Malware-tracking portal helps Australian ISPs trace bots to device level

Australian Internet service providers (ISPs) will be able to get device-level information about malware infections on their customers' computers after the Australian Internet Security Initiative (AISI) launched an online portal into its expanding malware database.

AISI, run by the Australian Communications and Media Authority (ACMA), has been collecting details of malware compromises from a range of sources since 2005. Some 17 organisations currently contribute to the program, including Microsoft, The Shadowserver Foundation and security research group Team Cymru.

The AISI program currently has some 139 participants and is collecting around 70,000 'observations' of malware every day. And while its nature means that it is “by its very nature retrospective”, ACMA Internet Security Programs section manager Julia McKean said, “it should inform and cultivate solutions for the future.”

The new portal – to which one-third of AISI participants had already signed up at its launch today – is one such solution, notable not only because it provides better visibility to existing alerts but that it is able to identify with far greater granularity which device on a particular network has been infected with malware.

This is a big change from the AISI service's previous design, in which observations were limited to a particular IP address and offered no additional information about which device on home networks had suffered the malware alert.

“Growth in home networks and business networks in Australia – and in the number of devices attached to a network, such as smartphones, tablets, game consoles – make identifying an infected device much more difficult,” ACMA chairman Chris Chapman said in a statement.

Chapman cited ACMA research suggesting that around half of households, 56 percent of small businesses and 74 percent of medium-sized businesses have networks with five or more devices connected to the Internet.

Many of those devices are old and outdated, running old and unpatched versions of software or even entire operating systems, such as Windows XP, that are no longer officially supported.

This growing demographic makes device-level malware tracking more important than ever, Chapman said. For this reason, the new AISI portal “is local network aware,” he continued.

“It recognises the multiple devices connected to local networks. For the first time, it now provides internet service providers with detailed information about an infection that can determine the problem device within a home or business network.”

That information will help participating ISPs become more proactive in their malware response, contacting customers when malware infections are detected.

“It's important that we recognise that Internet use for home and small business users has evolved exponentially since the early days of the AISI,” McKean said.

“That is why the AISI has needed to move with the times. It's likely, with the emergence of smartphones, that many more home appliances will be Internet contactable – and that this will be a continuing theme into the future. And there's no doubt cyber criminals will continue to keep us on our toes.”

The new portal complements AISI-informed services including ACMA's Phishing Alert Service – which has handled nearly 31,100 phishing reports since January this year – and a spam compliance program that supports spam enforcement for a range of public and private-sector agencies.

This article is brought to you by Enex TestLab, content directors for CSO Australia.

Join the CSO newsletter!

Error: Please check your email address.

Tags Chris ChapmanMalware-trackingAustralian ISPACMACSO AustraliaAustralian Internet Security Initiative (AISI)device-level malwareunpatched versionsmalware infectionsJulia McKeanEnex TestLab

More about Australian Communications and Media AuthorityCSOEnex TestLabe-SecurityMicrosoft

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: Will your data protection strategy be enough when disaster strikes?

    Speakers: - Paul O’Connor, Engagement leader - Performance Audit Group, Victorian Auditor-General’s Office (VAGO) - Nigel Phair, Managing Director, Centre for Internet Safety - Joshua Stenhouse, Technical Evangelist, Zerto - Anthony Caruana, CSO MC & Moderator

    Play Video

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

More videos

Blog Posts

Market Place