Tagged: Cyber Toggle Comment Threads | Keyboard Shortcuts

  • jkabtech 4:17 am on December 15, 2017 Permalink | Reply
    Tags: Cyber, , , spree   

    ANZ Bank in cyber security hiring spree 

    As rival CBA downscales.

    ANZ Bank is seeking to grow its team of cyber security professionals as it builds out its digital delivery capabilities and implements the scaled agile methodology across the entire bank.

    The company in May announced it would expand its use of agile to the whole organisation to allow it to respond faster to customer demands.

    The restructure will see multi-disciplinary teams of about 10 employees created across the workforce in pursuit of a leaner, more efficient organisation.

    At the same time the bank is working to boost its abilities in digital delivery, having recently created an executive role dedicated to digital transformation filled by former eBay Europe chief operating officer Jennifer Scott.

    Scott’s responsibility is to “accelerate an innovative culture” across the bank through the use of strategic digital partnerships, and deliver ANZ’s new digital banking strategy.

    The new directions in agile and digital have necessitated growth in the bank’s information and cyber security team, according to job ads posted by ANZ

    It is recruiting for a number of positions, including for a new red team.

    A red team is a group of professionals tasked with finding holes in an organisation’s IT security posture. The bank said the new team was an expansion of existing red team capability.

    Roles available include a team leader, manager, and consultant positions.

    “The focus of these roles is on evaluating and testing our environment for any issues regarding our security posture. You will be driving effective penetration testing and process efficiencies, in line with best practice,” ANZ said.

    Three security and technology risk management roles are also on offer across the digital, data, and payments domains.

    “We want to build an innovative, secure and simplified environment using the latest tools, techniques and industry best practice,” the bank wrote.

    “There has never been a more exciting time to work in cyber security. Our team plays an important role at ANZ, collaborating to achieve the best security outcomes across the bank, broader industry and government as well as fostering unique opportunities to contribute to the community.”

    It comes as rival CBA downsizes its own security operations following the appointment of a new chief information security officer.

    CBA had significantly grown the size and budget of its security operations over the past six years, but after joining in February new CISO Yuval Illuz has sought to rein in spending and slim down the division.

    The bank’s restructure has resulted in job losses as well as the potential outsourcing of some security functions.

    View the Original article

    Advertisements
     
  • jkabtech 8:17 pm on December 13, 2017 Permalink | Reply
    Tags: , , Cyber, espionage, ,   

    ASIO warns cyber espionage against Australia will increase 

    Rewards are lucrative and risks are low.

    Cyber espionage attacks by nation states against Australia are expected to increase in both number and sophistication over the coming years, the country’s domestic spy agency has warned.

    The “relatively low cost” and “plausible deniability” on offer from such attacks will lure more malicious actors to conduct cyber espionage campaigns, ASIO said in its annual report released today

    View the Original article

     
  • jkabtech 4:17 am on December 13, 2017 Permalink | Reply
    Tags: concerns, Cyber, revive, , ,   

    Cyber security concerns won’t revive tape storage 

    Does it make you want to turn to tape? One month renaissance already cut short.

    Tape storage experts have raised significant doubt over an apparent resurgence in tape led by enterprises worried that cloud-based alternatives can be too easily hacked.

    The tape renaissance was raised by the Wall Street Journal last month, which quoted unnamed “security experts” arguing that tape could be the answer to cyber security concerns around storage.

    Recovery Point Systems founder Marc Langer told WSJ that tape could be a “safe choice” for some storage because it was “inconvenient” to access. “Good security is almost always inconvenient,” he said.

    But Guy Holmes, founder and CEO of Perth-based Tape Ark, branded the “concept that writing your data to tape is more secure

    View the Original article

     
  • jkabtech 12:17 pm on December 10, 2017 Permalink | Reply
    Tags: , Cyber, flyer,   

    NATO cyber conference flyer used as phishing bait 

    “Fancy Bear” APT targets high-ranking officials.

    Nationstate actors are attempting to plant malware on targets’ computers via an invitation to a NATO-organised cyber security conference, researchers have found.

    Cisco’s Talos security research division discovered a new phishing campaign from advanced persistent threat (APT) actors Group 74 – also known as Fancy Bear, APT28, Sofacy and Tsar Team – containing a malicious Microsoft Word document.

    Talos said the document contains information about the CyCon US conference on cyber conflict in Washington DC, copied from the meeting’s official website. CyCon is held by the US Army’s Cyber Institute and the NATO Cooperative Cyber Defence Centre of Excellence (CCDCOE).

    The document was sent out to specific targets, Talos said, and contains a macro written in Visual Basic for Applications (VBA), but no Office exploits or zero-days.

    If executed, the VBA macro attempts to drop and run a new variant of the Seduploader malware on targets’ machines.

    Seduploader is a “reconnaissance malware” that has been used by Group 74/Fancy Bear for several years.

    The malware can take screenshots, capture and exfiltrate data and system configuration information, run code, and download files.

    “This is clearly an attempt to exploit the credibility of Army Cyber Institute and NATO CCDCOE in order to target high-ranking officials and experts of cyber security,” the NATO CCDCOE said.

    It warned users not to enable and run Office macros, and to handle information obtained and received via the internet with special care.

    View the Original article

     
  • jkabtech 12:17 pm on December 9, 2017 Permalink | Reply
    Tags: , ASD's, asked, Cyber, , mandate, strategies   

    Govt asked to mandate ASD’s ‘essential eight’ cyber strategies 

    Resiliency failures lead to calls for more action.

    The federal government has been asked to require that all 180 corporate and non-corporate Commonwealth entities implement the ASD’s ‘essential eight’ cyber security strategies by June 2018.

    A joint committee asked today for a mandate from the government that all non-corporate entities – agencies and regulators – meet the Australian Signals Directorate’s revamped ASD ‘essential eight’ strategies unveiled earlier this year.

    The committee said it was concerned about lax adoption of the previous version of the standard, the ‘top four strategies to mitigation cyber security incidents’, despite the efficacy of the controls being well-recognised in and out of government.

    Those concerns were heightened by an audit report earlier this year, which found Immigration and ATO did not comply with the ‘top four’ mitigation strategies.

    Immigration attributed its problems to complexity caused by machinery of government changes, while the ATO said it suffered compliance problems after a major IT outage.

    Both agencies have been asked to report compliance improvements to the joint committee of public accounts and audit.

    While seeking the mandate, the committee said it also noted concerns that compliance with the ‘top four’ mitigation strategies was a minimum standard and “does not necessarily equate to cyber resilience, particularly having regard to the fact that cyber resilience contemplates the likelihood that systems can and will fail”.

    “The committee considers that entities would benefit from clear guidance on the hallmarks of cyber resilience and notes that the Department of Prime Minister and Cabinet (PM&C) agreed to work with the Australian National Audit Office (ANAO) to better define these key features,” it said.

    “The committee recommends that in future audits on cyber security compliance, the ANAO outline the behaviours and practices it would expect in a cyber resilient entity, and assess against these.”

    View the Original article

     
  • jkabtech 8:17 pm on December 3, 2017 Permalink | Reply
    Tags: audit, Cyber, , mimics, resilience,   

    Govt cyber war games result mimics resilience audit 

    DHS narrowly beats ATO, DIBP.

    The Department of Human Services has come out on top in Canberra’s inaugural cyber war games, a result that mimics the findings of the now infamous cyber resilience audit of the federal government’s three biggest agencies.

    Five teams from ten agencies, including the Australian Taxation Office (ATO) and Department of Immigration and Border Protection (DIBP) as well as DHS, spent last week battling it out on a purpose-built “range” aimed at developing cyber security skills through real life scenarios.

    Using a Lego smart city to represent the contest, the teams took turns attacking and defending the model’s critical infrastructure such as trains or wind turbines.

    The simulation – believed to be the first and largest security training exercise of its kind to be staged at a federal level – was the brainchild of DHS chief information security officer Narelle Devine, who joined the department from the Royal Australian Navy in October last year.

    DHS received the highest score at the end of the five days, narrowly beating the ATO and DIBP, which were both close to taking the lead on the final day of competition. 

    The result broadly aligns with the findings of a cyber resilience audit of the three agencies earlier this year, which found only DHS was compliant with all four of the Australian Signals Directorate’s mandatory threat mitigation strategies.

    The ANAO defined ‘cyber resilience’ as agencies being able to continue providing services while deterring and responding to cyber attacks.

    DHS’ team for the wargames was populated from members of its 24/7 Cyber Security Operations Centre, which was established late last year.

    However, despite the results reflecting DHS dominant cyber security posture, the wargames were pitched as an opportunity to display the government’s cyber capability, and for cyber specialists to train in a safe environment.

    Speaking with iTnews last week, Devine said the war games were an important arena in which to build skills, despite being based on industrial control systems and the ability to defend critical national infrastructure, which is quite unlike the IT infrastructure that agencies are responsible for.

    “It’s obviously a very different target set to what the department is responsible for in its day job, but from our opinion it doesn’t matter what you’re attacking or defending,” she told iTnews.

    “The skills that you’re learning, and the skills that you’re demonstrating are applicable across all

    View the Original article

     
  • jkabtech 4:17 am on October 27, 2017 Permalink | Reply
    Tags: , , compete, Cyber, , ,   

    Hackers to compete in Australia’s first defence cyber challenge 

    Seeking to fill skills shortage.

    Australia’s first defence industry cyber challenge will kick off at the University of Adelaide today, in an effort to upskill and nurture home-grown infosec talent.

    The competition seeks to address fast-growing demand for cyber security workers, according to AustCyber (formerly known as the Australian Cyber Security Growth Network) chief Craig Davies.

    Davies said at least 11,000 qualified cyber security personnel are needed in Australia today.

    The competition is sponsored by security vendors Dtex and ThreatMetrix, with Saab Australia, Boeing Defence, and Nova Systems also chipping in. 

    It will be officially launched today by the federal minister for the defence industry, Christopher Pyne. 

    There are two challenges for competition participants: the first is a capture-the-flag pentesting challenge in which participants have to gain access to a restricted payment processor portal and retrieve a file with historical transactions.

    In the second challenge, participants will be given metadata to analyse in order to investigate a data breach.

    Among the prizes to be won are three- and five-day security workshops in Canberra. Boeing is also offering a customisable paid internship for undergraduates.

    Female participants can win a 13-inch MacBook Pro as well as 12-month mentoring program by a group of prominent female cyber security experts.

    Entries close September 9, and winners in the defence industry cyber challenge will be announced in Sydney on September 27.

    View the Original article

     
  • jkabtech 8:17 pm on October 3, 2017 Permalink | Reply
    Tags: , , Cyber, , ,   

    Ships are turning back to radio to avoid cyber attack 

    Threats prompt return of WW2 tech for navigation.

    The risk of cyber attacks targeting ships’ satellite navigation is pushing nations to delve back through history and develop back-up systems with roots in World War Two radio technology.

    Ships use GPS and other similar devices that rely on sending and receiving satellite signals, which many experts say are vulnerable to jamming by hackers.

    About 90 percent of world trade is transported by sea and the stakes are high in increasingly crowded shipping lanes. Unlike aircraft, ships lack a back-up navigation system and if their GPS ceases to function, they risk running aground or colliding with other vessels.

    South Korea is developing an alternative system using an earth-based navigation technology known as eLoran, while the United States is planning to follow suit. Britain and Russia have also explored adopting versions of the technology, which works on radio signals.

    The drive follows a series of disruptions to shipping navigation systems in recent months and years. It was not clear if they involved deliberate attacks; navigation specialists say solar weather effects can also lead to satellite signal loss.

    Last year, South Korea said hundreds of fishing vessels had returned early to port after their GPS signals were jammed by hackers from North Korea, which denied responsibility.

    In June this year, a ship in the Black Sea reported to the US Coast Guard Navigation Centre that its GPS system had been disrupted and that over 20 ships in the same area had been similarly affected.

    US Coast Guard officials also said interference with ships’ GPS disrupted operations at a port for several hours in 2014 and at another terminal in 2015. It did not name the ports.

    The NotPetya ransomware attack that hit AP Moller-Maersk’s IT systems in June and made global headlines did not involve navigation but underscored the threat hackers pose to the technology dependent and inter-connected shipping industry. It disrupted port operations across the world.

    The eLoran push is being led by governments who see it as a means of protecting their national security. Significant investments would be needed to build a network of transmitter stations to give signal coverage, or to upgrade existing ones dating back decades when radio navigation was standard.

    US engineer Brad Parkinson, known as the “father of GPS” and its chief developer, is among those who have supported the deployment of eLoran as a back-up.

    “ELoran is only two-dimensional, regional, and not as accurate, but it offers a powerful signal at an entirely different frequency,” Parkinson said.

    “It is a deterrent to deliberate jamming or spoofing, since such hostile activities can be rendered ineffective.”

    Korean stations

    Cyber specialists say the problem with GPS and other global navigation satellite systems (GNSS) is their weak signals, which are transmitted from 12,500 miles above the Earth and can be disrupted with cheap jamming devices that are widely available.

    Developers of eLoran – the descendant of the loran (long-range navigation) system created during World War II – say it is difficult to jam as the average signal is an estimated 1.3 million times stronger than a GPS signal.

    To do so would require a powerful transmitter, large antenna and lots of power, which would be easy to detect, they add.

    Shipping and security officials say the cyber threat has grown steadily over the past decade as vessels have switched increasingly to satellite systems and paper charts have largely disappeared due to a loss of traditional skills among seafarers.

    “My own view, and it is only my view, is we are too dependent on GNSS/GPS position fixing systems,” said Grant Laversuch, head of safety management at P&O Ferries.

    “Good navigation is about cross-checking navigation systems, and what better way than having two independent electronic systems.”

    Lee Byeong-gon, an official at South Korea’s Ministry of Oceans and Fisheries, said the government was working on establishing three sites for eLoran test operations by 2019 with further ones to follow after that.

    But he said South Korea was contending with concerns from local residents at Gangwha Island, off the west coast.

    “The government needs to secure a 40,000 pyeong (132,200 square metre) site for a transmitting station, but the residents on the island are strongly opposed to having the 122 to 137 metre-high antenna,” Lee said.

    In July, the United States house of representatives passed a bill which included provisions for the US Secretary of Transportation to establish an eLoran system.

    “This bill will now go over to the senate and we hope it will be written into law,” said Dana Goward, president of the US non-profit Resilient Navigation and Timing Foundation, which supports the deployment of eLoran.

    “We don’t see any problems with the President signing off on this provision.”

    The previous administrations of Presidents George W. Bush and Barack Obama both pledged to establish eLoran but never followed through. However, this time there is more momentum.

    In May, US Director of National Intelligence Daniel Coats told a senate committee the global threat of electronic warfare attacks against space systems would rise in coming years.

    “Development will very likely focus on jamming capabilities against … global navigation satellite systems, such as the US global positioning system,” he said.

    Spoofing dangers

    Russia has looked to establish a version of eLoran called eChayka, aimed at the Arctic region as sea lanes open up there, but the project has stalled for now.

    “It is obvious that we need such a system,” said Vasily Redkozubov, deputy director general of Russia’s Internavigation Research and Technical Centre.

    “But there are other challenges apart from eChayka, and

    View the Original article

     
  • jkabtech 12:17 pm on September 19, 2017 Permalink | Reply
    Tags: , , Cyber, , ,   

    Ships are turning back to radio to avoid cyber attack 

    Threats prompt return of WW2 tech for navigation.

    The risk of cyber attacks targeting ships’ satellite navigation is pushing nations to delve back through history and develop back-up systems with roots in World War Two radio technology.

    Ships use GPS and other similar devices that rely on sending and receiving satellite signals, which many experts say are vulnerable to jamming by hackers.

    About 90 percent of world trade is transported by sea and the stakes are high in increasingly crowded shipping lanes. Unlike aircraft, ships lack a back-up navigation system and if their GPS ceases to function, they risk running aground or colliding with other vessels.

    South Korea is developing an alternative system using an earth-based navigation technology known as eLoran, while the United States is planning to follow suit. Britain and Russia have also explored adopting versions of the technology, which works on radio signals.

    The drive follows a series of disruptions to shipping navigation systems in recent months and years. It was not clear if they involved deliberate attacks; navigation specialists say solar weather effects can also lead to satellite signal loss.

    Last year, South Korea said hundreds of fishing vessels had returned early to port after their GPS signals were jammed by hackers from North Korea, which denied responsibility.

    In June this year, a ship in the Black Sea reported to the US Coast Guard Navigation Centre that its GPS system had been disrupted and that over 20 ships in the same area had been similarly affected.

    US Coast Guard officials also said interference with ships’ GPS disrupted operations at a port for several hours in 2014 and at another terminal in 2015. It did not name the ports.

    The NotPetya ransomware attack that hit AP Moller-Maersk’s IT systems in June and made global headlines did not involve navigation but underscored the threat hackers pose to the technology dependent and inter-connected shipping industry. It disrupted port operations across the world.

    The eLoran push is being led by governments who see it as a means of protecting their national security. Significant investments would be needed to build a network of transmitter stations to give signal coverage, or to upgrade existing ones dating back decades when radio navigation was standard.

    US engineer Brad Parkinson, known as the “father of GPS” and its chief developer, is among those who have supported the deployment of eLoran as a back-up.

    “ELoran is only two-dimensional, regional, and not as accurate, but it offers a powerful signal at an entirely different frequency,” Parkinson said.

    “It is a deterrent to deliberate jamming or spoofing, since such hostile activities can be rendered ineffective.”

    Korean stations

    Cyber specialists say the problem with GPS and other global navigation satellite systems (GNSS) is their weak signals, which are transmitted from 12,500 miles above the Earth and can be disrupted with cheap jamming devices that are widely available.

    Developers of eLoran – the descendant of the loran (long-range navigation) system created during World War II – say it is difficult to jam as the average signal is an estimated 1.3 million times stronger than a GPS signal.

    To do so would require a powerful transmitter, large antenna and lots of power, which would be easy to detect, they add.

    Shipping and security officials say the cyber threat has grown steadily over the past decade as vessels have switched increasingly to satellite systems and paper charts have largely disappeared due to a loss of traditional skills among seafarers.

    “My own view, and it is only my view, is we are too dependent on GNSS/GPS position fixing systems,” said Grant Laversuch, head of safety management at P&O Ferries.

    “Good navigation is about cross-checking navigation systems, and what better way than having two independent electronic systems.”

    Lee Byeong-gon, an official at South Korea’s Ministry of Oceans and Fisheries, said the government was working on establishing three sites for eLoran test operations by 2019 with further ones to follow after that.

    But he said South Korea was contending with concerns from local residents at Gangwha Island, off the west coast.

    “The government needs to secure a 40,000 pyeong (132,200 square metre) site for a transmitting station, but the residents on the island are strongly opposed to having the 122 to 137 metre-high antenna,” Lee said.

    In July, the United States house of representatives passed a bill which included provisions for the US Secretary of Transportation to establish an eLoran system.

    “This bill will now go over to the senate and we hope it will be written into law,” said Dana Goward, president of the US non-profit Resilient Navigation and Timing Foundation, which supports the deployment of eLoran.

    “We don’t see any problems with the President signing off on this provision.”

    The previous administrations of Presidents George W. Bush and Barack Obama both pledged to establish eLoran but never followed through. However, this time there is more momentum.

    In May, US Director of National Intelligence Daniel Coats told a senate committee the global threat of electronic warfare attacks against space systems would rise in coming years.

    “Development will very likely focus on jamming capabilities against … global navigation satellite systems, such as the US global positioning system,” he said.

    Spoofing dangers

    Russia has looked to establish a version of eLoran called eChayka, aimed at the Arctic region as sea lanes open up there, but the project has stalled for now.

    “It is obvious that we need such a system,” said Vasily Redkozubov, deputy director general of Russia’s Internavigation Research and Technical Centre.

    “But there are other challenges apart from eChayka, and

    View the Original article

     
  • jkabtech 8:17 pm on August 21, 2017 Permalink | Reply
    Tags: , , Cyber, ,   

    MacGibbon to lead Australian Cyber Security Centre 

    Centre will get 24/7 response capability.

    Prime Minister Malcolm Turnbull will appoint his cyber security advisor Alastair MacGibbon as the head of the country’s Cyber Security Centre following a recommendation from a review of Australia’s security agencies.

    MacGibbon was appointed as special advisor on cyber security within the Prime Minister’s department last year as part of the national cyber security strategy released in early 2016.

    He will now add the Australian Cyber Security Centre to his remit, a central body that houses 260 cyber security experts from across ASIO, Defence, the AFP, the Attorney-General’s Department, and the Australian Crime Commission.

    A capability within the ACSC will also be established to allow for 24/7 response to “serious cyber incidents”, Turnbull said, referring to the recent WannaCry and Petya global malware attacks.

    “This capability will better meet the needs of the community and the government in relation to rapidly emerging cyber events,” he said.

    The ACSC has until now been led by Clive Lines, deputy director at the Australian Signals Directorate.

    The centre facilitates threat sharing between the public and the private sectors, and leads the government’s operational response to cyber attacks. It opened in late 2014.

    The centre is being moved out from its existing home in ASIO’s Canberra headquarters down the road to the Brindabella Business Park.

    The relocation was a response to complaints about access for the private sector to the high-security ASIO building, as well as rapid growth in the size of the centre that meant it has outgrown its existing facility.

    Once it moves to its new digs, the ACSC will be able to accomodate an extra 700 personnel to its existing headcount. The move is scheduled to be complete by the end of the year.

    The change to the leadership of the ACSC formed part of a wider announcement about a sweeping overhaul of the country’s national security agencies today.

    The government will establish a new ‘Home Affairs’ super-ministry in the vein of the United Kingdom’s Home Office arrangement.

    It will encompass ASIO, the AFP, Border Force, ACIC, AUSTRAC, and the Office of Transport Security, and will be led by current Immigration minister Peter Dutton.

    ASIO, the AFP, and Border Force will all report directly into Dutton as Home Affairs minister. The remaining agencies will be governed by either the Justice minister or Attorney-General, both who will report into Dutton.

    A central department within the Home Affairs portfolio will also be created to oversee policy, strategic planning, and the co-ordination of operational threat response, and the Australian Signals Directorate will become an independent statutory authority.

    The changes are expected to be in place by mid-next year.

    The review that prompted the restructure, conducted by Michael L’Estrange, will be released later today, Turnbull said.

    View the Original article

     
c
Compose new post
j
Next post/Next comment
k
Previous post/Previous comment
r
Reply
e
Edit
o
Show/Hide comments
t
Go to top
l
Go to login
h
Show/Hide help
shift + esc
Cancel
%d bloggers like this: