Cybersecurity is the practice of protecting the network, electronic systems, mobile devices, servers, computers, and data of the individual or organizations from various kinds of malicious attacks. Cyberattacks are one type of deliberate and malicious attempt by an organization or individual to steal information from another organization or individual. On 20th April 2020, ACSC published a paper namely ‘Threat update COVID-19 malicious cyber activity’. ACSC stands for Australian cybersecurity centre that targets to enhance cybersecurity all over Australia. During March 2020, the organization continues to receive various reports from government departments, businesses, and individuals about the COVID-19 related phishing campaigns, online fraud, and scams (Looi and Pring 2020). Therefore, the report will focus to identify and examine all types of malicious cyber activities identified and documented by the ACSC in this paper. The report will also demonstrate the identification and categorization of assets. Furthermore, five fundamental security principles of ACSC will be also analyzed in the report. Finally, the report will analyze the principle threat mitigation strategy proposed by the ACSC.
All types of malicious activity identified by ACSC
In the ‘threat update COVID-19 malicious cyber activity’ paper Australian cyber security centre has been identified and documented various kinds of COVID-19 related scams. The main goal of this threat update named paper is to raise awareness about the evolving nature of COVID-19 themed malicious cybersecurity activities (Lallie et al. 2021). Therefore, all the malicious cyber activities identified by the ACSCS are provided in the below table:
Identification and categories assets
Asset identification describes the process in which some information can be used to identify the primary assets of the organization. Asset identification can also determine requirements for asset identification. Organizational assets can be categorized into few types such as tangible asset, intangible asset, current asset, fixed asset, operating asset, non-operating asset, and financial asset (Williams 2020). However, all types of assets are hold by the organization. In the case of any cyberattack, all the assets are impacted in the organization. Ownership, economic value, and resources are the main three aspects of the assets in an organization. In the given case study report, various types of attacks are identified have an impact on the assets of the organization. The primary type of assets is the people, procedure, data and information, software, hardware, and networking. Every organization needs to secure its assets through various safety measures and precautions. Human resources are the most essential asset of every organization. The success or failure of the organization depends on the assets directly or indirectly.
Peoples are the tangible asset in the organization as it has the physical existence in the organization. The economic value of the peoples in an organization is the highest. In the case of any cyberattacks, peoples are the primary target in the organization. However, the attackers can trigger an attack through the fault of the staff and the employees. Various procedures of the organizational operation are also targeted by the attackers (Offner et al. 2020). Any type of security gap can be the reason for the operational failure of the organization. These are the intangible assets of the organization as there is no physical existence in the system. Procedures are the combination of different factors in the system. The operational procedure, financial transaction, transport, product quality management are the most common type of procedures that can be attacked in an organization.
Data and information are some of the most essential factors that can be breached by the attackers. There are several data storages that contain sensitive data and information of the organization. Data storage should be protected by unique passwords and they must be kept in a secure locker. Data security should be considered by every organization for the operational integrity in the organization. Data and information security can be categorized as the intangible asset of the organization (Warren 2020). In the present world, the software is the primary asset of every organization as various types of tasks can be performed by the software. Software on the other hand performs a vital role in the performance of hardware in any system. The software can be categorized into the operating asset of the organization. Software plays a vital role in the operation of the entire system of an organization.
Hardware is another basic need of every organization which consists of different machines, infrastructure, workstations, and other equipment of the organizations. Hackers can influence the working method of the device through the software and procedures. However, the hardware of an organization can be categorized as the operational asset of the organization (Matas et al. 2020). In the case of any type of attack, hardware is the least affected element in any system. In order to secure the hardware devices for the attackers, different types of protective devices like firewall and VPN can be installed in the network of the organization.
On the other hand, the networking of the organization can be categorized as the operating asset. A secure network must be developed by the organization. Most of the security attacks can be performed by the attacker through the network gaps. The network is the primary media for the execution of the cyberattack. However, a secure network can also protect organizational integrity.
Identifying and prioritizing threats against each type of asset
In the above table, threats have been categorized on each of the assets of the organization based on the ACSC updated cyber activity. Justification has been given against each of the threats.
Five fundamental security principles with the security mitigation proposed by the ACSC
Layering: In this type of security principle, several components are installed to protect the organizational activities (Gavra, Dobra and Pop 2020). However, each of the network components is provided with the backup security layer.
Limiting: In this security principle, access users are limited to the minimum permission to perform their work in the organization. Limiting access control attacking vectors on the data and information of the organization.
Diversity: It is closely related to layering as the breaching of one security layer does not compromise with the whole system security. By using a single technique, the attacker will not be able to break all the security measures.
Obscurity: This type of security principle is mainly used for the information security of an organization. It determines the security status inside an organization (Danenkov et al. 2020).
Simplicity: A secure system should be protected through a simple security layer. Sometimes, complex security measures become difficult to understand for the internal security experts of the organization.
Security mitigation technique proposed by the ACSC
In order to mitigate the security related issues, the Australian cyber security centre develops a mitigation strategy.
Mitigation techniques to prevent Malware delivery and execution are analyzed below:
- Application Control: The first mitigation technique proposed by the ACSC is application control that is very important to prevent the execution of malicious or unapproved programs including scripts, DLL, .exe (Muthuppalaniappan and Stevenson 2021). It is the fundamental security principle to prevent all non-approved applications from executing.
- Using Patch application: ACSC also recommended utilizing Patch in all applications including web browsers, Flash, PDF viewers, and Java. It is also important to utilize the latest version of all applications to protect the computer from extreme risks. Using a patch in the application is very much important because security vulnerabilities in the application can be utilized to execute the malevolent code in the system.
- User application: According to ACSC, web browsers needs to be configured in such a way that it can block Java, ads, and Flash on the internet. Configuring web browsers are important because Java, ads, and Flash is the popular way to execute malicious code on the system.
- Configure macro setting of Microsoft Office: It is another strategy proposed by the ACSC to block macros from the internet. This mitigation strategy is related to fundamental mitigation strategy as by configuring the Microsoft office settings, it is possible to mitigate block the cybercriminals to execute and deliver malicious code to the system.
Mitigation strategy to limit the cyber security incidents:
- Restricting administrative privileges: ACSC also recommended restricting the administrative privileges to applications and operating systems on the basis of user duties (Hakak et al. 2020). It is also important to don’t utilize privileged accountants for web browsing and email.
- Using multi-factor authentication: When Australian people perform privileged action, it is important to implement multi-factor authentication. Implementing multi-factor authentication is important to make it harder for cybercriminals to access systems and information.
- Patch operating systems: ACSC has proposed to patch all operating along with the application to mitigate extreme risks within 48 hours. It is also important for the Australian governments and Australian peoples to utilize the latest operating systems.
Mitigation strategy proposed by the ACSC to recover system information and data:
- Data backups: It is important for the Australian government to daily backups the important new or changed data. Large organizations of Australia need to test restoration initially, annually as well as when their information technology changes.
- Moreover, by following the above-discussed mitigation strategy, it is possible to mitigate all COVID-19 themed phishing schemes.
In this report, all the malicious security activities have been identified that are provided in the case study report. ACSC has received a large number of cybercrime report during the COVID-19 pandemic. All of the assets within an organization has been identified and the threats against each of the asset have been illustrated. However, a priority table has also been provided against different types of threats. Furthermore, the five fundamental security principles that are provided by ACSC have been demonstrated in this report. Moreover, all the Australian peoples, as well as the Australian government, need to follow the mitigation strategies of ACSC to mitigate all the COVID-19 themed phishing scams.
Danenkov, I., Kolesnikova, D., Babikov, A. and Iureva, R., 2020. Security by Design Development Methodology for File Hosting Case. In Smart Education and e-Learning 2020 (pp. 383-390). Springer, Singapore.
Fayans, I., Motro, Y., Rokach, L., Oren, Y. and Moran-Gilad, J., 2020. Cyber security threats in the microbial genomics era: implications for public health. Eurosurveillance, 25(6), p.1900574.
Feakin, T. and Weaver, J., 2020. An Australian perspective. Routledge Handbook of International Cybersecurity.
Gavra, V.D., Dobra, I.M. and Pop, O.A., 2020, May. A Survey on Threats and Security Solutions for IoT. In 2020 43rd International Spring Seminar on Electronics Technology (ISSE) (pp. 1-5). IEEE.
Hakak, S., Khan, W.Z., Imran, M., Choo, K.K.R. and Shoaib, M., 2020. Have you been a victim of COVID-19-related cyber incidents? Survey, taxonomy, and mitigation strategies. IEEE Access, 8, pp.124134-124144.
Khan, N.A., Brohi, S.N. and Zaman, N., 2020. Ten deadly cyber security threats amid COVID-19 pandemic.
Lallie, H.S., Shepherd, L.A., Nurse, J.R., Erola, A., Epiphaniou, G., Maple, C. and Bellekens, X., 2021. Cyber security in the age of covid-19: A timeline and analysis of cyber-crime and cyber-attacks during the pandemic. Computers & Security, p.102248.
Looi, J.C. and Pring, W., 2020. Private metropolitan telepsychiatry in Australia during Covid-19: current practice and future developments. Australasian Psychiatry, 28(5), pp.508-510.
Matas, K., La, T., Grunchevski, N., Pham, K. and Koch, D., 2020, February. Invited tutorial: FPGA hardware security for datacenters and beyond. In Proceedings of the 2020 ACM/SIGDA International Symposium on Field-Programmable Gate Arrays (pp. 11-20).
Muthuppalaniappan, M. and Stevenson, K., 2021. Healthcare cyber-attacks and the COVID-19 pandemic: an urgent threat to global health. International Journal for Quality in Health Care, 33(1), p.mzaa117.
Offner, K.L., Sitnikova, E., Joiner, K. and MacIntyre, C.R., 2020. Towards understanding cybersecurity capability in Australian healthcare organisations: a systematic review of recent trends, threats and mitigation. Intelligence and National Security, 35(4), pp.556-585.
Richter, A. and Wilson, T.C., 2020. Covid-19: implications for insurer risk management and the insurability of pandemic risk. The Geneva risk and insurance review, 45(2), pp.171-199.
Warren, M., 2020. 18th Australian Cyber Warfare Conference 2019 (CWAR 2019), October 7-8, 2019, Melbourne, Victoria, Australia.
Williams, A., 2020, March. Beyond 2000: The Rise of Australian Cyber Warfare Capability. In International Conference on Cyber Warfare and Security (pp. 549-XVIII). Academic Conferences International Limited.