18 • published papers, policy submissions to government relating to ICT and Internet security; 2 • provided public outreach, education and awareness raising about Internet security issues by hosting workshops and through the media; • provided information and expertise to law enforcement about specific cyber attacks affecting or emanating from Australian networks; • participated in government, CERT and industry multi-lateral meetings including cyber security exercises with a range of global partners; • communicated, cooperated and built relationships with industry, domain name registries, telecommunication providers and national CERT counterparts overseas.

2.1. Incident Handling

A large part of AusCERT’s core business involves analysis of online cyber attacks. While these are not the only incidents handled by AusCERT, they represent a common form of cyber attack and show clear upward trends associated with these set of criminally-motivated activities. Figure 1 shows the number of malware and phishing sites handled by AusCERT in 2009. Each incident represents a single unique URL or domain name that is hosted by one or more compromised computers for the purpose of stealing sensitive information and access credentials from other computers. Multiple computer compromises can be associated with each attack, which is the set of compromised computers needed to launch the attack and collect the stolen data. The number of IP addresses involved in a single attack is variable but can range from 1 to around 5,000. This graph does not include the number of computer infections compromised hosts that occur due to each malware attack of which there is generally many hundreds or thousands. 2 See AusCERT publications http:www.auscert.org.au1920 19 Figure 1 The figures above are representative of specific types of incidents handled by AusCERT. Total incidents handled are much greater.

2.2. Security bulletins and blogs

AusCERT publishes security bulletins as part of its services. In 2009, AusCERT changed its security bulletin format from one which included AusCERT alerts, advisories and updates to a simpler approach comprising only AusCERT Security Bulletins ASB and External Security Bulletins ESB. 20 During 2009, AusCERT published 1,445 external security bulletins ESB, and 577 AusCERT bulletins in the old and new formats. 103 blogs were published.

2.3. Network monitoring

AusCERT is collaborating with a number of partners operating monitoring projects, by hosting sensors.

2.4. Stay Smart Online Alert Service

In 2009 AusCERT continued to provide a service under contract from the Australian government, which is part of the government’s broader Stay Smart Online initiative. 3 The Stay Smart Online Alert Service is a free service aimed at home users and SMEs with little or no technical knowledge. The service provides access to email, web and RSS feeds and includes a monthly 3 www.staysmartonline.gov.au 21 newsletter and fact sheets. 4 AusCERT published 62 alerts and 27 advisories during 2009.

2.5. AusCERT Certificate Services AusCERT-CS