Cythera Co-Founder and Director Craig Joyce shares why he stands for Cyber Security in Australia.

Craig Joyce has a strong reputation for his work in providing senior leaders in Australia with counsel on all matters relating to IT.

Craig has helped countless businesses thrive under varying conditions and across manufacturing, retail and technology sectors, also lending his focus to new businesses that need the right IT tools and advice to grow.

As one of the minds behind the highly regarded O2 Networks, Craig has spent his career taking on challenges in the IT industry and shedding light on the complex cyber security issues that businesses face every day in Australia and around the globe.

“The important thing with starting any business is understanding what it is you are setting out to achieve,” said Craig.

“We stand for cyber security and we are out there to protect our customers. That whole approach of thinking closely around what you would need to protect your own business and what type of services you would want to consume is a really good launching position into figuring out what you think you would need to appeal inside the market.”

Find out more on the Cythera Protection Platform

“We have spent a lot of time looking at the technologies and the cyber security landscape and the threats that are out there and we’ve tailored our solution set to meet those requirements. Also, at the same time we’ve really focused very much on ignoring what’s come before and thinking where things are going in the future so that we know our platform will stand the test of time.”

Two biggest threats to businesses in Australia

“The two biggest threats to your business are going to be attacks that are aimed towards your people and attacks that are aimed at the end point. It is important to have both of those at the forefront of your mind,” said Craig.

“How do you educate your users? How to you make sure their devices are secure? They are the most common forms of attack.”

“Last year, 75% of all attacks were aimed at individual users and behaviours of those users to launch those attacks.”

“Our whole business is based around being your eyes, so we will look at your security infrastructure, we will look at your business and we will identify threats and we will help you remediate any that may occur within your environment.”

“We are the one stop shop.”

Watch as Co-Founder Craig Joyce shares why he stands for Cyber Security in Australia.

Craig Joyce is Co-Founder and Director of Cythera, with a leadership team comprised of industry veterans with backgrounds as highly successful entrepreneurs, Tier 1 telco or IT vendor providers.

Craig and the Cythera team are passionate advocates with a belief in the criticality of effective cyber security solutions for businesses of all sizes.

Cythera understands the challenges local businesses face protecting their business from cyber threats and has built Cythera from the ground up to support businesses to meet these demands.

More on the Cythera leadership team.

Compromised business partners : How hackers catch you asleep at the wheel.

This week while on-boarding a new customer, before we could even start we needed to help them recover from a compromise they had received before coming to us.

A user had suffered a phishing attack and had their Office365 email credentials stolen. Email phishing is the act of sending emails purporting to be an entity (such as Google) or an individual (such as your CEO), often using a crafted email with graphics and text from legitimate emails included to fool users into entering login information or opening an attachment. The attacker can then use the stolen credentials to gain access to your organisation, or use malware the user clicks on to gain a control channel into your environment.

In this case, the malicious actor had utilised a common method to compromise a business; They had taken control of the email account of a trusted business partner, and had then sent our client an email with a Dropbox link purporting to contain a legitimate looking business proposal.

This method is highly successful because when we receive an email from a known or trusted user, we tend to bypass our usual scepticism and control when it comes to clicking links or opening files. In this case, our client actually replied to the email and asked if it was legitimate. He got a reply ‘Yes it is, I need you to respond to it urgently’. As the business partners email had been compromised, the hacker could reply themselves in an attempt to validate the email. The client then opened the file which prompted him to login to Office365 to access to file, and his credentials were then stolen.

So how can we better protect ourselves from these sorts of problems? Email filtering won’t always help here as the emails actually coming from a seemingly legitimate user. But secure DNS and web filtering (such as what we deliver with our DNSProtect and WebProtect portions of our protect platform), would have helped prevent the user from inputing their details into a phishing site by blocking the phishing page from displaying in the clients browser. Not reusing passwords across accounts is another good practice to limit your exposure to any compromise should it take place. Additionally if the Dropbox link had instead contained malware, ransomware or a remote access tool (commonly called a RAT to security operators), an endpoint protection agent such as MalwareProtect and EndpointProtect would keep you safe.

Learnings From The Trenches : Cyber Security Tips For Australian Businesses

We help a lot of Australian businesses out with security incidents, as well as recovering from hacks and breaches. Many of them can be attributed back to human error or poor security hygiene. I thought I would share some of my top tips to help you avoid a costly hack, or brand damaging breach.

Patch Patch Patch

This is an easy one. Operating system vendors don’t just release patches for new features, they’re also patching security vulnerabilities regularly. Keep desktops and laptops up to date and enable automatic updates wherever possible. Apply the same thinking to critical applications such as Microsoft Office (Vulnerabilities in Microsoft Office have risen 121 percent over the last 6 years ), to keep ahead of problems.

Enable Two Factor

Many successful cyber security incidents start with an account being stolen or ‘phished’. One way to help stop these attacks being escalated is to have a second factor of authentication beyond just your username and password. This means that even if an account is stolen, the attacker can have a difficult time accessing the second login which may be a token or application that runs on a users smartphone. Two factor can be enabled selectively such as when a user is outside your corporate network. Some 2fa vendors to consider are Authy https://authy.com/ and Okta https://www.okta.com/ .

Bake security into your culture and people

Cyber security is not just about technology and processes, it’s also about your people and the way they go about their day to day business. As a successful cyber attack can shut down your business or irrevocably damage your brand, It’s key that management and executive set a good example as this attitude then flows throughout the organisation. Ongoing cyber awareness training to make staff more conscious of potentially malicious behaviour will improve the cyber-hygiene of your business, with more mature organisations now also including cyber security training into staff onboarding.

Be Proactive

Accounts that are stolen or included in breaches often end up being sold on the dark web for use in other attacks. There are resources available for you to check if key staff accounts have been included in previous breaches. https://haveibeenpwned.com/ allows you to search for staff email accounts, and any that are discovered should have passwords reset and even enabling two factor authentication on.

Have a plan

There’s a common theme with many of the companies we assist with security incidents; They didn’t plan for one. They often have a health and safety plan, and even a terrorism plan! This doesn’t need to be war and peace, and can be a single pager on roles and responsibilities, as well as who to contact including any cyber security partners you work with to assist in responding to incidents. If you have any regulatory bodies or government agencies you liaise with make sure to include any reporting structures that may need to take place here. The Australian Office of the Information Commissioner has a good guide on data breach plans . Make sure you’re also familiar with the Notifiable Data Breach Scheme .

Engage a security partner

There’s lots of talk about the increasing skills shortage in cyber security. And let’s face it, cyber security is probably not part of your core business so you’re constantly going to be playing catch up with a rapidly changing landscape. By partnering with a cyber security specialist you’re also subscribing to the ongoing skills and herd intelligence to help you plan and protect your business and brand from being the next headline. Just make sure they’re a specialist and not someone who’s also trying to sell you phones systems and printers.

Australia’s emerging enterprises are facing the same security risks and suffering the same incidents the big end of town are, but with much less capability to respond and protect themselves from a rapidly changing space. By baking security into your businesses DNA, and partnering with strategic cyber security specialists, you’re setting yourself up for success.

EvilClippy and the rise of Office based malware.

Last month a cross-platform assistant for creating malicious MS Office documents, named EvilClippy was released.

It allows an attacker to hide VBA macros, stomp VBA code (via P-Code) and confuse macro analysis tools.

Attackers can now hide malicious code from anti-virus and macro analysis tools by leveraging undocumented features in the way macros are stored within an office file.

Macros are stored in Compound File Binary Format (CFBF) and EvilClippy uses a technique known as VBA Stomping to replace the compiled version of the macros with something malicious.

According to the creators of the tool it allows attackers to bypass all anti-virus solutions, however it’s worth noting that Deep Instinct’s VBA and Office deep learning models available since November last year prevent all threats produced using EvilClippy without requiring an update or cloud lookup. Anti-virus vendors cannot detect threats created with this tool statically and must update detection hash by hash (reactively) as samples are submitted by customers.

Certainly the name of the tool is a tongue in cheek play on the name of the old office97 assistant, Clippy, that proved universally unpopular with most users.

A full write up and download of the tool itself can be found on Outflank and GitHub.

Recent In the Wild Office/macros threats

Published below a list of hashes we have prevented at customer sites related to malicious office documents.

These include threats created using EvilClippy and word and excel droppers used in a number of campaigns, including, Emotet, Fareit, Lazarus, Lockergoga and Alcaul.

Again prevented statically with Deep Instinct’s November 2018 model.

Shift from Web based vulnerabilities to Office vulnerabilities

This data published by researchers from Kaspersky illustrates the pivot from browser based attacks to office doc attacks, which is an interesting trend.

FlawedAmmy Remote Access Trojan being dropped by Excel macros – Microsoft Security advise ‘DisableMacros’

This last week we are seeing another successful campaign that uses excel macros and digitally signed files to deliver a remote access trojan. Microsoft’s security team’s only advice remains to ‘disable macros’

Cythera’s managed Protection Bundles are designed from the ground up to help your business meet emerging threats such as these, and provide you with ongoing outcome based security.

doc
00ad2bfa421242f600edc04ff9ac01bd08850e35397f055bd88e252cecb5f6dd
0e0bc96e1e419eeb6a9f54578b3e0c4f27a75646c37f4e5e05bf7d1ff3211c34
1085636bb02300e9275a9a48befc7ab6b4e7b8df6354430058e87bd9198b53ea
10ccf633e11c7ac3627042c91b06c99f7d4011b97f8928c77cc18283ba8ebbac
11cabfcef490a268346b05713d8257abe6223987ff057351d7c9d2f54d8e7126
14a8b1823d188751fb9e437808b8ecad7c29bdb3c7dd6a0949e5c2851948626d
1747cc231ecf0f5f70838e319412e74ce548958dc8db5e626544b3babb56bd57
4236042697f72d0a788466203d7734fdb493cddb8c6de52f04fd25d917f1e5c8
4ff75466b5cfae00724f67f42c8bbbe1b06edcdfbdc175d60afbe8da9dca0a5e
7e37acc9eb2f54a57af4eb5f9287b220e172bfece705d250b5844363c14e8085
830483d5c82a7f8df6135e3e3db9a2d0242981da7928e04be4450f52ab24563c
8966f0144f3d85390bfd42d7183e0362a27d0a624f3b9975782ab2844ffbbfe4
913a4217ce0e5236ccf2d911977b5a7cc565d323085271ceb5492f4306bf6306
91977393c39a5e13ba5e5f4aa0b16342d4f9bb57b84b9e03ecbb1f79a3b479c3
9a051c20ad94254fd39327a39d7abfaf5fa6d8e29b2b876e4114645aa2afbe8e
a23dcebc35580e8d1cf3e5404ee62ff7fc1ec9d1d83c9ff469e60a100912b684
a2cb13a6e2fb1f290d52f4e0dbb57286832cfce1f8f7d77225d1d23c9b1b45fb
aec5a1d4b49711fec45139e54c9f7ff313e9488dc5d71a4127a61c8cd256ba2b
b57d08d70da6bc7c94af6e7abfbc2267b726b7166215187cd6249437b6583668
bdce87e14fac462355647a5edffc6cdb9518b395c30b3e4229345320f37033ad
c53fca82bf215c1f0f994d1d6c523ca47b57e204e7bf690688ab6944676752a3
c7062cafca86f5e66928ec7081c98962ba41f0b1b73eecddb278929eedd29ff5
cfcf648d9f4f6c888b5fbb5bcd9f0a0f4adfabc80412f1a134d1c5211515ba04
d21318282e6c8d888b686fb61d87891fff4df575a8a84ea1d2784c0445409cdc
dfcabffce9c3fb42e58aff39f38f325332f5219aa501799ea04735d2ecfd2d68
e17689eeda9d50c9e4549300cf91f10655ebe9d1c681f337ea175a78b55f6a0e
ed1f3491ef952692e422914b44fe532392569e82b2f60bc09e829ca40479695c
f0ca2bcc1a7e87af25e3608652e3fd60b7917dda6ec2d3959b1c900e02338866
f28f62f33ff6ea0d8d9708e54142e83603afe0bcdcf1206bca2f2dfa00e05b0c
fb0a2cba32b1774e4356ebc797ff78c5d148b3fd475f86b2f27f3b9ed9c17ff2
fcb9a3f1e47657b24395ed82d241768c2ce1db82e48a3f2eeaa15f890e00d5b5
xls
17c484ec8a7b39f13d6d06341f26942b80cce72c68d8b8781bc92b626d259549
1c0bb461a1e6ef4828099cbf9b4bc4295ccaf0658d2942162718808609d9023f
3e114876a826bcc3d316fde247e0318ca407a3d112be71e72419c662a341e4d0
73e34961788d6ec841db517b89181a01fd2f8b943921ee7e0dba0709dbdcdda3
761dd88f174641870d799241b95dbf6c8b410d0bc895f30e508a94a716e68427
7c80a0c687c12363ce9a6ecd853f7482c30fa3b21fca689f3317cebde09c0390
7f514641d85bdd829961214ad84b22ab85da69942fd08c7b4877357447297799
87e2dac622b380b6868411bb069b312a2706d2eadb047f58605bc041d949f440
948961ee4aaedab07897f8b85b44f22b24f7274544e092f9fb3ca6abf81ae4b5
9d9db5b5989a0fb87badb28f9fc8a176234ed635d09b0a7ccca8b330ef2f24b7
a75ca621267c58c9e8eb8b55b1ff5cce300730a02bee71f03185757c479fa9f0
b691bcc1f81d08063191b9d80717bbecfdae7ba83f1237e75b1d9e052685c21f
d1ed1008379f13d46d410adc34c886e8dd6624ffbdfeefe48e32f32954f210b8
f2ce43e8f451d32b98ff19814e856552cf384d3732b66a59e04f9000997d655d
f2d6f5ace027e74338fd74ea8ff642c6dcc5a80c59d0e2f0282522c14507ea31
evilclippy
1581b2159f11c04fa318be2b25f26cb35806243e1130b62bbe635ac7b67cf944
50b7e9d587ab58ffba9548b7dc3d3ccc95007f0d653707a28eddc25fe768201f
21c72137c2210301312edc954cca3fcbc91fffe85b8593264a435abeed37979e
e9c03dc432f00af0ecf825a714d56eb57b48fca4bccd1dc845e7ced61071f941
6066d2c77c86dcb0e802b0420b37aa8eabc0a8bd3d0e9b30aae6ced21080dbff
2e9111ce93f4a1aa0911bea14b6d37998d8f847b0d0b950204e7d25e265611d1
d2e479a6720dad2b9ff92d09a68242e8702d0c7b996bdfc84bb2820182fa19b0
e31f43f734443473bf2566d5a6f56a7a903813518d2a7735162fc008cce6d7d6
5b8c8dbf701d78d4edf4221a88e1fac0d2b9184c39bf6b1f29f8132156d0a4aa
357de9450813429f83ada806a4c60670fc5b50f8fcc2d2114e5f2715defc23ef
c351b23c7bdec9e1d0d0046ea0dc043a9f2c87e68293e68317435c11c6fd89db

I don’t know what I don’t know.

In Information Technology our businesses are often very project driven; “We need a new endpoint solution”, “We need to look at life-cycling our wireless”, “Our company needs a risk management platform”. In cyber security, this approach often leads to our clients ‘not knowing what they don’t know’. What they mean by this, is they rarely get the opportunity to take a step back and look at their cyber security in a holistic way (the people, processes and technology that make up security for them), and map themselves against common security frameworks to know where they’re strong and where they may need to work on.

To help our clients better equip themselves to respond to this issue, we’ve released version 2.0 of the Cythera Security Platform, the cornerstone of which is a cyber security health assessment.

The cyber security health assessment can be self run, or run by a Cythera team member alongside your IT team. The health assessment is administered in the form of a question and answer format, the results of which influence a risk rating, and maps your strengths and weaknesses against the NIST security framework, as well as the ASD Essential 8. This allows IT teams to understand where they are performing well, and areas of their security people, processes or technology they may need to focus on.

The assessment, which is free to use, can be run at regular intervals or once a year to compare to previous assessments, and ensure you’re improving in areas of focus. After the assessment is run, you can then access our business toolkit which provides recommended solutions in areas you want to drill down on, which include the full suite of Cytheras Protection Platform and associated offerings, allowing you to move towards an improved security posture across your business.

Our updated Security Platform also gives you access to ready-to-edit cyber policy templates and checklists, and allows you to easily enable phishing simulations and cyber awareness training for staff; items that are often lacking from Australian businesses security program.

Access your own cyber security health assessment, get started today for FREE at https://aware.cythera.com.au/free/

If I had a dollar to spend in cyber security…

The 2018 OAIC data breach statistics revealed that over 75% of successful security breaches start with human error. The most common cyber attacks come in the form of malicious emails sent to unsuspecting employees, meaning employees are literally the first line of defence.

Although we often focus on technology solutions to solve security problems, our people are often still the weakest link, especially non-IT savvy users. If I had to spend a dollar in time or technology, I would look to close this gap while providing an education process that teaches employees about cybersecurity, IT best practices and regulatory compliance.

The best cyber security protection mechanism is in the active and ongoing education of your employees. Experience has shown that quick, relevant, and ongoing training during an employee’s tenure with an organisation are the best way to arm end users to become an organisation’s first line of cyber-defense.

A good security awareness training program should include :

Cythera provides businesses with the ability to significantly reduce risk, decrease incidents and related IT help desk costs, protect their reputation by experiencing fewer breaches, and secure your organisation. Contact us to start your cyber awareness program today.

By using this website, you agree to our use of cookies. We use cookies to provide you with a great experience and to help our website run effectively. You can read our cookie policy here.