Australia’s privacy watchdog will probe the personal information handling practices of Clearview AI after several policing agencies admitted to having used the controversial facial recognition tool.
The Office of the Australian Information Commissioner (OAIC) on Thursday opened a joint investigation into the software with the United Kingdom’s Information Commissioner’s Office (ICO).
The tool, which is targeted at law enforcement agencies, is capable of matching images with billions of others from across the internet, including social media, to find persons of interest.
As part of the probe, OAIC and its overseas counterpart will look at Clearview AI’s “use of ‘scraped’ data and biometrics of individuals”, as well as how it manages personal information more broadly.
“The investigation highlights the importance of enforcement cooperation in protecting the personal information of Australian and UK citizens in a globalised data environment,” the OAIC said in a brief statement.
“In line with the OAIC’s privacy regulatory action policy, and the ICO’s communicating our regulatory and enforcement activity policy, no further comment will be made while the investigation is ongoing.”
The investigation follows preliminary enquiries by OAIC earlier this year after the tool was revealed to have been used by 2200 law enforcement agencies globally, including the Australian Federal Police and the Queensland, Victoria and South Australia police forces.
While the four policing agencies initially denied that the software had been used, the AFP and Victoria Police have since been forced to admit to having briefly trialled the tool from late 2019.
The AFP confirmed in answers to questions on notice that seven officers from the Australian Centre to Counter Child Exploitation had used the tool to conduct searches after being sent trial invitations from Clearview AI.
Victoria Police, similarly, confirmed in a freedom of information request that several officers from the Joint Anti-Child Exploitation Team had run more than 10 searches using the tool after signing up.
Both agencies stressed that Clearview AI had not been adopted as an enterprise product and that no formal commercial agreements had been entered into.
When it launched, COVIDSafe was marketed as Australia’s ticket out of lockdown, so long as everyone downloaded it.
“If you want to go outside when the sun is shining, you have got to put sunscreen on. This is the same thing,” Prime Minister Scott Morrison said at the time.
Two months on, state and territory health departments are yet to declare the app has identified any people exposed to COVID-19 who weren’t already found by traditional contact tracers.
And as the app’s technical challenges have been revealed, public health experts are questioning whether the app is a distraction from the “real work” of controlling coronavirus.
It’s too early to provide a verdict, but it is common for technologies to be presented as “our knights in shining armour” during a pandemic, according to Julie Leask, a public health and infection disease specialist at Sydney University.
It’s human to see something we can hold, something that’s tangible, as more helpful than “the more invisible human behaviours and public health capacities that are still at the heart of our control of [COVID-19]”, she said.
A Health Department spokesperson said all its communications about COVIDSafe highlight the app as just one important tool in controlling COVID-19.
“Communication clearly places the app alongside the need for physical distancing, good hygiene and the importance of staying at home if unwell (and getting tested),” she said.
The risk of complacency
As the country faces a spike of cases in Victoria, some public health experts are concerned the Government’s comparison of the app to sunscreen could make Australians complacent.
Often the hardest thing for people to change about their health is their behaviour, according to Adam Dunn, who leads biomedical informatics and digital health at the University of Sydney.
“It’s much easier to prescribe someone medication … than convince them to completely change their lifestyle,” he said.
While a simple technical solution to the coronavirus lockdown is an attractive idea, it’s not so easy.
Holly Seale, a senior lecturer at UNSW’s School of Public Health and Community Medicine, said focusing on the app’s benefits to the individual may have raised expectations beyond what is technologically possible.
Instead, Dr Seale suggested public health campaigns should focus on its collective benefit to the contact-tracing process.
Today the “Stay COVID free and do the 3” catchphrase is used in advertisements, a Health Department spokesperson said, to encourage Australians to download the app as well as maintain hygiene and distancing.
And the Government is speaking about it less often. In the two weeks after launch, the Prime Minister Scott Morrison mentioned COVIDSafe in 14 press conferences, interviews and media releases that are transcribed on his website. He’s mentioned it just once in the past two weeks.
A technical quick fix
A technical solution to the coronavirus lockdown is an attractive narrative — and one both the Government and many parts of the media ran with.
But Dr Leask said caution was necessary, especially as the public was presented with little evidence for the app’s effectiveness.
“As the saying goes, with every complex problem there’s a solution that’s simple, clear and usually wrong,” she said.
Modelling released today by the public health think tank the Sax Institute suggests a second wave of COVID-19 infections in Australia is likely if social-distancing measures and testing decline.
The research found that in this scenario, the COVIDSafe app could help curb the number of infections.
But this modelling makes some assumptions: that uptake of the app reaches more than 60 per cent of the Australian population, and that the app works as it is intended to.
Sax Institute senior simulation modeller Danielle Currie said that while COVIDSafe had not reached these targets yet, the modelling was reason for optimism.
“What our work shows is that using the app and promoting it widely is worthwhile, assuming that there are technological improvements. This should give the Government confidence to continue its pushing,” she said.
Dr Currie said the app could still prove to be helpful in places like Victoria where there are outbreaks.
“If there’s not many cases, the app won’t pick it up. But if we do get a lot — and the model suggests we might — it could be very helpful,” she said.
The other options
So, could the time, millions of dollars and effort spent on COVIDSafe have been invested elsewhere instead, to better effect? There’s no single answer.
As a behavioural researcher, Dr Leask would like more funding for public health research — how to provide better messaging for communities where English is not their first language, for example.
And in Dr Dunn’s view, Australia would have benefited from more communication about contact tracers and the work they do, as well as more financial support for such teams overall.
For others, masks are the issue of the day. Epidemiologist Mary-Louise McLaws, who advises the World Health Organization (WHO), hopes Australian authorities implement firm guidelines on face masks, because currently the Government doesn’t recommend them.
The WHO initially said healthy people did not need to wear masks but later revised its advice, recommending their use whenever social distancing was impossible.
“[The Government] should be telling people to wear a mask on public transport in or outside of hotspots. It really stands to reason that they should be enforcing masks in some situations,” Dr McLaws said.
Lidia Morawska, who is an expert in aerosol science at the Queensland University of Technology, is frustrated the potential airborne transmission of COVID-19 has been overlooked by authorities.
She makes the case for concrete guidelines on ventilation of high-traffic venues like restaurants, cafes and churches so people aren’t at risk from potentially infected particles lingering in the air.
If the cafe you’re sitting in for a few hours doesn’t know much about the science of air movement, which is pretty likely, this could be problematic, Dr Morawska said.
“We need investment in proper guidelines about ventilation to protect people indoors from infection transmission,” she said. “Researchers have been calling for this since SARS-CoV-1.”
There’s still much to learn about aerosol transmission of COVID-19. The WHO has acknowledged its danger in clinical settings, but is waiting for more peer-reviewed research to assess its risk in other environments.
In the end, Dr Leask believes Australia’s best solutions for controlling COVID-19 remain those that have proven their worth time and again.
“Looking back, you can’t beat good old-fashioned public health … when you don’t yet have a vaccine or a treatment that’s established as being really effective,” she said.
The Australian Government is aware of, and responding to, a sustained targeting of Australian governments and companies by a sophisticated state-based actor.
A range of tactics, techniques and procedures are being used to target multiple Australian networks. It’s important that Australian companies are alert to this threat and take steps to enhance the resilience of their networks. Cyber security is everyone’s responsibility.
What your IT managers can do
The ACSC has produced the a technical advice for Information Technology managers.
The advice includes the following mitigation strategies to help reduce the risk of compromise to your systems:
1. Prompt patching of internet-facing software, operating systems and devices
All exploits utilised by the actor in the course of this campaign were publicly known and had patches or mitigations available. Organisations should ensure that security patches or mitigations are applied to internet-facing infrastructure within 48 hours. Additionally organisations, where possible, should use the latest versions of software and operating systems.
2. Use of multi-factor authentication across all remote access services
Multi-factor authentication should be applied to all internet-accessible remote access services, including:
A newly discovered spyware effort attacked users through 32 million downloads of extensions to Google’s market-leading Chrome web browser, researchers at Awake Security told Reuters, highlighting the tech industry’s failure to protect browsers as they are used more for email, payroll and other sensitive functions.
Alphabet Inc’s Google said it removed more than 70 of the malicious add-ons from its official Chrome Web Store after being alerted by the researchers last month.
“When we are alerted of extensions in the Web Store that violate our policies, we take action and use those incidents as training material to improve our automated and manual analyses,” Google spokesman Scott Westover told Reuters.
Most of the free extensions purported to warn users about questionable websites or convert files from one format to another. Instead, they siphoned off browsing history and data that provided credentials for access to internal business tools.
Based on the number of downloads, it was the most far-reaching malicious Chrome store campaign to date, according to Awake co-founder and chief scientist Gary Golomb.
Google declined to discuss how the latest spyware compared with prior campaigns, the breadth of the damage, or why it did not detect and remove the bad extensions on its own despite past promises to supervise offerings more closely.
It is unclear who was behind the effort to distribute the malware. Awake said the developers supplied fake contact information when they submitted the extensions to Google.
“Anything that gets you into somebody’s browser or email or other sensitive areas would be a target for national espionage as well as organized crime,” said former National Security Agency engineer Ben Johnson, who founded security companies Carbon Black and Obsidian Security.
The extensions were designed to avoid detection by antivirus companies or security software that evaluates the reputations of web domains, Golomb said.
If someone used the browser to surf the web on a home computer, it would connect to a series of websites and transmit information, the researchers found. Anyone using a corporate network, which would include security services, would not transmit the sensitive information or even reach the malicious versions of the websites.
“This shows how attackers can use extremely simple methods to hide, in this case, thousands of malicious domains,” Golomb said.
After this story’s publication, Awake released its research, including the list of domains and extensions.
All of the domains in question, more than 15,000 linked to each other in total, were purchased from a small registrar in Israel, Galcomm, known formally as CommuniGal Communication.
Awake said Galcomm should have known what was happening.
In an email exchange, Galcomm owner Moshe Fogel told Reuters that his company had done nothing wrong.
“Galcomm is not involved, and not in complicity with any malicious activity whatsoever,” Fogel wrote. “You can say exactly the opposite, we cooperate with law enforcement and security bodies to prevent as much as we can.”
Fogel said there was no record of the inquiries Golomb said he made in April and again in May to the company’s email address for reporting abusive behavior, and he asked for a list of suspect domains.
After publication, Fogel said the majority of those domain names were inactive and that he would continue to investigate the others.
The Internet Corp for Assigned Names and Numbers, which oversees registrars, said it had received few complaints about Galcomm over the years, and none about malware.
While deceptive extensions have been a problem for years, they are getting worse. They initially spewed unwanted advertisements, and now are more likely to install additional malicious programs or track where users are and what they are doing for government or commercial spies.
Malicious developers have been using Google’s Chrome Store as a conduit for a long time. After one in 10 submissions was deemed malicious, Google said in 2018 it would improve security, in part by increasing human review.
But in February, independent researcher Jamila Kaya and Cisco Systems’ Duo Security uncovered a similar Chrome campaign that stole data from about 1.7 million users. Google joined the investigation and found 500 fraudulent extensions.
“We do regular sweeps to find extensions using similar techniques, code and behaviors,” Google’s Westover said, in identical language to what Google gave out after Duo’s report.
New technology that could help alert people who have been in close contact with someone who has COVID-19 is being tested to determine if it will work in Australia.
Google and Apple have devised a COVID-19 exposure notification system they hope health authorities globally will use to build contract tracing apps and improve existing platforms, like Australia’s COVIDSafe.
It has been offered to governments across the world and so far 22 countries have requested and received access to the technology, including Australia.
“The Digital Transformation Agency and the Department of Health have been working with Apple and Google to understand and test the Exposure Notification Framework since it was released to see how it can be applied in Australia,” a spokesman for Government Services minister Stuart Robert said.
“That testing is ongoing.”
How does it work?
Apple and Google said the application programming interface (API) was designed to improve local contact tracing efforts and not replace them.
The pair said the technology could address some of the technical difficulties that have plagued contact tracing apps, including Australia’s COVIDSafe.
The API, like COVIDSafe, uses Bluetooth to create a log of other devices that come into close range.
While the government said COVIDSafe worked reliably on launch, Digital Transformation Agency (DTA) chief executive Randall Brugeaud later admitted an iPhone could not always record all the people it came into close contact with due to Bluetooth issues.
“The quality of the Bluetooth connectivity for phones that have the app installed running in the foreground is very good [but] it progressively deteriorates,” he said.
“You get to a point where the phone is locked and the app is running in the background.”
Subsequent software updates to COVIDSafe may have improved these issues, but the DTA is yet to clarify how it has enhanced the performance on iPhones.
“We are continuing the enhancement of the Bluetooth operation of the app on iPhones and it is working as designed,” said Department of Health Chief Information Officer Daniel Keys.
Apple and Google believe that without their assistance, contact tracing apps that rely on Bluetooth may have technical challenges and drain phone batteries.
They also said iPhones and Android phones that have downloaded contact tracing apps cannot easily detect each other without the API.
The technical challenges outlined by the companies suggest the COVIDSafe app is not able to collect all the data it was set out to do.
“Apple and Google cooperated to build … technology that will enable apps created by public health agencies to work more accurately, reliably and effectively across both Android phones and iPhones,” a spokesperson for Apple and Google said.
How are the API and COVIDSafe app different?
The COVIDSafe app keeps an encrypted log of everyone who also has the app on their device if they come into close contact with each other, but users cannot access that list.
But Thinking Cybersecurity CEO Vanessa Teague said there is a key difference in how Google and Apple want the data to be shared.
“It’s crucially different in the amount of information that passes through the central authorities,” she said.
Under the COVIDSafe app, health authorities ask permission to access the information about who an infected person has been in contact with and then uses it to notify those people.
Ms Teague said the Apple/Google system would mean health authorities are removed from the process.
While the exact operating details are unclear, it seems that if a person tests positive they can choose to report the diagnosis, which would then send a notification to those who had been in close contact.
“You get a notification on your phone that says you have been in proximity with a person who has tested positive for COVID-19 so then you know, but at that point, the authorities don’t know that you have been potentially exposed,” she said.
Apple and Google would allow public health authorities to decide how to reach exposed individuals for further contact tracing — possibly by asking users to voluntarily share personal details, like a phone number.
But can we even use the API?
While the Department of Health examines whether the API can be used in conjunction with COVIDSafe, Apple and Google have made clear there are restrictions on its use that could complicate any moves by Australia to take up the system.
For example, while health authorities can ask users to share personal information such as a phone number to support contact tracing efforts, the companies’ spokespeople said the app cannot require it.
COVIDSafe currently asks the user to share a name, phone number, and postcode and age range before they can download the app.
Ms Teague said the API will likely fix technology problems associated with COVIDSafe such as Bluetooth connectivity, but the Government may not be inclined to give away the control it has to contact trace.
But she argued that if the Government adopted the API, more Australians could be inclined to sign up.
“That is the key democratic decision to be made,” she said.
“If we want a decentralised app, there will be less information available to a centralised government service.
“But maybe more people will use the app because they will be more willing to do so if that information isn’t being centralised.”
“Or, we could continue to insist on the centralised app knowing some people won’t use it because they don’t want that information shared about them.”
The Government will no doubt be looking to try and find a balance so that it can improve the technology of the app while being able to maintain control of contact tracing.
Health Minister Greg Hunt spoke with Apple’s vice-president for health, Dr Sumbul Desai, to discuss Australia’s health roadmap, which included screening tools and the COVIDSafe app.
COVIDSafe was sold by the Government as essential to lifting coronavirus lockdown restrictions, but the app is yet to provide much assistance to local health authorities.
Since its launch on April 26, more than 6.2 million people have downloaded the app. But so far, no local health authorities have announced that COVIDSafe identified any otherwise unidentified contacts.
Authorities say that is because case numbers in Australia are so low.
“Australia is in a fortunate position with so few cases across the country, including returning travellers who would not have the app,” a Department of Health spokesperson said.
Data from the app has been accessed in around 30 coronavirus cases nationwide, during a period when around 565 new cases were diagnosed in Australia, including infections acquired overseas.
Nevertheless, health authorities continue to urge Australians to download it.
On the weekend, deputy chief medical officer Paul Kelly said COVIDSafe could prove useful for contact tracing if there was a spike in infections from recent Black Lives Matter protests, but only if people had the app on their smartphones.
One person who attended the protest in Melbourne on Saturday is among Victoria’s eight new coronavirus cases, however it’s not yet known if that person had the app.
“The COVIDSafe app would be absolutely critical and crucial in this type of setting. It’s exactly what it is designed to do, is to pick up cases when you don’t know the people around you,” Dr Kelly said.
“We’ve had a very good uptake of the COVIDSafe app, but the majority of people that have mobile phones have not downloaded the app so far.”
Contacts identified via manual contact tracing
In Victoria, the contact tracing app is yet to identify any close contacts of people diagnosed with COVID-19 that were not also identified via the traditional and painstaking manual contact tracing process.
That’s despite the state finding 21 coronavirus cases that had the app and allowed health authorities to access COVIDSafe data.
In May, Victoria announced that one potential exposure had been picked up by the app that manual contact tracers did not locate, but further investigation later found the interaction did not meet the close contact criteria.
“With only a small number of cases being reported each day in Victoria, there have been few opportunities to use the app so far — and we hope this continues,” a spokesperson for the Victorian Department of Health and Human Services said.
In New South Wales, low levels of community transmission have also provided few opportunities to use COVIDSafe.
A spokesperson for NSW Health said the state’s new cases over the past 15 days were predominantly people in hotel quarantine.
So far, data from COVIDSafe has been accessed fewer than 10 times in the state. It’s unclear whether close contacts were identified in those instances.
In Queensland, there have been no COVID-19 positive individuals identified as COVIDSafe users.
And in Tasmania, the Northern Territory, the ACT, Western Australia and South Australia, where there are few or no new coronavirus cases, local health departments told the ABC they have had no opportunity to use the app.
Data from COVIDSafe, which uses Bluetooth to transmit and record IDs from smartphones with the app that are within range, is uploaded with consent to a central database when someone is diagnosed with COVID-19.
It is then analysed to identify close contacts — considered to be those within approximately 1.5 metres, for a period of 15 minutes or more.
Measuring the success of COVIDSafe
It’s premature to judge the success of a public health intervention like COVIDSafe, according to Seth Lazar, who leads the Humanising Machine Intelligence project at the Australian National University.
“There’s just not enough cases and not enough time,” he said.
“For any measure you want to look at, you want to have enough cases and enough data.”
But it’s unclear how the contribution of COVIDSafe to Australia’s contact tracing regime will ultimately be measured, and there are few public benchmarks.
While more than 6 million Australians have downloaded it, this isstill short of the 40 per cent of the population target first discussed as part of the Government’s plans to ease lockdown restrictions.
That goal has since fallen by the wayside. Acting Secretary for Health Caroline Edwards told a Senate committee investigating the COVID-19 pandemic response in May that there was no download target at all.
And while Australia’s low rate of community transmission provides few opportunities for use, the technical reliability of the app to transmit and collect data is still hotly debated.
Dr Lazar said contact tracing apps like COVIDSafe may provide the most benefit during a second wave of coronavirus infection, and that mass gatherings like the recent protests might provide a test for the app’s efficacy.
“It’s a scenario where you’re going to get anonymous close contacts, but it’s also a scenario where you may want a more privacy preserving approach,” he said.
The Digital Transformation Agency, which developed COVIDSafe, has released a number of updates to the app, including most recently the ability to download the app from non-Australian app stores — an important step, given the restriction risked preventing travellers, migrant workers and others from accessing the technology.
“The Australian community can have confidence the app is working securely and effectively, despite the lack of community transmission of COVID-19,” a DTA spokesperson said.
A Dutch masters student has found vulnerabilities in the Thunderbolt input/output port hardware design that lets attackers fully bypass computer access security measures such as Secure Boot, login passwords and full-disk encryption.
Physical access to computers are required however, to perform the attack that MSc student Björn Ruytenberg named Thunderspy.
The attack takes about five minutes, and leaves no traces otherwise.
Designed by Intel and Apple, and included in millions of Windows, Linux and Mac computers since 2011, Thunderbolt is a high-speed peripheral interconnect system that can daisy-chain up to six devices.
To achieve the high bandwidth of up to 40 gigabit per second, Thunderbolt devices use direct memory access (DMA) which researchers last year showed could be abused to fully take over computers.
Ruytenberg’s Thunderspy is a collection of seven vulnerabilities that break Intel’s Security Levels architecture for Thunderbolt versions 1, 2 and 3, which is allows users to authorise trusted devices only.
On Macs, running Windows or Linux within Apple’s Boot Camp emulator disables all Thunderbolt security, making attacks trivial to perform.
By exploiting the vulnerabilties, Ruytenberg created nine practical exploits.
These allowed him to create arbitrary Thunderbolt devices, and to clone already user-authorised ones and to obtain PCIe bus connectiivty to perform DMA attacks.
It is also possible to permanently disable Thunderbolt security and block all firmware updates, Ruytenberg found.
Plugging in malicious Thunderbolt cables, USB-C to DisplayPort or HDMI video output dongles or external hard drives could let attackers break into the vast majority of recent laptops and desktops, if they have physical access to the devices.
Apple and Intel have been notified of the vulnerabilties, which appear to be unfixable as they are likely to require a hardware redesign.
To mitigate against the Thunderspy vulnerabilties, Ruytenberg suggests to implement physical security if it isn’t feasible to disable the Thunderbolt controller entirely.
This includes only connecting your own Thunderbolt peripherals, and not lending them to anybody or leaving them unattended.
Users should not leave their systems powered on even with the screen lock enabled.
Suspend to disk hibernation or completely powering off systems instead of using suspend to memory sleep mode is also recommended for additional protection against Thunderspy exploitation.
The protective measure could reduce performance however, and in some cases causes compatibility issues with Thunderbolt devices that stop working, if their drivers don’t support DMA remapping.
Whether or not the most recent version 4 of Thunderbolt, introduced by Intel this year, is vulnerable is unknown at the moment.
USB 4 that was introduced last year supports Thunderbolt-based signalling, and Ruytenberg advised users to exercise caution until hardware designed with the new peripheral interconnect protocols has been tested to ensure the current vulnerabilities are addressed.
There could be further Thunderbolt vulnerabilties arriving, as Ruytenberg is continuing his Thunderspy research with a second part.
Ruytenberg has released the Spycheck free open source tool for Windows 7, 8.x and 10, and Linux kernel 3.6 and later, to help users find out if their systems are vulnerable.
Microsoft warns to stay alert from human-operated ransomware campaigns
During the pandemic crisis, the cybercriminals are still looking for victims. The Microsoft’s Threat Protection Intelligence Team has warned. The ransomware criminals are still looking to attack healthcare and critical service providers. It has also issued a detailed guide in order to reduce the risk of falling victim to them.
Previously, the ransomware attacks were usually automated. But this time Microsoft confirmed that these attacks are not done in an automated fashion. Instead, they are conducted by criminal gangs that work by compromising internet-facing network devices. In order to establish a presence on vulnerable systems months before they strike and steal and encrypt victims’ data.
The attackers have a range of vulnerabilities. Which they can use to access victims’ networks and work. Their way to capture credentials and prepare for the final ransomware activation, Microsoft noted.
The most recent ransomware attacks that were observed by the Microsoft security teams highlighted Remote Desktop Protocol or Virtual Desktop systems that aren’t secured with multi-factor authentication.
Older, unsupported and unpatched operating systems. For instance: Microsoft Windows Server 2003 with weak passwords and 2008, misconfigured web servers including Internet Information Services, back up servers, electronic health record software and systems management servers are all being attacked currently. Vulnerable Citrix Application Delivery Controller and Pulse Secure are also in ransomware criminals’ sights and should be patched as soon as possible.
Once the cybercriminals have access to the victims’ device. They attempt to steal admin login credentials and move laterally within networks with common tools. For instance: Mimikatz and Cobalt Strike, Microsoft said.
After gaining access, the attackers usually create new accounts, modify Group Policy Objects in Windows. We add scheduled tasks and register operating system services, and deploy backdoors and remote access tools for persistence. CSPRO wait for an opportune moment to activate the ransomware to blackmail victims.
Several human-operated ransomware payloads are actively being used presently.These include RobbinHood, REvil/Sodinokibi, the Java-based PonyFinal and Maze, the operators of which were one of the first to sell stolen data from technology providers and public services it has attacked, Microsoft said.
One particular campaign, NetWalker, targets hospitals and healthcare providers through bogus COVID-19 subject emails with the ransomware delivered as a malicious Visual Basic script file.
Apart from actively patching systems, Microsoft said to watch out for malicious behaviors such as tampering with security events logs and other techniques used to evade detection, suspicious access to Local Security Authority Subsystem Service (LSASS), and Windows Registry database modifications which could indicate that credentials theft is taking place.
Investigating the Windows Event Log during the earliest part of a suspected breach. They looking for event ID 4624 and logon type 2 or 10 could indicate post-compromise access, Microsoft said.
Later on, searching WEL for type 4 or 5 logons could also indicate suspected breach activity.
Ransomware criminals show no compunction as to the impact their attacks have on health care providers, Microsoft warned.
They have also recently caused extensive damage to organizations such as forex giant Travelex which had to shut down its systems over the New Year, and global logistics company Toll Group.
If you’re concerned your personal details have been compromised, you can reach us at 1300 660 368 and one of our team members can help you in staying safe from the ransomware attack.
Due to COVID-19 pandemic, many organizations and people. We have started using web conferencing systems, like Zoom, Skype, Google Hangouts, stay safe, GoToMeeting and Cisco WebEx to connect online.
These applications are essential in order to have real-time chat. Being able to see and hear other participants and in some scenarios, to share or transfer files.
Due to a significant increase in working from home scenario. Cybercriminals may look this as an opportunity – by attempting to intercept sensitive conversations, or tricking people into downloading malware on their devices.
In order to select a web conferencing system and understand. How to use it securely, the Australian Cyber Security Centre has developed guidance. Which we encourage you to follow and share with your colleagues, staff, customers and other contacts.
How to stay safe when using web conferencing technology
Whether you’re a business considering different web conferencing options, or an individual running a conference call, there are simple steps you can take to make sure you’re using the technology securely and reducing your exposure to cybercriminals.
Check the protections used by the provider. For example, depending on what country they’re based in, the provider may be subject by law to covert data collection requests and access. You should also read the provider’s terms and conditions carefully, paying close attention to conditions like whether the service provider claims ownership of any recorded conversations and content.
Check that the provider offers multi-factor authentication for users to access the system.
Check what information is collected by the service provider and how it is used. Such information can include names, roles, organisations, email addresses, and usernames and passwords of registered users. This will help inform what the privacy, security and legal risks are with using a provider.
Review the provider’s security documentation, such as terms and conditions, against your organization’s security needs. For instance, would accepting any of their security conditions breach your organization’s liability rules, particularly around data handling and storage?
For individual users
Establish your meeting securely by sending invitations and logon details separately from the invitation through a secure method. Like email or encrypted messaging apps. Do not share website links or logon details on publicly-accessible websites or social media.
Be mindful of the sensitivity or classification of your conversations.
Be aware of your surroundings and use a private room or headphones if possible. If around others, keep the microphone on mute unless speaking. This helps to ensure sensitive conversations aren’t accidently overheard.
Where video is required, try to position your camera so it is only capturing your face, so that again, it doesn’t broadcast private or sensitive details in your background.
Only share individual applications when screen sharing, rather than your whole screen so you don’t share more content than is needed.
If you’re using a web conferencing system on your personal device. We make sure you have the latest software and security updates installed. This will help prevent cybercriminals using weaknesses in software to access your devices.
If you’re still facing problems or not sure which web conferencing system is the best for your needs, you can always give us a call at 1300 660 368 and one of our team members can guide you in the best way possible, keeping your requirements as priority.
This article is courtesy of stay safe staysmartonline.gov.au
Cybercriminals have acquired a look-a-like 1800 telephone support number for Microsoft in Australia. It registered the line for themselves. CSPRO have been scamming on all inbound victims. Who thought they were reaching out official Microsoft support number. The scam apparently is so brutally effective. It has made the cut for the Australian Cyber Security Centre’s (ACSC) new catalogue of COVID-19 themed cons and tricks. As the public-facing cybersecurity agency. Its more secretive parent agency, the Australian Signals Directorate, go into overdrive to control cyber-attacks.
According to the ACSC,
The scam works by exploiting phone numbers that are cunningly similar – in fact numerically identical – to Microsoft’s real ones. The criminal artistry is in the country codes.
The cybercriminals are exploiting a legitimate United States Microsoft support number – (1) (800) 642 7676. However, when dialling an 1800 number in Australia, only the next six numbers after 1800 will be accepted. When Australians dial the legitimate United States support number, they dial 1800 642 767 which has been registered by cybercriminals.
The registered number connects you to a helpful callback service ready to assist callers with handing over their identity and credentials. When someone dials the number registered by the cybercriminals. They are asked to provide their name and date of birth for verification. CSPRO are informed someone will call back shortly. The cybercriminal calls back and directs people to download a remote access program that gives the criminals access to their computer. The scammers are insistent that due to the COVID-19 conditions in Australia. These scammers don’t stop at this point, they will also try to extract banking details while they have remote access and drain people’s bank accounts and access any other sensitive information.
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.