5 minute read
Editor's Desk - Australian Cyber Security Magazine, ISSUE 15, 2023
- U.S. Army Maj. Gen. William J. Hartman, Commander for Cyber National Mission Force, US Cyber Command speaking at RSA Conference, San Francisco, April 25, 2023
By Chris Cubbage CPP, CISA, GAICD Executive Editor
Welcome to a special edition of the Australia Cyber Security Magazine, released as Official Media Partners to the Cyber West Summit 2023, amongst other industry events in Australia and the Indo-Pacific region.
The year 2023 is clearly an inflection point to a new era with generative AI and quantum computing evolving to be mainstream and creating new opportunities in a security context. These technologies naturally present a double edged sword and the challenge is to remain ahead of nefarious intentions by nation state competitors and criminal actors.
The US Department of Defence Cyber National Mission Force (CNMF) and Department of Homeland Security Cybersecurity and Infrastructure Security Agency (CISA) shared details for the first time at the RSA Conference last month, on recently declassified ‘Hunt Forward’ cyber operations, showcasing how both organisations work together and with Five Eye partners, like Australia, to bolster cyber defences.
CNMF Hunt Forward Operations included the 2021 Solarwinds supply chain breach, the large scale attacks on Microsoft Exchange servers by Chinese threat actors and the 2020 US Federal Election subjected to an Iranian initiated breach of a local municipality, which may have potentially discredited the election.
When asked by MySecurity Media for an Australian perspective on the organisational structure of CISA and CNMF, similar to the structure of the Australian cybersecurity framework, Maj. Gen. Hartman stated, “the partnership with Australia adds another toolkit that we’re able to utilise in order to get after these operations globally, and so much of what we’re able to share with [CISA], we’re also of course, able to share with Five Eyes partners... The coordination that we do with DHS, we also do with Australia, Five Eyes partners, other like-minded nations and that really does allow us to scale.”
With this global effort in mind, as part of the 2023 Defence Strategic Review, released last month, the federal government is transforming the defence innovation ecosystem to deliver the advanced technologies urgently needed for Australia’s national security. $3.4 billion over the next decade will be invested to establish the Advanced Strategic Capabilities Accelerator (ASCA). This is an additional $591 million above current planned spending on defence innovation. Priorities for the program are hypersonics, directed energy, trusted autonomy, long-range fires, quantum technology and information warfare.
Thus a timely release of the Australia’s first National Quantum Strategy. The Strategy identifies five priority areas, which includes securing infrastructure and materials and safeguarding cyber infrastructure, which remains a critical aspect of this technology and the Defence Strategic Review.
On the back of significant and continued cyber-attacks on Australian businesses and organisations, an Active Adversary Report from Sophos looked at the changing behaviours and attack techniques that adversaries used in 2022. The data, analysed from more than 150 Sophos Incident Response (IR) cases, identified more than 500 unique tools and techniques, including 118 “Living off the Land” binaries (LOLBins). LOLBins are executables naturally found on operating systems, making them much more difficult for defenders to block when attackers exploit them for malicious activity.
Unpatched vulnerabilities were the most common root cause of attackers gaining initial access to targeted systems. In half of the investigations to infiltrate organisations, attackers exploited ProxyShell and Log4Shell vulnerabilities, which not surprisingly are the same vulnerabilities from 2021. The second most common root cause of attacks was compromised credentials, again a long-time consistent theme.
A key take-away from RSA last month was the reducing dwell times. More than two thirds of the attacks that the Sophos IR team investigated (68%) involved ransomware. While ransomware still dominates the threat landscape, attacker dwell time decreased in 2022, from 15 to 10 days, for all attack types. For ransomware cases, the dwell time decreased from 11 to 9 days, while the decrease was even greater for non-ransomware attacks.
In this edition, our cover feature focuses on AI and as David Carvalho writes, AI should be seen as a tool that will improve vulnerabilities that are coded in error by humans. While it will potentially significantly improve the quality of coding across web2 and web3 applications, we can never fully trust its output. Developers will still need to read and critique AI output by learning its patterns and looking for weak spots, while being cognisant of the fact that threat actors are using it for nefarious purposes in the short term.
In this context, Sean Duca provides input, highlighting how Singapore's Government Technology Agency demonstrated recently how AI crafted better phishing emails and effective spear phishing messages, much better than any human actor could.
Monica Oravcova, co-founder of Naoris Protocol also writes how AI could help organisations improve their cybersecurity defences by analysing large volumes of data and using advanced machine learning algorithms, identify patterns and trends that may indicate a cyberattack is imminent, allowing organisations to take preventative measures before an attack occurs, minimising the risk of data breaches and other cyber incidents.
Enjoy this edition covering all aspects of national cyber security and we will otherwise continue to provide coverage across the cyber domain, including a focus on AI and quantum technologies, such as our interviews with WA’s Pawsey Supercomputing Research Centre and quantum computing company, Quantinuum.
On that note, as always, there is so much more to touch on and welcome your feedback and contributions. Enjoy the reading, listening and viewing.