15 III. Activity Reports from APCERT Members AusCERT Australian Computer Emergency Response Team – Australia 1. About AusCERT AusCERT is the premier Cyber Emergency Response Team CERT established in Australia in 1993 and a leading CERT in the AsiaPacific region. AusCERT operates within a worldwide network of information security experts to provide computer incident prevention, response and mitigation strategies for members. As a not-for-profit, self-funded organisation based at The University of Queensland, AusCERT relies on member subscriptions to cover its operating costs. AusCERT is also a member of FIRST. 2. Activities and Operations

2.1. Security advisories and bulletins

AusCERT distributes security advisories and bulletins to its members by email and publishes a portion of them to its public website. Bulletins are published in a standardised format with a consistent approach to classifications of vulnerabilities, impacts and affected operating systems. During 2014, 2519 External Security Bulletins ESBs and 146 AusCERT Security Bulletins ASBs were published. This represents a 34 increase overall when compared with 2013 tallies. The increase is largely due to the widespread vulnerabilities in OpenSSL based products, affecting many different vendors. The ESBs are made publicly available immediately however the ASBs are available to members only for a period of one month after release, beyond which time they are made public.

2.2. Incident response

AusCERT coordinates incident response on behalf of its members and generates pro-active reports of incident activity, based on its data collection activities. Weekly, AusCERT provides a report to each of its members that details activity that affected the member for that week. 16

2.3. Threat processing

AusCERT provides a Malicious URL Feed to members only, containing the output of AusCERT’s processing of malware, phishing and other dangerous URLs. This feed is as accurate as possible, as each entry is checked by an analyst instead of relying on automated pattern matching. Additionally malware samples are automatically compared against multiple vendors’ detection engines using the Virus Total service, and those samples achieving poor detection rates are submitted to as many AV vendors as possible for inclusion in signatures.

2.4. Compromise evidence collection and data distribution

AusCERT notifies members of compromise of their web sites, hosts and accounts based on data collected using in-house expertise and analytics from open source data. 17

2.5. Phishing take down service