Risk Management Assignment: COVID-19 Security Threats in Australia
Question
Task
Prepare a report on risk management assignment analyzing the Covid-19 themed security threats that have been occurring all over Australia.
Answer
1. Introduction to the theme of Risk Management Assignment
The internet is not a single entity but a plethora of information sharing entities spread all over the world. It has been in play since the 1960s with the initiation of Advanced Research Projects Agency Network (ARPANET), funded by the US military. The initial phase started with it being used in educational, local and military institutes. The internet allows computers to interact with each other via data sharing using networking as a tool. The issue of cybercrimes first saw its opportunities here as the sharing of information through long distances via unsecured data lines meant that the classified information sent is prone to hacking. The internet is the communication between 2 computers, but when the communication occurs between 2 or more computers over a long distance connected via servers and transmission mediums like wires and wireless signals it is called the web. The web is the collection of all the data of information sharing computers and servers. The ‘World Wide Web’ came into existence when Berners Lee invented the concept of data sharing over the internet among a large number of servers (Smith and Ingram, 2017). With the advent of data sharing came the risk of data loss and leaks. The security of confidential information being shared becomes a concern as the infrastructure increases. Certain institutions take steps to curb the spread of security risks by creating anti-hacking tools like antivirus software, encrypted gateways and etcetera (Daly, 2018). The Australian Signals Directorate (ASD) has sanctioned the Australian Cyber Security Center (ACSC) which is the leading government institute for detecting and protecting the threats caused by cybercrimes to the nation. Cybercrimes have been increasing in Australia and the need to control its damages has reached a high level of concern. Especially in the covid-19 situation scams and security threats have increased multi-folds. The Australian Completion and Consumer Commission (ACCC) sanctioned Scamwatch relief since March of 2020. Maximum scam and security threats come from email and SMS pissing activities. The following report expands and analyses the COVID-19 themed security threats that have been reportedly occurring all over Australia.
2. Types of malicious cyber activities identified by ACSC
Cyber-attacks occur in various forms and through various mediums. Over the years the types of cyberattacks have increased and have been causing problems to many individuals and business over the Australian continent (Mikolic-Torreira et al., 2017). To tackle them it is necessary to know the forms they come in. The following table shows incidents of security breaches in Australia that has been reported to the ACSC from 1st July 2019 -30th June 2020:
Types of Cyber Crimes |
Incidents recognised by ACSC |
Remarks |
Malicious Email |
612 |
Malicious emails are a dangerous threat to the security of any corporation. It is designed to attack the host’s device when opened by the host. It comes in the form of voicemails, documents, software, PDF’s or e-faxes. These files are generally sent as mail attachments and when opened launch a virus or Trojan attack on the host’s device. These viruses either corrupt the device or send device storage details to the attacker thus compromising the security of the host computer. The attachments release ransomware, keyloggers, and other malware into the host's computer. |
Compromised System |
553 |
A compromised system is a device whose confidentiality, data integrity and availability has been severely affected, either unintentionally or intentionally. It can occur either due to manual or remote interaction with the system. A compromised system can be detected in several ways. Suspicious network speeds, system notifications, suspicious entries found in the directories, discrepancies in accounting, unsuccessful attempts to log in, and many more ways. A compromised system can be recovered by formatting the drive where the virus has affected the system or by using antivirus software to get rid of the virus. |
Scanning/ Brute Force /Reconnaissance |
319 |
Physical hacking is one of the oldest ways to hack into devices. The hacker has to physically use storage devices to transfer viruses and other malicious applications in the host device. The hacker can also steal the hard drive of the host computer and breach their data. The other element of this type of breach is scanning documents of the device and copying it in another device brought by the hackers. |
Sighting Report/ Indicator Sharing |
396 |
Data breaches and security threats reported and indicated by the Automated Indicator Sharing (AIS) and sight reporting have shown that major breaches have occurred in the given timeframe and are still a prevalent and worrying issue in many organisations. Indicator sharing enables an organisation to report security breaches to the concerned security department in real-time. |
Data Exposure, Theft or Leak |
220 |
Data breaches and data leaks are a common phenomenon and are easy to do. Data breaches occur when the hacker can break the virtual lock or has unauthorised access to the host’s data. Data breaches happen all the time and it is very difficult to avoid this, multi-level encryptions and authentication techniques are used to cope with this situation but this causes time losses and efficiency downgrades. |
Other |
109 |
Various other modes of attacks have affected the security integrity of the host system and ha seen a problem to that Australian resident over the given timeframe |
Denial of Service |
57 |
DoS attacks have been one of the severe yet lesser reported cases where the server is overloaded or corrupted by incoming traffic from the attacker server. The attackers either cut eh network connection from the host device to the server or they overload the server to crash it and hence deny service to the host. This is often recovered by the server mechanics by keeping a backup ready for such events to happen. |
3. Identification and categorisation of assets
COVID -19 has created an opportunity for the hopeful attackers to play with human desperation and gain from it. It has been a year of scams and cybercrimes in Australia and COVID-19 has played a major role in assisting it (Broadhurst, 2017). One of the ways that this scenario can be tackled is to find and identify the type of scams and methodologies used by the attackers to steal user data. The malicious cybercriminals have been plotting various phishing emails that claim to be from reputed organisations and scam the readers into giving them access to their bank accounts (Kagita et al., 2020). To create a more authentic experience these attackers design their mail ids close to the original organisation’s official mail ids. This has created a confusing situation for the naïve users who easily click and provide information to these actors. The case studies provided discuss scams that have been categorised into various types. The types of phishing scams are discussed below
a. Phishing campaigns via SMS
A phishing attack is when a cybercriminal poses as a trusted entity and send various mail attachments like links and applications and documents to gain access to your data when one opens it. A malicious cyberattack occurred on 16th march 2020 as reported by ACSC, that posed as a COVID-19 website. The Australian public started getting visibly important links in their mobile devices as SMSes which redirected them to malicious sites. The messages were designed to look like it was coming from the government which increased its legitimacy and helped the attackers to fool the general public. The ACSC looked into the matter and found that it was a well-known Trojan meant for banking attacks. The name of the Trojan was Cerberus and it targets android devices to steal the user’s financial details and send it to the attackers.
b. Phishing campaign that poses an Australian post.
The ACSC got a report about the COVID-19 phishing attack posing as the Australian Post. The mail impersonated the Australian Post and sent mails that provided guidelines to visiting other countries in the COVID pandemic situation. The mail contained various links that redirected the viewers to malicious websites and stole their Personal Identifying Information(PII). Once the criminals acquire the PII, they often open bank accounts and credit card accounts in the name of the person the PII belongs to and transfer money to their dummy account that cannot be traced in the form of bitcoins.
c. Phishing campaigns posing as various International Health Organisations
This type of phishing attacks sends emails and poses as some international heal organisation that are working on the COVID -19 situation and wants you to know about it. The COVID-19 themed phishing attack asks you via mail to click on links that give out present conditions of COVID-19 around the world. The user when they click on the link are redirected to malicious websites and the user information is accessed by the attacker. The attack aims to exploit the fear of the viewers on the situation to manipulate them to click on visibly suspicious links that give news of their local COVID-19 situation. The attackers gain access to the viewer’s device.
d. Phishing attacks via email attachments.
This is by far the most common form of phishing attack that takes place and the most successful one yet. The ACSC has received reports where emails are themed in a COVID-19 design and sent to the victims. These mails have embedded viruses that attack the hoist’s computer on opening it. These emails pose as the World Health Organisation and ask the recipients to join them by opening attachments that supposedly contain guidelines to curb COVID-19 pandemic effects. As soon as the victim clicks on the link the attacker gains access to the victim’s device and extracts all important information like finances or important documents, user id and passwords. They use this information to either anonymously withdraw money or ask for ransom for the return of information.
e. Phishing attacks offering COVID-19 relief funds
This kind of phishing attack has been used by attackers to extract financial information from the victims. The cybercriminals use application forms that ask the viewer for urgent fund money for the COVID-19 relief fund. They ask for a donation that has a receipt attached to it which is self-destructible. Once the transaction is done the message asking for the donation and all its links vanish without a trace. The ACSC on 2oth of march 2020 had warned the citizens of Australia about an ongoing phishing attack that is served via email asking for viewer’s bank details to transfer $2500 as COVID -19 relief funds. The mail sent has an n attachment that had an attached malware that downloaded malicious software to the viewer’s device.
f. Phishing attacks via Work from home employment offers
The cybercriminals have been devising a newer method to capture more victims of fraud and scam in Australia. One of the recent is the work from home scams where the viewer is invited for employed or voluntary works from home job offers. The applicant for the post is told that they will be given jobs to assist the processing of donations that are intended foot the relief funds for COVID -19 assistance services. The ACSC warned the Australian citizens of ‘Coronavirus Relief Fund’ scam that has an oversea base. The victims become a mule in the game for the criminals who use them to smuggle illegal scammed money. They use these volunteers to convert their cash into a cryptocurrency like Bitcoin. Other forms of Work From Home scams as the victims to help these organisations to transfer money from a seemingly trusted organization to another organisation. They ask for the victim’s bank account details to transfer money so that they can transfer the money to their other organisation and hence get access to the victim’s bank account.
4. Identifying and prioritising threats against assets
The threats are real and the opportunities provided to the attackers by the naïve citizens is a concerning matter for the Australian government as well as the citizens. Identifying them beforehand and effectively alerting Australian citizens is the priority of the government (Broadhurst, 2017). Even though all the threats presented are equally effective they have a priority list based on the severity and time to hack. SMS phishing attacks are the most severe as the mobile devices often are linked to the bank accounts directly and hence are a direct access portal to their bank account (Austin and Slay, 2016). The email phishing is the second easiest way to enter someone’s bank account and gain access to important documents of the victim. Phishing scams posing as a reputed organisation comes next in line as they need a bit of convincing and multi-level data engagement to get to the final account access. Phishing attacks that offer Work From Home jobs comes the last as it is a time-consuming process and needs a lot of convincing and extremely naïve people with selective skills in finance to work.
5. Analysing the five fundamental security principles with the security mitigation proposed by the ACSC.
The problem once identifies needs to be solved asap to stop any further spread and loss. The ACSC suggests 5 step guideline to be safe from such phishing attacks and also help them track and stop the culprits. The 5 security principles proposed by the ACSC are:
a. The messages sent to the victim needs to be read carefully for any suspicious tone to it. Details like attached names, the sender name and number, suspicious links, and etcetera need to be taken care of.
b. If the victim is on their PC they need to hover their mouse over, the link provided to check if the links a valid link and not a mock image. The link will change colour if valid and the link should not be clicked if not sure of authenticity.
c. Information like the address of the sender or subject line provided by google needs to be checked thoroughly. The subject lines can be used to know if the body ha suspicious elements attached to it.
d. Check and double-check the organisation details and call them on their official number provided on their site. Confirm the link is official and legitimate before clicking or transferring money. Do not call or mail on the phone number or the mail id provided in the SMS as it probably belongs to the scammer and can compromise your security.
e. Check the name and origin of the organisation by searching their mobile app or the social media page or website.
6. Summary
The age of technology is strange and full of opportunities yet the risks it carries with it for the scammers is high. The report discusses in details the methods used by the scammers to extort and steal money from the citizens of the Australian continent by exploiting their fear of COVID-19 pandemic. The Australian government is trying their best to provide ample information to avoid such scams but the cybercriminals are getting smarter day by day. Though it is tough to overcome the scammers game plans mandatory basic guidelines to safeguard one’s privacy and credentials. The report also provides detailed mitigation steps to overcome the scammers and reduce the risk of getting scammed by the attackers and lose all their financial details.
7. Reference
Austin, G. and Slay, J. (2016) ‘Australia’s Response to Advanced Technology Threats: An Agenda for the Next Government’, UNSW Canberra, Canberra, Australian Centre for Cyber Security Discussion Paper, 3.
Broadhurst, R. (2017) ‘Cybercrime in Australia’, in The Palgrave Handbook of Australian and New Zealand Criminology, Crime and Justice. Springer, pp. 221–235.
Daly, A. (2018) ‘The introduction of data breach notification legislation in Australia: A comparative view’, Computer law & security review, 34(3), pp. 477–495.
Kagita, M. K. et al. (2020) ‘A Review on Cyber Crimes on the Internet of Things’, arXiv preprint arXiv:2009.05708.
Mikolic-Torreira, I. et al. (2017) Exploring Cyber Security Policy Options in Australia. RAND CORP ARLINGTON VA ARLINGTON United States.
Smith, F. and Ingram, G. (2017) ‘Organising cyber security in Australia and beyond’, Australian Journal of International Affairs, 71(6), pp. 642–660.