The week in security: Growing attacks prompt calls for cybersecurity speed-up as election looms

As the last weeks of the election campaign ticked over, the Australian Computer Society was calling for whichever party wins the July 2 poll to accelerate its investment in cybersecurity development. This investment reflects not only the growing need for cybersecurity skills but the need to defend the country against attacks from the likes of China – which, despite reports that it has reined in its state-sponsored cyberwar efforts, is still targeting Australia with some regularity and is choosing targets based on more than just their relative importance to Australia's trade.

Governments are also addressing issues of online identity with increasing importance, with the director of UK-based GDS Verify Tech expecting online IDs for everyone in “a small number of years”.

High-level tech policy will also need to address the increasing role of companies like CrowdStrike, which opened an Australian office that it sees as a touchstone for its expanded Asia-Pacific presence. NEC Australia has also been stepping up its Australian cybersecurity presence, with a $4.38m cybersecurity centre in Adelaide providing a key capability in the company's growing global service network.

Such businesses are leveraging the growing role of data in ongoing cybersecurity efforts, with machine learning technologies one key enabler for companies like Hungarian startup BalabIt's privileged-account tools. Others are wrapping the conceit into behavioural firewalls that rank each device's relative risk and block or unblock it according to corporate policies.

Amazon Web Services and Microsoft cloud platforms won security approval for use by US government authorities while a massive breach of computer maker Acer exposed the personal information of 34,500 online shoppers.

Signs suggested that ransomware attacks were getting far more serious as they targeted increasingly large firms and victim numbers continued skyrocketing. And, confirming the breadth of the threat, there were suggestions that hackers had been selling access to 170,000 compromised servers.

Microsoft paid out two significant bounties for the same bug in June, while pundits were reviewing the US Department of Defense's bug-bounty program. This, as another security firm confirmed that Russians had hacked the country's Democratic National Commitee in a recently publicised compromise despite a lone hacker's claim that he had done the deed.

This, as tech groups said the FBI shouldn't be allowed to do mass hacking and a US court ruled that the FBI doesn't need a warrant to hack a suspect computer. Also on the US legal front, Microsoft was claiming success after a US Supreme Court decision held that US laws do not apply outside the country without explicit provisions from Congress.

Consumer authority the US FTC alleged that a mobile advertiser was tracking users' locations without their consent, while there were warnings that remote device management software used to track employee devices may be collecting more information than employees are comfortable with.

Contrary to conventional wisdom, some were arguing that developers who regularly update software code can improve overall security. This may prove to be relevant for IT-security practitioners expressing concern about the security of their industrial control systems, as part of a growing movement to formalise infrastructure protections through what is being billed a 'Geneva Convention for cybercrime'.

Join the CSO newsletter!

Error: Please check your email address.

Tags cybersecuritycyber attacksweeek in securityelectionChinaCSO Australia

More about AcerAmazon Web ServicesAustralian Computer SocietyCrowdStrikeFBIFTCGenevaindeedMicrosoftNECNEC Australia

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by David Braue

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts

Market Place