Social - Clear

Company Slogan


Social - Clear

How to spot (and stop) router compromise

How to spot (and stop) router compromise Router compromise. Hardly the most nerve-wracking phrase in the cybercrime lexicon, but one that is a fast-increasing threat for every single Australian business. Last year saw widespread warnings about router security, with computer electronics company ASUS identifying vulnerabilities in its hardware and the Australian Cyber Security Centre (ACSC) noting that many organisations lost critical configuration files due to router compromise.

It's an issue that every organisation needs to put on their data security agenda - has yours begun the process?

What is router compromise, and how does it work?

Router compromise is a fairly sophisticated form of data breach. Malicious entities conduct automated scans of routers to identify hardware that is vulnerable to an attack. This enables an adversary to extract configuration files, from which point they may be able to control or manipulate any devices that connect to your network, as well as the Internet connection itself.

In most cases so far, cyber attacks on routers have focused on those with Simple Network Management Protocol (SNMP) that is exposed to the Internet. This is a default setting, usually established during the setup of a network. While many organisations turn SNMP off after this process is complete, many more have left it open, creating risk of compromise. The ACSC has noted that router switches with Cisco Smart Install exposed to the Internet are also susceptible to router scanning and hacking.

How can you identify router compromise?

If your organisation's router has this exposure to attacks, there are some straightforward checks that network administrators can take immediately. You should check network logs for:

  • Unexpected SNMP queries; or queries of unknown origin.
  • Command outputs or network configurations that have come from outside sources - particularly through Trivial File Transfer Protocol (TFTP).
  • Configurations that apply to GRE tunnels you would not expect changes to.

If any of these red flags emerge, it may be time to conduct a thorough assessment of the threat, in line with the Notifiable Data Breaches scheme guidelines from the Office of the Australian Information Commissioner.

How can you prevent router compromise?

The first step in prevention is the simplest - if your router has SNMP which is exposed to the Internet, disable it. If you require read/write capabilities with your SNMP, ensure it cannot connect with unauthorised or untrusted third parties. Alternatively, you can upgrade your SNMP to version 3 and adjust all of the community strings to an appropriate setting.

Similarly, for Cisco router users, if you do not require Cisco Smart Install to be active, disable it. You can also begin using Access Control Lists (ACL), which limit the access SNMP has to network configurations. Finally, you can configure your anti-spoofing protocols to drop any packets at the edge of your network which come from unauthorised sources.

The ACSC is also proactively scanning Australian IP address ranges, looking for vulnerable or compromised routers.

Mitigate the impacts of router scanning today

Click here to download the eBook If your organisation suffers a router compromise-related attack, the costs can be far-reaching. Beyond the money spent eradicating the threat and hardening/patching your systems, significant data breaches require comprehensive follow-up action with both the OAIC and any affected third parties.

Hardware may need to be replaced, staff upskilled, and consumer relations or company reputation may suffer irreparable damage if an attack threatens an individual's safety.

Cyber criminals are becoming more and more sophisticated, with router scanning just one example of new ways your systems can be breached. To stay on the cutting edge of data security, it's critical you work with partners who can provide around-the-clock service, proactively anticipate threats and shut down risks before they spread.

To learn more about router vulnerability and other cyber risk areas, our 24 page eBook, IT Managers: Set your Network Defences to Stunning, is a great resource with tips you can use to identify, contain and prevent cyber security threats. You can download it here.

That's the difference Over the Wire will make. Contact the team today to find out more.

The Timeline of a Data Breach

Since the inception of the Notifiable Data Breaches (NDB) scheme in Feburary 2018, data breaches are required to be reported and Australian businesses have even more responsibility to demonstrate an aggressive approach to managing cyber-risk. To help businesses understand how this process works we've prepared the following infographic.

Over the Wire provides a 24/7 protection and notification managed security service, with local specialists on hand to monitor and mitigate any threats to your company. Find out more about our security service here.

Please share this infographic to your social accounts via the above share buttons.

Countdown to Chaos: The Timeline of a Data Breach Infographic

How we can help

Click here to download the eBook

Over the Wire provides a 24/7 protection and notification managed security service, with local specialists on hand to monitor and mitigate any threats to your company. Find out more about our security service here. Or complete the form below.

To understand more about how breaches occur and how to prevent them, our 24 page eBook, IT Managers: Set your Network Defences to Stunning, is a great resource with tips you can use to identify, contain and prevent cyber security threats. You can download it here.

5 ways your business can prevent email compromise

5 ways your business can prevent email compromise The Federal Bureau of Investigation (FBI) has stated that between October 2013 and May 2016, cyber criminals scammed $3.1 billion from over 22,000 victims in at least 79 countries through business email compromise (BEC).

At the core of business email compromise are spoofed emails - communications that have forged headers, addresses or signatures to make them look authoritative and trustworthy. They often request fund transfers or sensitive information that can result in large-scale data breaches.

Business email compromise doesn't discriminate by company size - the smallest organisation can be hit just as hard as a large corporation. Here are five suggestions to help protect your business.

1. Use Sender Policy Framework (SPF)

SPF is a critical tool for differentiating authentic emails from spoofed ones. When you establish an SPF, you can create a safe list of domains that your organisation approves for communication - for example, your own internal domain.

It will then conduct a verification of every incoming email and will send a warning if the address does not match the approved list of domains. You can then decide to analyse, quarantine or delete suspicious emails before they reach their intended destination. A variant of this system is Microsoft Exchange's Sender ID.

2. Register domains similar to your own

A common tactic used by cyber criminals is sending emails that look similar to your own - for example, replacing a lower-case L with the number 1. At a glance, this can fool many people into thinking they're receiving official communications.

One way of preventing this tactic is simply to identify all potential imitations of your domain, and register them yourself. Make sure you update these registrations on a regular basis, so they can’t be taken over by malicious entities upon expiry.

3. Add a 'hard fail' record

The Australian Signals Directorate (ASD) states that a hard fail record is a core element of preventing spoofed emails. With an SPF, unauthorised email domains can still reach the end user, but with a warning that the message comes from untrusted sources.

By configuring DNS settings to add a 'hard fail' record and setting this to a rigorous action, you can ensure communications from unauthorised domains go straight to spam or trash folders. This could also apply to emails sent from company addresses, but not company servers - another red flag to watch.

4. Educate your employees

Research from the Ponemon Institute and IBM shows that 27 per cent of data breaches are due to staff or contractor negligence [1]. By educating your employees on the dangers of business email compromise, you take a critical step towards prevention.

Train employees on their role in information security and educate them on email spoofing and spearphishing. Make sure they understand each and every red flag to look out for. You can also implement processes that mitigate the risk of falling prey to spoofing, such as requiring a phone conversation or face-to-face confirmation for any financial or informational transfer.

5. Use application whitelisting

This addresses a symptom of email compromise rather than the cause, but is nonetheless important. Application whitelisting is part of the ASD's Essential Eight, and entails limiting the applications that can be opened on your data network. It prevents the possibility of malicious programs from opening, and can further alert people to potential compromise when they try to open an attachment from a spoofed email.

Get the best for your business

Click here to download the eBook Business email compromise is all too common in Australia, but there are tangible steps you can take to mitigate the risks. Of course, this can be a complex process for businesses that are not well-versed in cyber security - this is where Over the Wire can help.

Our managed security services take over the administrative responsibility for your day-to-day protection and give you 24/7 cover from all manner of cyber threats. Contact our team to find out what we can do for you.

Learn more about the primary areas of cyber risk in our 24 page eBook, IT Managers: Set your Network Defences to Stunning, you can download it here.

[1] 2017 Cost of Data Breach Study: Australia (IBM/Ponemon Institute, June 2017)

Do you understand the consequences of an Australian data breach?

The consequences of a data breach are extensive. The impacts of a data breach stretch far beyond the immediate consequences from the loss of critical information and the cost of mitigating the spread. According to 51 percent of respondents to a Ponemon Institute study[1] who experienced a data breach in the last two years, the impact is much wider and it's critical that you take action.

By assessing the ways in which a data breach would affect your data networks and operations, you can begin to implement prevention strategies to mitigate the risk.

[1] 2017 Cost of Data Breach Study: Australia (IBM/Ponemon Institute, June 2017)

1) Financial consequences of a data breach

According to the Ponemon Institute, the average cost of a data breach is $139 per compromised record, with slight variations depending on the cause:

  • $154 per record compromised due to a malicious attack.
  • $130 per record compromised due to a system glitch.
  • $121 per record compromised due to employee or contractor error.

This may seem minuscule, but 41 per cent of respondents to the Ponemon Institute had more than 1,000 records affected by a breach in a 24 month period - which takes the immediate cost impact of a data breach to over the $100,000 mark.

For publically listed companies, research shows that stock prices drop 5 per cent in the aftermath of breach disclosure. The time that it takes the share price to recover will extend if the organisation has poor response processes. Meanwhile, failure to comply with the new Australian Notifiable Data Breaches (NDB) scheme can net fines as large as $2.1 million.

Prevention is the best strategy - cyber criminals do not discriminate by business size, and these costs have the capacity to break smaller Australian businesses.

2) Reputation consequences of a data breach

With mandatory disclosure of serious breaches now in place for many Australian businesses, managing damage to reputation is a must. Of the average $139 lost per compromised record, only $60 is attributed to direct action such as containment and assessment.

This means more than half the cost of a data breach can be attributed to indirect consequences, such as managing customer turnover in the wake of the event. Some industries are more susceptible to high churn than others - financial services and tech companies, where there is an expectation of high security measures, are hit especially hard.

Marketing campaigns, hiring media management and building customer trust following a data breach takes time and money. Avoiding such situations in the first place is the ideal.

3) Legal consequences of a data breach

The NDB scheme has put much greater requirements on Australian organisations when they identify a data breach. Beyond the costs of detection, containment, hiring external parties (like lawyers and data forensics teams) and reporting, there can be significant legal consequences.

Reporting may have to be disclosed to the ATO, ASIC, ACSC or even the Federal Police, depending on the breach. Failure to uphold obligations under the Privacy Act 1993 may result in legal proceedings, while financial penalties from the Office of the Australian Information Commissioner (OAIC) can reach as much as $2.1 million.

Manage and prevent a data breach with a security partner

Beyond the costs to your organisation, data breaches have the potential to inflict serious harm on individuals connected with your company. If not swiftly addressed, customers' private and financial information may be compromised. Fraud and identity theft are just some of the possible consequences highlighted by the OAIC.

The smallest breach can have wide-ranging and costly impact. To mitigate the risks, look into using managed security services. At Over the Wire, we provide 24/7 protection and notification, with local specialists on hand to monitor and mitigate any threats to your company. Get in touch to find out how we can help.

What you need to know about the Notifiable Data Breaches Scheme

What you need to know about the Notifiable Data Breaches Scheme The Australian data security landscape has profoundly changed. On February 22, 2018 the Australian government's Notifiable Data Breaches (NDB) scheme came into effect, requiring all organisations to report NDBs to those individuals affected.

It's a crucial step for Australian cyber security, but it's one that means organisations all over the country will need to completely revamp their relevant strategies and policies.

How does the Notifiable Data Breaches scheme work?

The Office of the Australian Information Commissioner (OAIC) is an independent Government agency, that is responsible for administering the principles of the Privacy Act 1988.

As the OAIC notes, the NDB scheme directs organisations covered under the Privacy Act 1988 "to notify any individuals likely to be at risk of serious harm by a data breach". They must also inform the OAIC as soon as possible.

The scheme aims to improve corporate transparency around data breaches and to foster "consumer and community confidence" in the large data networks that hold personal information. It also enables individuals to minimise the damage caused by a data breach as quickly as possible.

What qualifies as a Notifiable Data Breach?

There has been some debate about this, with a recent PricewaterhouseCoopers paper debating the strength of 'serious harm', and noting that it could be open to interpretation or argument. However, the OAIC notes that an NDB will likely include:

  • Theft or loss of a device containing personal information.
  • Hacking of central databases that hold personal information.
  • Accidental or malicious disclosure of personal information.

The Equifax breach of 2017 is a prime example of this at a high level, while at a small scale an NDB could be as simple as sending a small business' financial information to the wrong email.

Who must comply with the Notifiable Data Breaches Scheme?

All organisations covered by the Australian Privacy Act must comply with the Notifiable Data Breaches scheme. The following are examples of those who will have an obligation to notify any data breaches:

  • Businesses and not-for-profit organisations with an annual turnover of greater than $3,000,000.
  • Federal government bodies and private health organisations.
  • Small business operators: Those with turnover of under $3 million who provide health services, trade personal information, report on credit, or are related to an APP entity.
  • Credit reporting bodies: Including those with turnover of more than $3 million.
  • Credit providers.
  • Tax File Number (TFN) recipients.

How can organisations notify individuals?

Ideally, organisations subject to a data breach should notify affected individuals directly, as well as presenting a statement to the OAIC. If the organisation cannot get in touch with all individuals, they can reach out to only those at risk of serious harm. If the organisation cannot inform any individuals, they must publish the OAIC statement on their website and take all reasonable steps to let impacted parties know about this.

Notifications should include a description of the breach and the type of information at risk, as well as the organisation's own contact details and steps individuals should take to mitigate the risks of the breach.

How can businesses identify Notifiable Data Breaches?

This can be more difficult. If an organisation knows with certainty that a Notifiable Data Breach has occurred, it must take the above steps as quickly as possible. However, in many cases a business will simply suspect a data breach has taken place, without concrete evidence of it or its impact.

In these cases, the OAIC requires operators to take all reasonable assessment steps within 30 calendar days of first becoming aware of the potential for a breach. This should be a "reasonable and expeditious" assessment, have a risk-based approach, and remain in line with the business' own data breach response planning.

What can businesses do to be prepared?

Click here to download the White Paper If your business will be impacted by this change, it is important to conduct a rigorous assessment of your data security. Everything from individual security protocols and education to the strength and number of your firewalls should be analysed, weak points addressed and fail-safes for identifying and reporting breaches established.

To get you started our white paper, 6 Steps to Improve your Business Cyber Security, is a great resource with tips you can put into action immediately to help protect your business and avoid data breaches. You can download it here.

For a more comprehensive look at your company's security policies, our experts can work with you to evaluate your current data security provisions and find ways to improve them. Let us help you today.

OTW #74 in Financial Review Fast 100 - 2017

Financial Review Fast 100 - Over the Wire ranked 74 The Australian Financial Review has released the Financial Review Fast 100 list for 2017, comprising of Australian businesses that have shown consistent, high growth over time. The rankings were calculated on a 3-year average of year-on-year growth percentage.

In the FY15 - FY17 period Over the Wire achieved an average year-on-year growth of 37.1%, which placed us at Rank 74 on the Fast 100 list. We’re very pleased with this outcome, and could not have achieved it without the amazing commitment from our team and the fantastic ongoing support from our clients - thank you!

Topping the list this year, with a staggering 464.8% average year-on-year growth over the 3-year period, is TripADeal. Congratulations to founders Norm Black and Richard Johnston, along with all of the other Fast 100 companies.

Innovation Award for Private Mobile Data services

Optus 2017 Innovating for Excellence Award received by Over the WireOver the Wire and Telarus have received the Innovating for Excellence Award from Optus for our work around Private 4G networks. Michael Omeros (Managing Director) and John Puttick (Chairman) attended the event in Sydney, which was presented in front of many of Optus' wholesale clients.

The work involved in developing these Private Mobile Data capabilities evolved over several years, requiring significant input from Optus as the mobile carrier, hardware vendors, and staff - with special thanks to Jason Bednar and Robert Grace from the Telarus team for their efforts. Their work has culminated in the Private Mobile Data offering we now have available, along with the creation of a low-cost private network failover option for our MPLS clients. We believe this will have a significant positive impact on the data network market through the addition of a path-redundant, low cost, private network backup service.

If you'd like to know more about how you can implement automatic failover to a Private Mobile Broadband service on your existing data network or Internet connections, speak with our team today.

Is NBN’s fibre to the node really more popular than fibre to the premises?

The rollout, adoption, and even use of NBN services is a contentious issue amongst many across Australia, and a topic that keeps making its way into headlines, with the latest claims; NBN “fibre to the node is more popular than fibre to the premises.”

This claim, made by Gizmodo Australia, is on the back of an in depth analysis conducted by ITNews, details of which are available here. This report gives an interesting insight into the deployment and adoption of NBN services in different regions, and the activation rates in each.

But does this actually mean fibre to the node (FttN) is more popular than fibre to the premises (FttP)? On face value this could be the takeaway, however the claim does not take into account important factors such as the availability of providers supplying services, the adoption life cycle inherent with any new product, and consumer choice.

While the number of suppliers ready and able to deliver NBN services in the first round of NBN regions, with FttP, weren’t nearly as comprehensive as what there is today, this lack of accessibility isn’t the only important factor to consider when looking at this data. As with all products, a natural adoption life cycle will take place, with Innovators and Early Adopters making a small, but meaningful portion of the market; it’s these ‘guinea pigs’ that give the majority of consumers the confidence in the new product to adopt it themselves, or learn from someone else’s mistakes.

Another consideration is that measuring popularity is a factor of choice, which isn’t something that consumers have here; the options are to adopt whichever form of NBN is available in the area, or switch to or maintain existing connectivity not impacted by the decommissioning of PSTN phone lines.

While the final take-away from the analysis is up to interpretation, one good thing is clear; we’ve finally moved away from measuring “premises passed” to actual adoption rates – not only a step in the right direction towards accountability, but giving the public access to real and meaningful statistics about our nation’s ongoing NBN saga.

To see if NBN is appropriate for your business, or if you will be impacted by the decommissioning of PSTN lines, contact an Over the Wire representative or call us on 1300 689 689 today.

Media enquiries: Chris Jacko

A Very Brief Introduction to Connectivity

The Australian and New Zealand telecommunications landscapes can be both confusing and expensive places to navigate and most providers don't make it any easier, as they either do not provide explanations or obfuscate their responses. The infographic below takes a quick look at some of the pro's and con's of readily available connectivity options for businesses.

Tail Technologies Infographic - ADSL, SHDSL, EoC (Ethernet over Copper), EFM (Ethernet in the First Mile), Ethernet over Fibre, 3G, 4G, Microwave.

Why It's Time to Migrate to IPv6

IPv4 is running out.  This will come as no surprise to many of you; you've been reading about this impending doom for years, right? True, but even in the face of dwindling IPv4 resources, uptake of IPv6 internationally has been staggeringly slow, service providers have dragged their feet on enabling IPv6, and software vendors have taken far too long to implement decent IPv6 support in their products - especially considering that IPv6 was first described in 1996!

Over the last couple of years however, there has been a marked pickup in native IPv6 use.  Some of this has been driven by events such as World IPv6 Launch where large service providers and content providers permanently enabled IPv6 connectivity as a native form of access for clients.  IPv6 traffic is now doubling every year, and a number of the largest ISP's worldwide are working hard on their IPv6 rollouts, progressively enabling clients who connect to them.  As some of these very large networks enable IPv6, we will see huge leaps in native IPv6 use.

If current trends continue, ~50% of the worlds Internet traffic should be IPv6 within a reasonably short 5 years.

Australia, at this point in time, is seriously lagging the rest of the world when it comes to uptake rates.  According to Google, 2.25% of all requests to their infrastructure utilise IPv6, however when looking at requests from Australia only, the percentage drops to 0.41%. The infographic below breaks this down in greater detail.

Over the Wire has seen a similar disinterest in IPv6 from our corporate customer base, despite our network having been IPv6 enabled (dual stack) for a number of years.  It seems that most IT Managers are completely ignoring the problem of dwindling IP addresses, and are essentially prioritising other projects over investigating and deploying IPv6.  Unfortunately, with large parts of the developing world unable to receive new IPv4 allocations either now or in the near future, over time there may be parts of the Internet that those with IPv4 only will simply not be able to communicate with.

For those that have not yet investigated IPv6, there is a moderately steep learning curve and any implementation should be well planned like any other large IT project.  Additionally, IT support systems must be upgraded to deal with the new addressing scheme (eg monitoring systems, asset management systems, security appliances, DNS servers, etc).

Now is the right time to consider how you plan on helping your organisation transition to IPv6 as there can be little doubt that those who start early will be better placed to handle serious IPv4 depletion issues.  Enabling IPv6 on any corporate network should not be taken as a trivial task, and will need to be dealt with as a project much like that which faced many in the industry during 1998 and 1999 with the "Y2K" efforts.

Should you be interested in obtaining an IPv6 allocation, Over The Wire will happily provide you with an address block allocation to enable you to start your migration, and we can also enable your connection to us for IPv6.  If you have any questions about how to go about planning your own IPv6 journey, give us a call... but at the very least please do your own research into the world of IPv6 and start thinking about its deployment in your environment today.

Infographic explaining the need to migrate from IPv4 to IPv6