|
Dear Valued Subscriber,
Welcome to the tenth edition of the Tannhauser Monthly Newsletter, for April 2022.
Big news this month is the government’s budget announcement of allocating $9.9 billion to enhance the government’s cyber security capabilities, especially offensive capabilities. This will create a further 1900 roles within the Australian Signals Directorate and associated government entities. It’s encouraging that there is financial support for traineeships (grossly needed) and businesses to invest in their digital future, a progressive stance. From a small cyber security business perspective I would have hoped there was more support for businesses like ours trying to grow, create jobs and diversify WA’s economy.
This month I’ve been on the real and virtual road as a guest lecturer at my old University (ECU) presenting “Enterprise Security” sharing my experience and challenges we continue to face in that space. There were inquisitive questions from the students around the Zero Trust strategy which is always encouraging. I walked away with a certificate of appreciation and two coffee mugs (Thanks Mohi!).
The Institute of Internal Auditors (IIA) invited me back to present “An Introduction to Cyber Risk Quantification for Internal Auditors”. Over 100 people attended virtually (thank you people needing CPE) with immediate positive feedback truly appreciated. IIA has been a big Tannhauser supporter from the start so I do thank them kindly.
As a small business it’s increasingly challenging to balance my time with “exposure opportunities” and paid work. I get great joy from giving back to the community but we must prioritise building the business (and eating) as the last few months due to COVID, WA border uncertainty and client project stagnation have been incredibly taxing on our enterprise.
Carl departed our business this month for a switch into project management of future research. We wish him all the future success and massive thanks for the contribution he made to Tannhauser from our inception. We will miss his humour and presence around the office but not the early morning vision of his bike shorts.
This month we successfully landed another international client who is listed on the FTSE 250. It’s a bit disconcerting we have to go so far geographically for prospective opportunities whilst still a great feather in our cap. We have demonstrated our small business can support their critical business initiatives, specifically NIST Cybersecurity Security Framework Risk Assessment and strategic advice for the executive team, now we need more local opportunities.
Steve and Tara have been busy preparing a crisis simulation for a key client. Our simulations are tailored to the specific organisation, threats they face and business decisions the board and executive team must make in a crisis under pressure. We are pleased to be collaborating with Bethan Winn for this delivery to provide attendee behavioural analysis and decision making training, a unique offering in Perth.
Student Joshua Hopkins, from Griffith University, has joined us as part of the Work Integrated Learning programme. We make a considerable effort, given our size, to create pathways for students bridging that gap between university and landing those ever rare entry level opportunities. Joshua is assisting with a research project into email security. More on Josh in “Meet the Team”.
World Backup Day was 31st March. If there is only one thing you take from this newsletter please backup your personal and work life, don’t be a victim of complacency. Master the 3-2-1-1-0 rule.
Lastly, my favourite saying for the month: “if it can be reached, it can be breached”.
We hope you enjoy this month’s newsletter.
Yours securely,
Michael Woods
Founder & CEO Tannhauser
|
|
|
|
Each month we ask a question with the results published in our monthly newsletter
|
|
|
|
.au Direct Domain Names
Blog
The .au direct domain name space is now available to “anyone with a verified connection to Australia who wants to create or manage an online presence for themselves or their organisation”.
|
|
|
Update to the Information Security Manual
Blog
The Australian Cyber Security Centre has updated their Information Security Manual on March 10th, 2022. Here we have detailed some of the changes.
|
|
|
|
Amazon impersonators, stop calling me!
Blog
Thousands of Australians are being targeted by online scammers hoping to steal money and personal information.
|
|
International Women’s Day 2022
Blog
March 8 was International Women’s Day 2022. This year, the theme is #BreakTheBias, which involves fostering an environment free of bias, stereotypes and discrimination.
|
|
-
Health data breaches swell in 2021 amid hacking surge, POLITICO analysis finds
Nearly 50 million people in the U.S. had their sensitive health data breached in 2021, a threefold increase in three years, according to a POLITICO analysis of the latest HHS data. Politico
-
Four Russian Government Employees Charged in Two Historical Hacking Campaigns Targeting Critical Infrastructure Worldwide
The Department of Justice unsealed two indictments today charging four defendants, all Russian nationals who worked for the Russian government, with attempting, supporting and conducting computer intrusions that together, in two separate conspiracies, targeted the global energy sector between 2012 and 2018. U.S. Department of Justice, Office of Public Affairs
-
7 Suspected Members of LAPSUS$ Hacker Gang, Aged 16 to 21, Arrested in U.K.
The City of London Police has arrested seven teenagers between the ages of 16 and 21 for their alleged connections to the prolific LAPSUS$ extortion gang that's linked to a recent burst of attacks targeting NVIDIA, Samsung, Ubisoft, LG, Microsoft, and Okta. The Hacker News
-
A Mysterious Satellite Hack Has Victims Far Beyond Ukraine
The biggest hack since Russia’s war began knocked thousands of people offline. The spillover extends deep into Europe. wired
-
Lapsus was in the news this week. Here is the Microsoft write-up of the threat actor and their Tactics, Techniques, and Procedures (TTPs):
DEV-0537 criminal actor targeting organisations for data exfiltration and destruction Microsoft
-
Hundreds of GoDaddy-hosted sites backdoored in a single day
Internet security analysts have spotted a spike in backdoor infections on WordPress websites hosted on GoDaddy's Managed WordPress service, all featuring an identical backdoor payload. Bleeping Computer
-
Nearly 70% of tested ServiceNow instances leaking data
A configuration error in the SaaS platform of an S&P 500 company is leaking data on the internet. CSO Online
-
TLStorm: Three critical vulnerabilities discovered in APC Smart-UPS devices can allow attackers to remotely manipulate the power of millions of enterprise devices.
Armis has discovered a set of three critical vulnerabilities in APC Smart-UPS devices that can allow remote attackers to take over Smart-UPS devices and carry out extreme attacks targeting both physical devices and IT assets. Uninterruptible power supply (UPS) devices provide emergency backup power for mission-critical assets and can be found in data centers, industrial facilities, hospitals and more. Armis
-
Nvidia says employee, company information leaked online after cyber attack
US chipmaker Nvidia Corp said on March 2nd a cyber attacker leaked employee credentials and some company proprietary information online after their systems were breached. ITNews
-
The “most advanced piece of malware” that China-linked hackers have ever been known to use was revealed in early March. Dubbed Daxin, the stealthy back door was used in espionage operations against governments around the world for a decade before it was caught. MIT Technology Review
Other News
-
Budget 2022: $9.9 billion towards cyber security aims to make Australia a key ‘offensive’ cyber player The Conversation
-
7 Pressing Cybersecurity Questions Boards Need to Ask Harvard Business Review
-
WA gun owners demand apology for police map showing their locations WAtoday
-
Never-Mind the Gap: It Isn't Skills We're Short Of, It's Common Sense infosecurity Magazine
-
Defence told to reinstate employee who stored data on personal devices. A Department of Defence employee who was sacked for storing images from an internal network on his personal devices was unfairly dismissed, the Fair Work Commission has ruled. ITNews
-
Weight Watchers app gathered data from children, F.T.C. says The New York Times
-
DDoS attacks now use new record-breaking amplification vector Bleeping Computer
-
Cybersecurity is an environmental, social and governance issue. Here's why World Economic Forum
-
Over 100,000 medical infusion pumps vulnerable to years old critical bug Bleeping Computer
|
|
|
Forward look at legislation, regulation or other threats and opportunities ahead.
|
|
Australia
ASD unveils new facility in the face of tomorrow's threats
The Australian Signals Directorate (ASD) has unveiled a new world-class cyber and foreign intelligence facility, as the agency prepares to mark 75 years defending Australia from global threats.
The new facility, located at Majura Park, Canberra, will further boost ASD’s capabilities as Australia’s leading agency for signals intelligence, cyber security and offensive cyber operations, as well as offering unique employment opportunities for the next generation of intelligence analysts, cyber operators, technology researchers, and corporate enablers. Department of Defence
Australia's first space commander has conceded the nation is lagging "far behind" in the emerging military domain, while admitting China and Russia's ability to take out satellites "scares" her. ABC News
Corporate regulator ASIC to roll back financial scam protections
The corporate regulator is pushing ahead with plans to roll back consumer protections against bank transfer scams despite strong opposition from consumer groups who say the move will leave the public more vulnerable to financial losses. The Australian
MITRE Chooses South Australia As Home For First-Of-Its-Kind Applied Research Center For Space, Defense & Cybersecurity
South Australian government signs sponsoring agreement with MITRE, unlocks opportunity for Australia to benefit from ongoing knowledge-transfer and decades of MITRE expertise to uplift national security capabilities via new international center MITRE
World
Russia's biggest bank has warned its users to stop updating software due to the threat of “protestware”: open-source software projects whose authors have altered their code in opposition to Moscow’s invasion of Ukraine. Most of the protestware simply displays anti-war, pro-Ukrainian messages when it is run, but at least one project had malicious code added which aimed to wipe computers located in Russia and Belarus. MIT Technology Review
World War Hack: Open-source espionage, global cyber-militia descend on Russia
Russia’s fight with Ukraine has shown how cyber-attacks are the first weapon drawn during a modern geo-political conflict and truth is the first prize of war. Stockhead
Is Russia really about to cut itself off from the internet? And what can we expect if it does?
The invasion of Ukraine has triggered a significant digital shift for Russia. Sanctions imposed by governments around the world – together with company closures or mothballing – have significantly impacted the country. The Conversation
International hackers answer Ukraine's call to launch cyber operations against Russia
As Russian artillery bombarded Ukraine's infrastructure on Sunday, one of the country's most senior government ministers issued an unusual call to arms. ABC News
Russian ransomware attacks on Ukraine muted by leaks, insurance woes
Warnings that pro-Russian ransomware gangs would snarl networks in Ukraine and its allies have so far failed to materialise, amid disarray among the criminal underworld often behind such attacks, and fears insurers would not pay out. ITNews
|
|
All event details are kept up to date on our website:
https://www.tannhauser.com.au/events
|
|
Our job opportunities are kept up to date on our website:
https://www.tannhauser.com.au/careers
|
|
|
Joshua Hopkins joins the Tannhauser team for a Work Integrated Learning placement through Griffith University, and in a very 2022 way predominantly working remotely from the South West! After a diverse career in education that has taken him around Western Australia, China and the Federated States of Micronesia, Joshua has embarked on a career change, completing a Graduate Certificate in Information Technology at the University of Canberra, and is currently pursuing a Master of Cyber Security at Griffith. He is continually seeking to develop his knowledge base and experience, particularly in the areas of policy and governance.
|
|
|
|
Your feedback matters to us, to ensure we are providing value in our services, newsletters, or resources, please take a few minutes to leave your feedback on Google.
From your browser, log into your Google account and search for Tannhauser. Find the review button under the Tannhauser name in the side box. Click on the number of stars and write about your experience. Click "Post" when you're done.
From the Google Maps application on your phone, search for Tannhauser. Find the review section at the bottom. Click on the number of stars and write about your experience. Click "Post" when you're done.
About Tannhauser
Tannhauser is a cyber security and privacy consultancy. Our team specialise in Cyber Security Strategy Consulting, virtual Chief Information Security Officer staff augmentation, Cyber Risk Quantification, Cyber Security Assurance, Cyber Resilience, Privacy Engineering and Digital Transformation. Tannhauser, helping Australia to become the safest place to do business online. Security in Sync.
|
|
|
|
|
