favourite highlight about the AUSCERT conference? The conference is a truly unique experience. At its essence, it is a bunch of industry professionals getting together from across Australia and internationally, which is cool to see. I don’t come from a cyber background, so it was interesting for me to learn a lot in a very short amount of time about the industry. I get to meet so many great people who are members, prospective members, and conference attendees, and we get the great opportunity to tell them more about AUSCERT. What attracted you to work for AUSCERT? All of the reviews online regarding AUSCERT as an organisation were highly positive. At the time I was looking for an opportunity like this, and wanted a role that had a nice culture that supported its people, and encouraged staff to have career progression. When I saw that AUSCERT had the backing of UQ, I was like, “Oh, that can only be a good organisation.” What is your most significant highlight from your time working with AUSCERT? Besides the podcast, it’s the little bits and bobs we do on the sides like the monthly wine and cheese nights. I love getting to know everyone in our office in a more casual atmosphere. As a woman in the industry, what would you say to other young professional women wanting to enter the industry and are hesitant about the barriers? What words of encouragement would you give them? I can understand 100% where they’re coming from. I think that of all the male-dominated industries, cyber is probably the most accepting of anyone and everyone. Giving it a go is probably the best advice there is for any profession. If it’s not for you, then it’s not for you, but at least you know you’re not going to sit there in 50 years and wonder “What could have been”?    

Meet Joshua Finley, Data Centre Services Engineer at the Port of Melbourne. Having had personal experience with AUSCERT through website security and later with AUSCERT’s partnership with the Port of Melbourne, Joshua explains why he finds the membership to be well worth his time and money. Read on to find out more about Joshua’s AUSCERT connection. How did you first become involved with AUSCERT? For a long time, I hosted a large variety of websites, and back then, there wasn’t a great deal of cybersecurity resources. I became an AUSCERT member because I was looking for some help. Luckily when I started at the Port of Melbourne, as critical national infrastructure, they were already members and I got to pick up and run with our membership. What are the key benefits you’ve experienced as an AUSCERT member? Meeting the community in Melbourne has been super helpful; being able to network, and additionally receive timely alerts and notifications about the latest threats is very important. Lastly, having a point of contact to reach out to if we ever get into any trouble is reassuring. What advice would you give to someone who isn’t already an AUSCERT member? Simply, become a member and don’t think about it. We use the notification and alarms extensively and I also find the threat feed very useful. Also it’s very helpful having a point of contact to reach out to if we ever find ourselves in trouble. Looking ahead, what do you think the future holds for AUSCERT? There’s a huge space that AUSCERT could play in by extending services to a variety of non-government organisations as these organisations don’t have the footprint to do it themselves. What do you believe sets AUSCERT apart from other organisations in the cybersecurity space? Being non-for-profit, the motivations behind AUSCERT are true and pure – you don’t get this with a commercial organisation. Having a non-commercial partner  

  AUSCERT 30 Years 30 Stories – Mark Jackson Viewing the AUSCERT membership as a two-way value exchange, Mark Jackson hopes to put in just as much as he receives working alongside AUSCERT. As the Security Services Lead at MYOB, providing tax, accounting, and other business services to multiple individuals and companies across Australia, Mark’s AUSCERT story spans years. How did you first become involved with AUSCERT, and what motivated you to become a member? I’ve worked in many different organisations and at one in particular, I was prompted to investigate AUSCERT and sign up. Many years later, I’ve crossed multiple organisations and am still a member. What are some of the key benefits and experiences of an AUSCERT membership? The key services that I’ve used across my career are AUSCERT’s threat and vulnerability intelligence, along with takedown services. These services have been invaluable to the workplaces I’ve been a part of providing guidance through various incidents, good advice, and leading us to the right people to workshop a solution. How has AUSCERT evolved over the years, and what changes have you seen in the cybersecurity landscape that have affected the organisation’s work? Back in the day, cybersecurity was only attached to infrastructure. Just about every company needs to mature to deal with today’s challenges. The services AUSCERT offers and how they approach security have changed to match modern threats. What advice would you give to someone considering becoming an AUSCERT member? Be sure to lean on the network and stay in contact. Like anything, you get out what you put in. Looking ahead, what do you think the future holds for AUSCERT, and how do you see the organisation continue to play a role in the cybersecurity community? Given the depth and breadth of AUSCERT’s connections within the community, the organisation’s pool of information will be highly valuable. It’s the community that gives AUSCERT a much broader picture of things that might impact individual companies that they might not see otherwise. What do you believe sets AUSCERT apart from other organisations in the cybersecurity space? AUSCERT’s connection to a wider set of industries and partnerships than cybersecurity silos is their most significant drawcard. AUSCERT collates a broader view of the threats that are out there and what’s happening in general.

 AUSCERT 30 Years 30 Stories – Dave O’Loan Long-time AUSCERT affiliate and member, Dave O’Loan shares his journey with AUSCERT. As Head of Cyber Relations at the Australian Academic Research Network (AARNet), Dave has had many touchpoints with AUSCERT throughout his career. The sharing of information and diverse collaboration is why Dave continues to support and remain a member of AUSCERT. How did you first get involved with AUSCERT and what motivated you to become a member? AUSCERT is a partner with AARNet within AHECS, the Australian Higher Education Cyber Security Service. Prior to that, I had a long history of working within the academic and research sector. AUSCERT is part of The University of Queensland, linking with AARNet as a shareholder. Therefore, we have a close relationship around securing our sector and broadly sharing information. What are some of the key benefits and experiences of an AUSCERT membership? AARNet gains a lot of benefits through the sharing of threat intelligence, technical indicators, advisories, and bulletins. We also gain a lot from the AUSCERT community, including the conference, and other communities that bring security individuals together to share information effectively. How has AUSCERT evolved over the years, and what changes have you seen in the cybersecurity landscape that have affected the organisation’s work? AUSCERT has evolved by leveraging events like the annual conference and building a strong, information-sharing community. The evolution includes stronger partnerships, distributing information, and bringing different industry verticals together. AUSCERT plays a significant role in ensuring the CERT function is carried out and making sure there’s timely advice available for members. What advice would you give to someone considering becoming an AUSCERT member? AUSCERT memberships have numerous benefits, providing access to information, people, skills, and knowledge that an organisation might not have in-house. The membership allows for asking questions, gaining guidance, and receiving information that helps protect systems, networks, and people. AUSCERT’s training contributes to the cybersecurity maturity of an organisation. What do you think the future holds for AUSCERT, and how do you see the organisation continuing to play a vital role in the cybersecurity community? Many people don’t like answering this question, but I see a bright future for AUSCERT. With the evolving cybersecurity landscape, more entities need to be involved in the broader uplift. AUSCERT’s long history of support and leveraging its capabilities will contribute significantly to achieving a more secure nation. How has your membership in AUSCERT impacted your organisation’s overall approach to cybersecurity? The membership has provided unique information sharing, a subscription model with significant value, and the ability to maintain multiple cybersecurity partners. Different partners contribute advice and guidance across various aspects like risk, threat intel, and governance. What do you believe sets AUSCERT apart from other organisations in the cybersecurity space? AUSCERT’s unique nature lies in the shared information it has available through different partners. Maintaining different cybersecurity partners is critical because no single organisation has the knowledge or capacity to understand all risks, threats and governance challenges an organisation could face.

AUSCERT 30 Years 30 Stories – Trace Borrero Trace Borrero works at the University of Southern Queensland and through the university’s connection to AUSCERT, Trace has developed into a well-trained and active part of the AUSCERT community. From graduate to professional, check out Trace’s AUSCERT story. How did you first become a member of AUSCERT? I came directly out of my degree in cyber security and landed in a role at the University of Southern Queensland. The university were already members, so I became a member. How do you use the AUSCERT service and what benefit do you receive? We use the Malware Information Sharing Platform (MISP) a lot, and we’ve learned to automate from there. When I graduated there was a lot of talk about the intel and IOCs that came from AUSCERT. We would be looking for them in our environment and acting on them if needed. Whenever we’d see widespread phishing, we’d be able to send it to AUSCERT and they would handle it. To me as a graduate, it was magic. I didn’t understand what was going on, but I knew that it was taken care of. Now that I’ve learned the ropes, it’s a plus, because there is a lot of groundwork in the backend that AUSCERT handle for you. How do you think AUSCERT has evolved over the years? I’ve been a member for five years, so I’ve seen lots of change in the direction the industry is heading. AUSCERT is trying to remain cutting edge, which is important. Recently, automation is the new buzzword. Automation is one place that AUSCERT have adapted successfully, preparing their members to automate and thinking about what type of automation that members want. What advice would you give to someone considering becoming an AUSCERT member? It’s worth it – one of the best things you could do, is simply attend the conference and see what it’s all about. It’s hard to see AUSCERT’s benefit purely from the website. Meeting AUSCERT’s members, attending events, or just the conference, is a good place to start. What do you think the future holds for AUSCERT? I assume AUSCERT will continue to try and stay cutting edge. They will also continue to look out for their members as best they can, in whatever way that means. What sets AUSCERT apart from other organisations in the cyber security industry? AUSCERT are looking out for you. Obviously, they have their own interests, but their interests are their members. You don’t see that very often, specifically when you look at other vendors. Simply having someone to bounce your ideas off, and then receiving feedback from AUSCERT and its member community is fantastic. To be able to say: “Oh, hey, I’ve seen this phishing email. Has anyone else seen it?” “Oh, yes, we’ve seen it, and these are the other IOCs or other attributes of it.” It’s truly a community of learning and collaboration.