News // Cyber Security

Alcorn Group Cyber Security News

  • Release of OAIC Notifiable Data Breaches Quarterly Report (April - June 2018)     //    
  • Release of OAIC Notifiable Data Breaches Quarterly Report (April - June 2018) image

    The Office of the Australian Information Commissioner (OAIC) has released its first full quarterly report of statistics on notifiable data breaches reported during the April to June 2018 period. Key results highlight that of the 242 breach notifications reported:

    • 142 (or 59%) were attributed to malicious or criminal attacks, of which 97 were cyber incidents.
    • Of the 97 cyber incidents reported, the majority were attributed to compromised credentials resulting from phishing, brute-force attacks, or by unknown methods.

    Organisations can better protect the personal information they hold through establishing a regular program of security assessment and testing to identify and remediate vulnerable targets before they are compromised. Alcorn Group specialises in performing vulnerability assessments and penetration testing, which combined with our other services such as red teaming and threat and risk assessments, can provide a broad and effective means to assist with mitigating the risk of data breaches.

    Contact Us

  • read more
  • Alcorn Group Sponsors Appsecday 2018     //    
  • Alcorn Group Sponsors Appsecday 2018 image

    Alcorn Group is proud to be sponsoring AppSec Day - Brought to you by the Open Web Application Security Project (OWASP) Foundation

    “AppSec Day is Australia’s only conference dedicated entirely to application security. Aimed at providing a welcoming environment for developers, testers, devops engineers and security professionals alike. To improve their application security knowledge, skills and to network with other like minded professionals. With a day filled with talks, hands on workshops and panel sessions to learn all things application security.”

    Appsec Day is a fantastic event where you can immerse yourself in great talks, network with other security-minded professionals and attend hands-on workshops all in the same great location - RMIT University in Melbourne

    Join us on October 19th 2018

    Contact Us

  • read more
  • Draft APRA Prudential Standard CPS 234 on Information Security     //    
  • Draft APRA Prudential Standard CPS 234 on Information Security image

    In response to the increasing frequency, sophistication and impact of information security attacks, in March 2018, APRA released draft Prudential Standard CPS 234 on Information Security. The proposed standard will require regulated entities to ensure they have effective security controls in place to protect against and respond to such attacks.

    Australian regulated entities impacted by the proposed new standard are banks, building societies credit unions, life and general insurance and reinsurance companies, private health insurers, friendly societies and superannuation funds (excluding self-managed funds). The standard broadly covers the following areas that regulated entities will need to address:

    • Information security roles and responsibilities
    • Information security capability and policy framework
    • Information assets and controls, including incident management
    • Controls testing and internal audit
    • APRA notifications

    The consultation period closed in June 2018, and it is expected that the final version of the standard will be released in late 2018. The proposed effective date for the new standard is 1 July 2019.

    In preparation, regulated entities will need to assess their current information security control environment, identify any gaps, and develop and execute action plans to address any shortfalls. With its broad scope of security services, Alcorn Group can assist organisations with performing these assessments, as well as provide ongoing support for meeting the new requirements beyond the proposed effective date.

    Contact Us

  • read more
  • Creating Secure Passwords     //    
  • Creating Secure Passwords image

    With the enormous number of passwords we require in our day to day lives, it’s no wonder that people reuse them across multiple sites, or use the minimum complexity they can get away with. How does anyone store that many complex passwords in their head all at once?

    A good password is hard to guess but easy to remember. It has uppercase letters and lowercase letters, numbers, special characters, and it is long. It doesn’t include any personal information.

    This scares a lot of people, but it doesn’t have to look like this:

    .\^>s]rok?JA?}uv”BL~

    On the other hand, it shouldn’t look like this:

    Tigger123!

    Instead, there is another method of creating a good password, called a passphrase. It has uppercase letters and lowercase letters, numbers, special characters, and it is long.

    It looks something like this:

    The phone sits next to 3 keys. It is on the desk!

    Not all password fields will allow spaces; this can be alleviated by using a different character instead of a space.

    For example, if I replace the space with the letter z:

    Thezphonezsitsznextztoz3zkeys.zItziszonzthezdesk!

    A passphrase gains complexity with each element that is included in it, but it remains easy for a human brain to recall. It’s also easier to input without errors than the original complex password shown.

    But the program says my password is too long!

    Sentences are wonderful things. They vary in length. If the program or website that you’re constructing a password for doesn’t allow a lengthy password, choose a shorter one. Shorter sentences can be memorable, while still having complexity. It’s preferable to aim for the upper margins of what’s allowed, rather than the lower margins. If the program allows for a password of 4-14 characters, choose 14 characters rather than 4, such as in this example:

    JumpUp,2frogs!

    So why can’t I use this great password everywhere?

    It’s important to avoid reusing passwords. Not every organisation will safely store your password, and if you’ve reused passwords and one site gets breached, this can then mean that other sites you use are also affected.

    Are there bad passphrases?

    Not all passphrases are good to use as passwords. Book or song titles, song lyrics, or commonly known quotes may be present in password dictionaries. However, creating a unique sentence about the things around you will ensure that you’re not treading the same territory that hackers have already covered.

    Meanwhile, you can check if your account has been breached by searching at https://haveibeenpwned.com/. This handy service will allow you to see what the breach was, when your account was breached, whether your details were pasted anywhere, and the source of the breach.

    Contact Us

  • read more
  • Alcorn Group at Whisky Live 2018     //    
  • Alcorn Group at Whisky Live 2018 image

    It’s that time of year again - the time to taste some fantastic whiskys at Whisky Live.

    With a range of fine spirits on offer, as well as plenty of distiller histories being told it was a tasty and informative evening.

    Particularly popular were the Peaty Whiskys such as Octomore By Bruichladdich and Talisker’s Entire Range as well as the fantastic King’s Ginger

    Contact Us

  • read more
  • Alcorn Group and the Room of Many Escapes     //    
  • Alcorn Group and the Room of Many Escapes image

    Alcorn Group the Sleuth Master Extraordinaires visited the Brisbane Escape Hunt for an afternoon of fun and mystery.

    All teams succeeded, with minimal hacks involved.

    Contact Us

  • read more
  • Hacking Windows Domains     //    
  • Hacking Windows Domains image

    Sydney’s newest go-to security industry conference, PlatypusCon, took place on Sat 24th September. Targeted at infosec enthusiasts of all capabilities and experience, this year’s event took on a fresh approach to conferencing - holding interactive workshops instead of talks, whereby attendees could try their hands at breaking and entering, capturing flags, hacking drones and fuzzing!

    Alcorn Group’s managing consultant Lukasz Gogolkiewicz had the pleasure of demonstrating to his 50-strong audience the art of hacking Windows domains. Lukasz’s workshop took attendees on a journey of network service enumeration to identify vulnerabilities, and if possible, establish a foothold on the network. From there, it was a flag capturing mission for points via privilege escalation techniques, domain controller attacks such as password extraction and exploiting misconfigurations in service permissions.

    The workshop was received well by the attendees and the opportunity for Alcorn Group to share some of the more intimate techniques behind Windows hacking was appreciated. Keep an eye out on our twitter feed and website for more information on upcoming workshops and training sessions on hacking Windows domains and web applications.

  • read more
  • Oceana CACS Conference     //    
  • Oceana CACS Conference image

    This year’s Oceania CACS conference is being held on the Gold Coast from September 11 -13. Run by ISACA, this is the premier event in our region for IS Governance, IS Security and IS Assurance professionals.

    Alcorn Group’s founder and managing director will be presenting on Monday September 12 at 11:00am with Mayus Nath, Director of QLD Audit Office. With the theme of this year’s conference being ‘Governance, Empower, Protect’ Mayus and Wade will present to the audience their thoughts on empowering the use of new technologies by understanding attacks on Critical Infrastructure with Advanced Persistent Threats (APT’s).

    With information technology becoming more and more pervasive, not only in enterprises but also in social and public settings, organisations need to embrace new technologies, including Internet of Things in order to enter the market and be competitive. However, until recently, protection has been focussed on information system. Wade and Mayus will discuss how organisations need to take a broader view now days, incorporating multiple technologies when designing and implementing security. They’ll also take a closer look at why browsers are involved in so many advanced persistence threats (APTs). Attendees will learn more about how web browsers within organisations provide opportunities for attackers.

    The program of speakers for this year’s conference should ensure informative and insightful sessions for all attendees. For more information on the 2016 Oceania CACS click here

    If you would like more information on Alcorn Group’s contribution to this year’s event or have any general inquiries please contact us here.

  • read more
  • Future of Work Security Panel     //    
  • Future of Work Security Panel image

    This week Alcorn Group’s founder and managing director Wade Alcorn had the pleasure of joining a panel of security experts in a discussion on the importance of security in collaborative cloud environments at the inaugural Redeye Future of Work (FoW) conference.

    The FoW 2016 program was packed with informative sessions and keynotes from some of the Technology industry’s greatest contributors including Brisbane City’s Chief Digital Officer Cat Matson and Snowy Hydro CIO John McGagh.

    An excellent opportunity for business owners and enterprise leaders to learn more about innovative technologies, successful business transformation, big data, insights and creating value was provided and it was a great pleasure for Alcorn Group to be part of the mix providing input from an information security standpoint. If you’d like more information regarding what security insights and considerations your organisation should be discussing don’t hesitate to contact Alcorn Group here.

  • read more
  • Alcorn Group on 'The Weekly'     //    
  • Alcorn Group on 'The Weekly' image

    Our managing director Wade Alcorn featured on Charlie Pickering’s The Weekly last week. A tongue in cheek look at “big data” had Charlie disagreeing with Wade’s assessment of most privacy data T&Cs. As Wade noted “…you practically need a legal degree to understand them”, to which Charlie quipped that he HAS a legal degree and still can’t understand them! We here at Alcorn Group are big fans of “The Weekly” and were quite chuffed to feature!!

    You can watch are no longer able to watch the segment here

    Contact Us

  • read more
  • ACSC & Blockchain Security     //    
  • ACSC & Blockchain Security image

    Our Managing Director will be presenting in Canberra at the Australian Cyber Security Center Conference this week on all things Blockchain. Wade will delve into Bitcoin, Ripple, Ethereum and the implications of Blockchain for business and for law enforcement. Blockchain technology may be set to change the course of how the world does business - but who can honestly say they understand it? In this [presentation](http://acsc2016.com.au/program/?IntCatId=27&IntContId=7741#bitcoin, Wade will take the audience on an entertaining journey of discovery to build an understanding of this technology - what it is, who is using it, and why it may well be the biggest influence on humanity since the internet.

    Contact Us

  • read more
  • ACSC & Blockchain Security     //    
  • ACSC & Blockchain Security image

    Wade Alcorn is presenting at the Spatial Industries Business Association on Bitcoin, blockchains and digital currencies? What are they and where can we use them? The pros and cons of Ripple verse Bitcoin will be explored.

    https://www.spatialbusiness.org/

    Contact Us

  • read more
  • Blockchain as a Service     //    
  • Blockchain as a Service image

    Microsoft and ConsenSys partnered back in October 2015 to offer Ethereum Blockchain as a Service (EBaaS) on Microsoft Azure so Enterprise clients and developers could have a single click cloud based blockchain developer environment. The initial offering contained two tools that allow for the development of SmartContract based applications:

    • Ether.Camp - An integrated developer environment
    • BlockApps - a private, semi-private Ethereum blockchain environment.

    Everyone, particularly Financial Services, is interested in Blockchain technology. While a platform like Bitcoin has many great uses specifically as a Cryptocurrency, Ethereum provides the flexibility and extensibility many customers are looking for.

    In Financial Services, Blockchain is a major disruptor to some of their core businesses, and FinTech companies are driving innovation in this space. Ethereum is open, flexible can be customized to meet customer needs allowing them to innovate and provide new services and distributed applications or Đapps.

    Ethereum enables SmartContracts and Distributed Applications (ĐApps) to be built, potentially cutting out the middleman in many industry scenarios streamlining processes like settlement. But that is just scratching the surface of what can be done when you mix the cryptographic security and reliability of the Blockchain with a Turing complete programming language included in Ethereum.

    “Ethereum Blockchain as a Service” allows for financial services customers and partners to play, learn, and fail at a low cost in a ready-made dev/test/production environment. It will allow them to create private, public and consortium based Blockchain environments using industry leading frameworks, distributing their Blockchain products with Azure’s distributed (private) platform.

    Contact Us

  • read more
  • Wade Alcorn delivers keynote at BrisSEC Aisa     //    
  • Wade Alcorn delivers keynote at BrisSEC Aisa image

    Our Managing Director, Wade Alcorn, will be delivering a keynote Presentation at BrisSec on March 11th, 2016. Taking the perspective of an adversarial APT team, Wade will take you on a journey of the thought process behind hacking a browser to exploit your organisation.

    It promises to be an entertaining ride!

    https://www.aisa.org.au/aisa-conferences/brissec-2016/agenda/

    Contact Us

  • read more
  • ASX and the Blockchain     //    
  • ASX and the Blockchain image

    The Australian Stock Exchange (ASX) has announced that it has selected US-based firm Digital Asset Holdings to develop solutions for the Australian market utilising Distributed Ledger Technology. This may be able to significantly simplify and speed-up post-trade processing. For ASX clients this could reduce back-office administration and compliance costs, while investors could experience significantly faster settlement of equity transactions – potentially in near real-time.

    Adoption of Distributed Ledger Technology has the potential to stimulate greater innovation by ASX and third parties to develop new services for intermediaries, end-investors and listed companies. This would create a more competitive marketplace across a broad range of services.

    Contact Us

  • read more
  • Australian Government Cyber Security Review     //    
  • Australian Government Cyber Security Review image

    Here at Alcorn Group we are eagerly awaiting the release of the 2016 Australian Government Cyber Security Review. The issue of cyber security is one of national importance and affects every Australian citizen, and certainly every Australian business. Some estimates put the direct cost of cyber-crime to Australia a more than $1 billion a year and this seems to be on the conservative side.

    There are some great initiatives already including the Australian Information Security Association (AISA) and CREST Australia. The Cyber Security Review will be a clear direction from the federal government and a very much needed clarity. The announcement of funding through to 2019-20 to establish an industry led Cyber Security Centre highlights the government’s efforts to prioritise the area of cybersecurity, and to move towards working more closely with industry, businesses and researchers.

    It will be interesting to see how this Security Review evolves and as a wholly Australian owned cyber security company, we are keen to see engagement with Australian industry at a real level. We would like to see initiatives particularly around addressing the skills shortage within the industry that we see at the moment. Our managing director has long been banging on this drum and has been involved in several initiatives to lead Australia’s up-skilling in this area. How government can support Australian businesses to improve their resilience and understanding of cyber threats will also be an area of particular interest. We stay tuned!

    Contact Us

  • read more
  • Alcorn Group presents at Infrastructure Saturday     //    
  • Alcorn Group presents at Infrastructure Saturday image

    Our Managing Director Wade Alcorn presented to a keen bunch of professionals at Brisbane’s “Infrastructure Saturday” on November 21st. Interest certainly seems to be growing around Bitcoin, Ripple the Blockchain and Etherium. There were lots of interesting questions and stimulating discussion. Thanks to Just People’s Adam Broadbent. Of course, a big thanks to Alan Burchill and his team for hosting the day too.

    Contact Us

  • read more
  • Bitcoin User Group session was a huge success     //    
  • Bitcoin User Group session was a huge success image

    Our MD Wade Alcorn had the pleasure of presenting to the Brisbane Cloud User Group on 5th November. Wade discussed BitCoin, Banking with Ripple, The Blockchain, and the brave new frontier of Etherium. Big thanks to Just People’s Adam Broadbent and Brisbane Cloud Group for facilitating the evening https://bnehyperv.wordpress.com.

    If you missed the session, why not come along to Wade’s next presentation which will be at “Infrastructure Saturday” in Brisbane on November 21st: http://www.infrastructuresaturday.org

    Contact Us

  • read more
  • Cracking the Mac Security Myth     //    
  • Cracking the Mac Security Myth image

    Wade Alcorn is among a few security bods having a discussion in this insightful article on crn.com.au. Always interesting to explore the assumptions and myths around security and branding that are out there. As Wade states in the article: “The bad guys go where the money is”, so will we be seeing more and more attacks on Macs in the future?

    More details here: Cracking the Mac security myth - CRN

    Contact Us

  • read more
  • Security and Artificial Intelligence     //    
  • Security and Artificial Intelligence image

    Wade Alcorn recently had the pleasure of presenting to some security folk at an Australian Information Security Association (AISA) Adelaide event. Wade spoke about a topic of increasing interest within the media, and within the security world: security, artificial intelligence and big ideas.

    Wade gave an entertaining and thought provoking talk on both the potential and real security implications of AI. We at Alcorn Group say - watch this space. This isn’t the last you have heard from security and artificial intelligence!

    More details here: AISA National

    Contact Us

  • read more
  • XSS Virus a Decade On     //    
  • XSS Virus a Decade On image

    AG’s Managing Director recently took a trip down memory lane with the register’s Darren Pauli. It’s been ten years since Wade publicly demonstrated that cross site scripting vulnerabilities could be used to construct a virus.

    More details here: The Register

    Contact Us

  • read more
  • Leak of Personal Details of Defence Employees     //    
  • Leak of Personal Details of Defence Employees image

    Alcorn Group’s Managing Director speaks to the ABC’s Brendan Trembath on the AM current affairs program about what’s believed to be the personal phone numbers, email addresses and computer passwords of US and Australian defence employees that have been published online.

    Full story here: Article

    Contact Us

  • read more
  • Cybersecurity: The New Due Diligence     //    
  • Cybersecurity: The New Due Diligence image

    We came across this report recently and really liked the main gist. When considering a merger or acquisition with any new company, cybersecurity is fast becoming no longer an afterthought, but a very important part of due diligence. Alcorn Group is highly skilled in providing visibility into the risks and threats any company may face.

    Full story here: Article

    Contact Us

  • read more
  • AusCERT Pre-Conference Presentation     //    
  • AusCERT Pre-Conference Presentation image

    Wade Alcorn will be presenting at an AUSCert pre-conference session on Tuesday (2nd June 2015). Wade will be diving into the exciting area of BitCoin, the BlockChain, Smart Contracts and the future of the security of these technologies.

    Full story here: Conference Detail

    Contact Us

  • read more
  • Internet of Hackable Things     //    
  • Internet of Hackable Things image

    Check out this Sydney Morning Herald article exploring a few different cyber topics that are capturing the media’s attention at the moment. Wade Alcorn was interviewed for the article, particularly around the hot off the press 2015 ACC Report into Organised Crime.

    Full story here: Internet of hackable things: wired world wide open to new age of cyber crime

    Contact Us

  • read more
  • Telstra's Pacnet Breach     //    
  • Telstra's Pacnet Breach image

    We had a chat to Bloomberg’s David Fickling about the recent brouhaha with Telstra’s Pacnet. There’s always a spike in the interest about the who? and how? after these kinds of high profile attacks.

    Another timely reminder for all businesses that your cyber security is really a prime concern for your shareholders - Telstra’s shares dropped 9 cents when this incident was announced.

    Full story here: Hackers Exposed Government Data in Breach of Telstra’s Pacnet

    Contact Us

  • read more
  • The Australian Crime Commission 2015 Organised Crime Report     //    
  • The Australian Crime Commission 2015 Organised Crime Report image

    If you have a spare half hour, make yourself a coffee and have a read through the 2015 ACC Report on Organised Crime in Australia. It makes for an interesting, if not daunting, read. The main things we took away from the report from our perspective.

    1. Cybercrime ain’t going away any time soon and is becoming an increasingly significant factor in many aspects of organized crime

    2. The report extrapolates the cost of cybercrime to Australians this year will be over $936 million.

    And this is based only on ACORN self reporting of small-medium businesses, so the report acknowledges this is likely to be an underestimation. We would agree with that- many businesses avoid self reporting, and we all know that cybercrime certainly targets large businesses and government agencies as well, sometimes with devastating impacts. So let’s face it – we are looking at a conservative estimate of over 1 billion dollars this year.

    Organised Crime in Australia 2015 report

    Contact Us

  • read more
  • Cyber Attacks on Australian Businesses Rose 20pc Last Year     //    
  • Cyber Attacks on Australian Businesses Rose 20pc Last Year image

    Wade Alcorn chats to ABC’s “The Business” about cyber threats to Australian businesses. “…finance has been facing cyber threats for quite a long time now - it’s one of the most strongly positioned industries in Australia…” You can see the full story here: ABC News Story - Cyber attacks on Australian businesses rose 20pc last year

    Contact Us

  • read more
  • Presentation at ACSC Conference: Security of Browsers - Why are APTs successful?     //    
  • Presentation at ACSC Conference: Security of Browsers - Why are APTs successful? image

    At the Australian Cyber Security Center Conference Wade Alcorn presented an entertaining and insightful take on APTs and web browser security in Australia today.

    The presentation description was “Why are browsers involved in many APTs? In this presentation you will learn how the web browsers in your organisation provide an opportunity for an attacker. You will explore and understand how they provide a great return of investment for your adversaries. You know them, you love them but how far can you trust them?”

    Standing room only!

    More details here: ACSC Speaker Details

    Contact Us

  • read more
  • Alcorn Group Leads AISA Web Hacking Workshop     //    
  • Alcorn Group Leads AISA Web Hacking Workshop image

    Alcorn Group leads a very popular Hacking Workshop at AISA. Today Wade led a popular browser hacking workshop in Brisbane. Always rewarding presenting to a local crowd!

    More details here: AISA BrisSec Speakers

    Contact Us

  • read more
  • Crypto App Uses Single-byte XOR     //    
  • Crypto App Uses Single-byte XOR image

    Our Managing Director comments on encryption… “Encryption is hard, very hard! … This goes to re-emphasise one of the golden rules of secure development: do not create your own cryptographic functions.”

    Read the full article: The Register

    Contact Us

  • read more
  • How Much Do We Value Our Privacy?     //    
  • How Much Do We Value Our Privacy? image

    Managing Director Wade Alcorn featured in an interesting Lateline story around privacy and personal data. Check out the social experiment in the café- what happens when people start acting like apps? Are we so ready to give away our personal data when it is face to face?

    More details here: ABC Interview

    Contact Us

  • read more