Categories
Security

State-Based Cyber Security Attack

State Based Cyber Security Attack Targeting Australia

If you’ve been watching the news this morning (19/06/2020) or have been on youtube, you are likely to have come across a statement from the Australian Prime Minister Scott Morrison briefing the public with “Breaking News”.  I will be honest, my impression of the briefing came across as very vague and it seemed as though Morrsion was reading directly from a brief/email which he didn’t fully understand. This assumption is largely based on the terms he was using to explain the attack, specifically “state-based” and “copy-paste compromises”, I feel as though there needs to be more explanation. Doing a quick online search I found an article that might explain things more clearly to developers/software engineers and thought it might be useful to breakdown a segment of this article (https://securitybrief.com.au/story/state-based-cyber-attack-targeting-australian-government-and-businesses) on securitybreif.com.au to explain things more clearly.

Cyber Security Attack - What Happened?

As outlined by the Australian Cyber Security Centre (ACSC) states, “The Australian Government is currently aware of, and responding to, a sustained targeting of Australian governments and companies by a sophisticated state-based actor.”

The ACSC suggests that the attacks are ‘copy-paste compromises’, which are attacks leveraging proof-of-concept exploit code, web shells, and other tools that are almost identical to open source tools – hence the term ‘copy-paste’.

The exploits relate to Telerik UI, Microsoft Internet Information Services, SharePoint, and Citrix. All exploits were publicly disclosed and have patches or fixes available.

The ACSC states, “The actor has shown the capability to quickly leverage public exploit proof-of-concepts to target networks of interest and regularly conducts reconnaissance of target networks looking for vulnerable services, potentially maintaining a list of public-facing services to quickly target following future vulnerability releases. The actor has also shown an aptitude for identifying development, test and orphaned services that are not well known or maintained by victim organisations.”

As speculation about who is behind the attacks inevitably comes up, Morrison says the Government is not making any public attribution statements, however, it may be the work of a state-based threat actor.

The Cyber Security Attack Details

To explain what all these terms mean and my interpretation of the events, I will break down what happened in the cyber security attack aforementioned above.
However I will skip past the explanation of the “state-based actor” until the end.

Copy-Paste Compromises

Copy-Paste exploits are attacks the will leverage ‘proof-of-concept exploit code’, ‘web shells’, and other tools that are almost identical to open source tools – hence the term ‘copy-paste’.

Proof Of Concept Exploit Code is open-source or freely available code that is allowed to be copy, pasted and/or modified in your own development projects or ‘hacks’. i.e. This is code posted on public forums which speeds up the process of creating websites and games, however this can also be viruses/malware/other code that allows malicious users to try and use this in emails or on websites that have ‘vulnerabities’ to certain code.

Web Shells are generally applications you can use to access a websites documents, similarly how you would login to Google Drive. However web shells make use of programming language to access websites file servers. Web Shell Exploits are generally what you would normally picture as the ‘hacker’ you see in movies, with a matrix-like screen showing a black background and green scrolling lines of code (it’s not exactly like this, but it’s not far from it). Anyway, you can use ‘open source’ or ‘exploit code’ in web shells, however you normally need the credentials. Web Shell exploits are more commonly going to be Brute Force attacks.

Who Is Vulnerable To This Cyber Security Attack?

“The exploits relate to Telerik UI, Microsoft Internet Information Services, SharePoint, and Citrix. All exploits were publicly disclosed and have patches or fixes available.”

As far as I can see from the listed terms above, this cyber security attack is largely only going to affect the admin processing side of things and potentially some front-end website pages for government-related websites, however I can’t confirm this as I do not have access to specific information (back-end data/analytics). Furthermore, this is largely only going to affect the Government as they heavily rely on online Microsoft services for most admin-side related services, however some business may also be affected by what is happening or has occurred already.

It is my opinion there will be no issues with patient databases or sensitive personal information on your computer at home. It seems as though this exploit has only affected certain services. Personal information stored in hospitals shouldn’t be connected to Sharepoint or the other services that were mentioned. Hospital patient information across the departments Australia-wide, have hopefully  been developed using ASP.net and are not connected to Sharepoint (however I cannot confirm the Microsft’s ASP.net software the Government is using, is not vulnerable). ASP.net, Sharepoint and other Microsoft online services are the favoured technology used by the Government for development activities. How do I know? I have rebuilt a patient database/faciliation software for one of Queensland Health’s departments and when looking are applying for Government jobs almost all job specifications/requirements outline this technology.

Are You At Risk From The Security Attack?

Are individuals going to be affected? I cannot confirm anything as I do not know the extent of what has been breached, however by going off the terms outlined above, I would assume individuals (personal internet use at home) will not be affected.

Are businesses going to be affected? Any business using Citrix technology, ASP.NET or online Microsoft Services should spend time looking into the existing vulnerabilities and applying any updates/patches that are currently available for the software you are using. I would also recommend following any news released surrounding this cyber security attack.

What Does 'State-Based' Cyber Security Attack Mean?

I was left scratching my head a little by the mentioning of a ‘state-based cyber attack’ by Prime Minister Scott Morrisson. After receiving an explanation on the term ‘State-Based’, it is my understanding ‘State-based’ usually implies it’s (foreign) government (sanctioned) activity I.e. another country’s government is, in this case, performing malicious cyber activity trying to exploit Australian online resources.

Was this really a ‘state-based’ cyber security attack? Without access to the back-end server traffic/analytics/data there is not too much to confirm. However, ‘state-based’ cyber security attacks are extremely common and generally aren’t anything to be concerned about. There are also multiple ways of providing additional security measures to prevent these from happening. One recommendation: If it sensitive data that is local to Australia (i.e. patient information) that needs additional security, updating outdated/vulnerable software to newer technologies and moving from it’s reliance on Microsoft services only would be something to seriously consider. Setting up blocks to foreign ip addressses from being able to connected to sensitive data that is accessible by the internet (that don’t need to be distributed worldwide like patient data) is a vital security measure to prevent and block the attack that sounds like is happening.

Was This A Foreign Cyber Attack?

Without the specific details of the attack, there is no way to confirm whether or not this was “state-based”. However, looking at the digital attacks that were mapped on the 19/06/2020 there was actually very little malicious activity recorded on this date. There was mentioning in the news, that this was a “state-based” attack, inidicating it may have originated from China, although there is very little evidence publicly available, supporting this. It could have originated anywhere without more details surrounding this. In fact, on this day there was more malicious activity coming from Australia towards China, refferring to the image below (although this largely relates to DDOS attacks). Moving the map back a few days, you can a vast amount of activity originating from the USA and Nigeria.

CYBER ATTACK MAP JUNE 19 2020

CYBER ATTACK MAP JUNE 18 2020

Categories
2019 Technology News

Does Your Website Need Help?

Does Your Website Need Help?

it is very likely If your website has slowly lost its traffic or conversions, your website could probably do with an update. While you may have been committing yourself to the business available to you, your competitors websites could be outperforming yours now. However, if your website traffic or conversions have suddenly dropped, there’s a few things to consider when you look at your analyse your data. There is chance some sort of event or natural disaster that might be causing an irregular fluctuation to your websites traffic. Perhaps your website has been hit by a negative SEO campaign and you are receiving false leads or even a DDOS attack.

Hire An Experienced Web Developer

If your website is struggling in the search engine, to get more leads/conversions or you just generally need help setting up a website or putting the final touches on your website, I can provide a full suite of website development services that you can rely on. I can help you target more qualified leads or ensure your business is given its bet opportunity to rank high in the search engine. 

Have Your Conversions Dropped?

There’s a couple different reasons why your conversions may have dropped, this includes errors with your contact form, javascript errors with your website or potentially outdated content. I will break this down in more detail for you.

Contact Form Issues

If your website has never received any contact form submissions there’s a chance you have misconfigured the email settings in your contact form plugin. I would recommend using contact form 7 for your website, it may require some basic understanding of HTML. If you have a business email for the website like “[email protected]” or “[email protected]” and the default sender address is not working (usually [email protected]), try using an additional/alternative plugin that lets you send via SMTP settings, however at this point it might be best to hire to set this up for you quickly.

Javascript / PHP / Other Errors

Javascript and PHP or sometimes other errors causing issues to your website are usually a complex issue for the average user and is usually best left up to an experienced developer to sort out for you. However, the best place to start if you have a website using WordPress and are the average user is to first make sure you have a backup of your website, then update and outdated theme or plugin on your website. Furthermore, for the more experienced user / website developer, I would recommend looking at your console errors / error log file and see if any plugins are causing any issues or to install a plugin that can do a health check on your website.

Outdated Content

Outdated content on your website is one of the most influencing factors when your website begins to lose conversions or users. If your website has started losing users, it is likely your competition have optimized their landing page recently that has overtaken one of your positions in the search engine causing you to lose users or perhaps there has been a Google update that has caused major changes to websites’ positions in the search engine. The other thing to consider is whether or not you should update your meta title and meta description to try and engage more users in the search engine to click through to your website. Outdated content on your website can also cause a drop in on-page conversions (conversions like submitting an inquiry or purchasing a product). If your website has a high retention rate of users (if users keep coming back) than it is likely they are going to lose interest of seeing the same content all the time or perhaps you need to add a few additional call-to-actions on your website or make your website a lot easier to navigate through. It is always best to look at your website as if you were a user seeing it for the first time and see how easier it is to find your main services/products. It is super important to monitor your competitors and continually update the content on your website to keep users interested, ensure your SEO strategies are reflecting patterns in your Google Analytics/Search Console data and always look at your existing content and keep it up to date while maintaining a healthy balance of landing page generation. If you are interested to see how I can help your online business grow, please don’t hesitate to inquire.
Categories
2019 Technology News

Cryptocurrency Payment Gateways – It’s Benefit for 2019

Cryptocurrency Payment Gateway

The Benefit Of A Cashless Payment Gateway In 2019

Why Is Cryptocurrency So Important?

Understanding cryptocurrency, considering why it has a plethora of layers and how it is an interesting innovation for society is an important topic that needs to be explored due to the nature of its impact on our society, today.  The primary layer is overcoming the initial skepticism of cryptocurrency’s validity as a typical form of payment for both business owners and consumers. No matter what angle peaked your interest into cryptocurrency, it is vital to view virtual currency as a physical commodity to trade; used by a customer and a business owner both virtually and physically with the adoption of common practices such as credit cards and virtual payment gateways to assist the exchange of cryptocurrency.

Why Is Cryptocurrency Relevant?

Cryptocurrency trading is relevant to everyone today, because we are all playing a role of trade; in our local, state, national and global economy. To help you understand the importance of cryptocurrency in your life, consider what the creation of bitcoin stood for and from what moment in globalisation did cryptocurrency arise? if you don’t know or if you’re having trouble trying to understand the value of a peer to peer payment system, then the broader spectrum of the world alike, is still in the dark too. It is a topic that has only been favoured by early investors, miners and traders. What these miners and traders of cryptocurrency understand is, cryptocurrency is a virtual asset and the need for decentralized banking is necessary; nonetheless how does all of this relate to how we see our individual position in a growing new economy?

“We have proposed a system for electronic transactions without relying on trust.  We started with the usual framework of coins made from digital signatures, which provides strong control of ownership, but is incomplete without a way to prevent double-spending.  To solve this, we proposed a peer-to-peer network using proof-of-work to record a public history of transactions that quickly becomes computationally impractical for an attacker to change if honest nodes control a majority of CPU power” (Bitcoin.org) .

What Does Free Cryptocurrency & Sustainable Regulation Represent?

Many cannot grasp that the conversation has changed from legitimacy to sustainability and regulation, so the purpose of this dialogue is not to deconstruct how cryptocurrency software works or its security measures, but what it can represent. The more possibilities you can create the more distorted the reason bitcoin and more importantly the concept of money was created for becomes; and so, the manipulation layer of cryptocurrency begins.

Cryptocurrency was not created to be an asset to be held and traded for a select few; as more people are putting real money into the system, the cost of a bitcoin becomes more expensive creating an illusion to its reach. 

Possibilities to how the future of its socio-economic impact can only be clear when the process of cryptocurrency and our shared economy futures’ can be explained concisely. If not, the inevitable result in fear mongering and capitalisation of vulnerability in multiple variations have and will continue to rise. The application so far of proof of work versus proof of stake within the procedure of bitcoins core system; privately owned systems and infrastructure with support of the available public, has inevitably warranted the existence of cryptocurrencies.

The need to understand our individual role starts emerging as supply and demand of viable currencies begin to streamline into the public. The way in which you can conceptualize the application only falls to the limit of your knowledge of how the fundamentals of a free market can and should be managed by everyone. Creating the next layer of accepting there is an alternative to our current situation of increasing taxes, government debts and abuse of systematic change. Bitcoin and alternative coins alike can and are, trying to fund a transparent and safe ledger online as the existence of traders and miners support its own model in trade as a response to the issue of centralized banking.

Predicting the Future of Bitcoins Success

What we already know is, real people are already supplying real money, energy and computational power to create a supply and demand to of virtual currencies. Leading to the bigger question, understanding our position in all this rhetoric.   

Manipulation of a market place would better define regulation in the sense that unless we understand the purpose of having worked for your own goods we will end up repeating history yet again. As the masses start to consider the world of cryptocurrency, bitcoin and alternative coins possess the opportunity for communities to start considering alternative ways to engage with each other. It’s an interesting time because there is no way to predict the future of cryptocurrency because the grey area on regulation unfortunately still exists. Cryptocurrency was intended to release the ties of centralised banking; this ideology has been accepted in some parts of the world and is critical to allow everyone to create their own view on what the pros and cons are to virtual currency being traded for energy as a solution for creating an income.  

Ignoring the intricacies of Governments and Nongovernmental Organisations for the functionality of our globalised community; access to clean food, water and energy to maintain society is necessary, everything else is subjective to the individual and the collective to how their government and system is run. Value could be placed on maintaining and creating friendly ecosystems that can create energy to run computer hardware allowing community access to cryptocurrency and ultimately energy sources, dependent on the emphasis you allow to that impression.  Sustainability of supercomputers and ‘ai bots’ require both energy and manpower; building the infrastructure to maintain security both physical and virtual depends on everyone to support a new framework of approaching money creating the mentality of trading for energy which is equivalent to the amount of energy one can create.

The Politics of Free Cryptocurrency

The argument that money is irrelevant is redundant in our society without an alternative suggestion. Cryptocurrency is a new way of creating value to something that doesn’t exist. Our position in all of this is accepting that the longer you wait, the harder it will be in the future for you get the same benefits that some are having now. The ability to trade only comes down to the amount of energy you can afford. Already negating the existence for a community based on projects in a supportive manner to create new ways for everyone to have some form of asset. Everyone can have an educated assumption on anything yet sometimes we all can ignore the fundamentals of what we all need and share. Ignoring the politics and thinking hypothetically into a world where your banking is completely controlled by yourself, the reality of cryptocurrency’s value becomes both worthless and priceless. Bitcoin has proved its worth for so many people that the room for financial stability and growth for the wider community cannot be ignored for much longer. If you can hold down that voice of insecurity and start using reason, then you can start to see the practical and positive role to a virtual form of trade.

 If you look at it in this perspective:

Computer = Resource for computing power to create tangible coins to trade.
 
People = Building sustainable infrastructure for computing system to create.
 
Value = cryptocurrency/money/energy/blocks.Governments can create free energy systems with computational power and support its system by creating jobs as a positive incentive for reducing our affect on the earth. i.e. People create the free energy, something with value rewards the people for setting up the free energy and making computers do the work.

How To Get Free Cryptocurrency

There are multiple ways currently to earn free cryptocurrency. You can start mining (which you technically need to pay for electricity and your labor to setup the system – but at least you get a return on using your computer now), start trading cryptocurrency (this isn’t free technically as you made need to make an initial investment) and finally use gambling platforms to get free bitcoin.

Mining and Trading Cryptocurrency

If you already have an arsenal of computing hardware than you can start looking up tutorials on how to setup a miner for a certain currency. There is two types of mining – pool or solo, read more how mining cryptocurrency works here. You can search for a ‘gui’ miner liker minergate that lets you install a program with a user interface. If you aren’t too familiar with source code or using shell language. Please be warned the setup for solo miners is generally more difficult than pool mining and is best to learn how to setup a miner using shell commands.

We recommend looking at Steemit to start with, the provide a viable platform the allows users to generate profit.

Cryptocurrency Payment Gateway

Are you a business owner or looking to run your own eCommerce store?
Anyone with a WooCommerce installation on their WordPress website can utilise our payment gateway for their website. This plugin allows business owners to accept payments on their website, by converting their currency (i.e. USD or AUD, NZD) to current price for bitcoin / ethereum using an exchange rate formula. You can take advantage of this plugin on your website now, as other currencies will be added to this plugin soon.

Using Gambling Plaftorms for Free Cryptocurrency

If you legitimately want free cryptocurrency, there are actually gambling platforms that give you free coins in order to play games on their website. Like freebitco.in and freedoge.co.in they will let you have a free spin each hour in order to try and win a sum of free coins. There are certain hooks to using these platforms, the games are generally addictive to play and you are required to provide your sensitive information (i.e. the regular details you submit into forms) when signing up.

The benefits of combining mining or having a free spin on the gambling platforms allows you to generate an avenue where you are earning cryptocurrency without using any of your physical cash. If you are currently skeptical of how cryptocurrency; mining and trading works then getting start like this is the best foot in the door without any real risk.