Global Security Forum

 View Only
  • 1.  Cyber attacks and security

    Posted Thu May 27, 2021 08:51 AM



    As more cyber attacks are becoming common in today's internet world, business owners are beginning to realise the need for comprehensive Cyber Security Solutions for both private and public sector networks. When a cyber attack occurs and your clients information is compromised, this can have serious implications for your business reputation and consequently your clients might lose their confidence in you, which can ultimately lead to your demise. What's worse is that many of these hackers have already gained access to networks that run critical infrastructure like power stations, banks, stock markets and even airport hubs. In order to protect your business from these attacks, it's necessary that you not only have the right technological knowledge but also that you're able to keep abreast of all the current cyber threats to your business.

    It seems that recently, China has become the cyber attacks capital of the world. Recent reports indicate that there are already over 20 million Chinese hackers that are at work on behalf of the Chinese government. The nation states like China, Russia and Iran are not about to sit back and do nothing about cyber attacks coming from Asia. They have developed their own sophisticated hacking tools and have been working to crack the codes of big business software like Visa and MasterCard. Most people don't realise this, but every single credit card in the world is controlled by one of the big three financial organisations in the world, which are - VISA, MASTERCARD and ISSNAME.

    However, while China is becoming increasingly involved in cyber attacks against Australia, just days before this piece was written, an important case was made in Australia against one of these hackers who were operating from within Australia. This particular case involves two Chinese hackers who managed to infiltrate the computers of a business in Australia and stole confidential information which included sensitive customer lists. Furthermore, it was also revealed that the hackers targeted government agencies such as the Department of Revenue, the Australian Securities and Investments Commission (ASIC) and the Department of Industry. This case is now before the courts in Australia and if found guilty would be an extremely serious breach of trade, in the strictest sense of the word.

    So, what does Australia do to protect itself from cyber attacks? Much of its work in the international realm has been about creating an environment where national interests are protected. For example, it is very important that Australia prevent the proliferation of weapons in the Middle East and prevent Iran from obtaining nuclear arms. It has been involved in promoting Internet freedom around the world and working to keep cyberspace free of harmful malware. But it is really hard to say whether it is Australia's fault or if cyber warfare is being done by a third party or by a state actor.

    Cyber attacks on Australia are not new, but the country has become more conscious of these issues in the past year. The September 18 release of the Intelligence Services Legislation Review 2021 highlighted many concerns that the government has with regards to the cyber space. The main recommendations of the review were that all publicly available information should be collected and released by the agencies, that existing laws regarding the protection of confidential data should be amended, and that there be a stronger international co-operation to assist law enforcement agencies when it comes to investigating and prosecuting cyber-criminals.

    One of the recommendations that the review made was the creation of a Cyber Crime Intelligence Assessment Centre (CCA). This is just another way for the state to work towards protecting its citizens and the country as a whole from the cyber threats that exist today. In addition, Australia is one of the first countries to develop its own Cyber Crime Information Sharing Program (CCISTP) with China. The Chinese have been known to use viruses and malware against Australian systems, so this is a step in the right direction.

    The idea behind Cyber Attacks in Australia is that anyone can attack any other person, government entity, or company at any time and for whatever reason they deem fit. With so many high-tech corporations in the world today, it is easy for someone to bring down a government server or a corporation with nothing more than a few mouse clicks. When a cyber attack occurs, the attacker does not need to have any malicious intentions or plans. They simply want to cause a significant amount of monetary or physical damage. They do not want to see an establishment brought down, they do not want someone's identity stolen, and they certainly do not want anyone to gain access to a valuable resource that can be used to help the authorities to fight crime.



    ------------------------------
    Matthew Giannelis
    CEO
    Tech Business News
    Melbourne VIC
    +61431401041
    ------------------------------


  • 2.  RE: Cyber attacks and security

    Posted Thu May 27, 2021 03:33 PM
    Hi Mathew,

    Thank you for posting this insight on cyberattacks and the Australian landscape - Cyber Security really is becoming a forefront for businesses, both large and small!

    ------------------------------
    Christine Arnold
    Customer Marketing & Community Manager
    IBM Security
    ------------------------------



  • 3.  RE: Cyber attacks and security

    Posted Fri July 09, 2021 09:49 AM
    Thanks Mathew, I think the more you use the technology, the more chance you will face cyber attack. Due to the daily cyber attacks in US, the demand for Cyber Security Certification is increasing rapidly.

    ------------------------------
    Sarfaraz Khan
    ------------------------------



  • 4.  RE: Cyber attacks and security

    Posted Thu August 05, 2021 08:20 AM
    A cyber attack is an assault launched by cybercriminals using one or more computers against single or multiple computers or networks.

    ------------------------------
    Pintu Bhatt
    ------------------------------



  • 5.  RE: Cyber attacks and security

    Posted Fri November 04, 2022 08:06 AM
    Edited by Wendy Batten Mon November 14, 2022 07:20 AM

    Dropbox Phishing Attack Opens GitHub Source Code Repositories To Hackers

    Dropbox has assured that its clients and service users will be protected from the breach because the repository doesn't have any source code for its infrastructure or apps.

    Popular file hosting and storage provider Dropbox has disclosed that a phishing campaign led to unauthorized access to its source code repositories on GitHub. According to reports, the company fell victim after an unidentified threat actor accessed internal files, including the prototypes, third-party libraries, among several others.  

    In an advisory, Dropbox shared the incident with its customers and ensured that the problem had been fixed and the unauthorized access had been ceased. The company's data, including tools, documents, and libraries, were the main contents of the repository.  

    Dropbox has assured that its clients and service users will be protected from the breach because the repository doesn't have any source code for its infrastructure or apps. The company also claimed that the unknown threat actor accessed some API keys during the breach. The keys included the names, email addresses, clients, sales, vendor deals, and other private data about Dropbox employees. 

    Dropbox breach explained

    The information was revealed more than a month after GitHub and CircleCI issued warnings about phishing attempts to acquire GitHub credentials via notifications from the fake CI/CD platform. Early in October, the San Francisco-based company reported that "several Dropboxers received phishing emails impersonating CircleCI," some of which managed to get past its automated spam filters and end up in recipients' inboxes.
     

    According to Dropbox, the emails appeared to be from a reputable source, and thus they were able to infiltrate the inboxes. The email content included instructions for employees to visit a phishing website miming the CircleCI login page. After that, the user was instructed to log in using their GitHub username and password so the threat actor could authenticate the login process by sending a one-time password (OTP). However, it still needs to be clarified how the phishing scam compromised such a large number of employee accounts.  

    We at The Cyber Express aim to keep our readers updated with the latest news in Cyber security news world. With the help of our adept editorial team and eminent contributors, we bring diverse facets of the industry, including data breaches, ransomware, cyber warfare, detailed security trends analysis, whitepaper, market research, exclusive interviews and podcasts.

    ------------------------------
    Ravi Gupta
    ------------------------------



    ------------------------------
    Ravi Gupta
    SEO Analysis
    The Cyber Express
    Mumbai
    ------------------------------