18 • published papers, policy submissions to government relating to ICT and
Internet security;
2
• provided public outreach, education and awareness raising about Internet security issues by hosting workshops and through the media;
• provided information and expertise to law enforcement about specific cyber attacks affecting or emanating from Australian networks;
• participated in government, CERT and industry multi-lateral meetings including cyber security exercises with a range of global partners;
• communicated, cooperated and built relationships with industry, domain name registries, telecommunication providers and national CERT
counterparts overseas.
2.1. Incident Handling
A large part of AusCERT’s core business involves analysis of online cyber attacks. While these are not the only incidents handled by AusCERT, they
represent a common form of cyber attack and show clear upward trends associated with these set of criminally-motivated activities.
Figure 1 shows the number of malware and phishing sites handled by AusCERT in 2009.
Each incident represents a single unique URL or domain name that is hosted by one or more compromised computers for the purpose of stealing sensitive
information and access credentials from other computers. Multiple computer compromises can be associated with each attack, which is the set of
compromised computers needed to launch the attack and collect the stolen data. The number of IP addresses involved in a single attack is variable but
can range from 1 to around 5,000. This graph does not include the number of computer infections compromised
hosts that occur due to each malware attack of which there is generally many hundreds or thousands.
2
See AusCERT publications http:www.auscert.org.au1920
19 Figure 1
The figures above are representative of specific types of incidents handled by AusCERT. Total incidents handled are much greater.
2.2. Security bulletins and blogs
AusCERT publishes security bulletins as part of its services. In 2009, AusCERT changed its security bulletin format from one which included
AusCERT alerts, advisories and updates to a simpler approach comprising only AusCERT Security Bulletins ASB and External Security Bulletins
ESB.
20 During 2009, AusCERT published 1,445 external security bulletins ESB, and
577 AusCERT bulletins in the old and new formats. 103 blogs were published.
2.3. Network monitoring
AusCERT is collaborating with a number of partners operating monitoring projects, by hosting sensors.
2.4. Stay Smart Online Alert Service
In 2009 AusCERT continued to provide a service under contract from the Australian government, which is part of the government’s broader Stay Smart
Online initiative.
3
The Stay Smart Online Alert Service is a free service aimed at home users and SMEs with little or no technical knowledge. The
service provides access to email, web and RSS feeds and includes a monthly
3
www.staysmartonline.gov.au
21 newsletter and fact sheets.
4
AusCERT published 62 alerts and 27 advisories during 2009.
2.5. AusCERT Certificate Services AusCERT-CS