• Garrett O'Hara

    Garrett O’Hara is the Principal Technical Consultant at Mimecast having joined in 2015 with the opening of the Sydney office, leading the growth and development of the local team. With over 20 years of experience across development, UI/UX, technology communication, training development and mentoring, Garrett now works to help organisations understand and manage their cyber resilience strategies. When not talking about the cyber security landscape, data assurance approaches and business continuity Garrett can be found running, surfing or enjoying the many bars and eateries of Sydney's Northern Beaches.


    Add comment
Garrett O'Hara

The latest cyber news and resilience insights: Microsoft Exchange vulnerability exploit, Oxfam data breach, and Australia’s vaccination appointment scams


The team is back with this fortnights latest cyber security news and insights including the huge impact of the Microsoft Exchange vulnerability exploit, the Oxfam data breach that compromised personal details of its supporters, and the phishing scams targeting Aussies with fake vaccination role-out information.


The Get Cyber Resilient Show Episode #45 Transcript

Daniel McDermott: Welcome to the Get Cyber Resilient Show, uh, back for 2021 with another news edition. Uh, Dan McDermott here with, uh, my fellow hosts Garrett O'Hara, and Bradley Sing. Good to see you guys.

Garrett O'Hara: Great to see you too, Dan.

Bradley Sing: Thanks for having us again.

Daniel McDermott: Yeah, not a problem. Thank you for, um, holding down the fort while, uh, I had some, some time out there. So really appreciate it. And, uh, been enjoying listening to your work. It's been, uh, it been great to, to be just a listener for a while, which has been good fun.

Garrett O'Hara: Good stuff. And hopefully, I was just ha- before we started recording, Dan, I was making the joke with, uh, Bradley. I think I've got a neighbor who pays somebody to mow the lawn right when we start recording. It's unbelievable. Every single time, eh, it starts up. It's either a lawnmower or a whipper snipper. So hopefully you guys can't hear that too loud.

Daniel McDermott: No, no, nothing coming through at this stage, but, uh, we'll definitely, uh, we'll keep an ear out for it as we, uh, [laughs], as we go through the discussion today. So as we know, today is really looking at, um, we're doing, sort of a review of news cycles on a, on a fortnightly basis, at the moment, and, uh... And really, sort of, I guess, analyzing and, and, and deep-diving into some of the key issues.

And, and the reason we've moved to fortnightly really, is just the pace of what is happening in the market. The amount of things, and the stories that are going on is quite incredible. Um, and we're finding that it was hard to cover everything, um, on a once a month basis. So, um, so it's a great opportunity for us to have those conversations and, uh, and hopefully be, uh, on the pulse with what's happening right now.

And I think in that light, and I don't there's a bigger story at the moment than what's happening with the market of the Exchange exploit. We're seeing this sort of cover, obviously through a number of news cycles ar- around the world. But, you know, anything up to 60,000 customers globally impacted by this. Um, and it being something that is, you know, looks as though it's been around for a considerable period of time, an that there's really... I guess a, um, you know, a, uh, this notion of sustained state-based attacks.

This is really coming to life as part of this. And, and really, I guess, escalating, I guess the concern around any sort of vulnerabilities, and the need to, I guess, really move forward quickly with... with patching and making sure that, you know, you remove these vulnerabilities as quickly as possible. But the scale of this is probably, something that w- we maybe know, not really have seen before in terms of the individual organizations impacted. Be keen to get your thoughts on exactly what's going on here, and can customers do right now, um, if they are sort of worried about this. Um, and what is the, sort of the, go forward I think from here as well.

Bradley Sing: Well, there's a lot of things there, right? And I think we'd all agree that this is a big event. Like, you know, we've seen a lot of the big cyber events of the past year. But, I don't, I think to your point, Dan, we're really gonna know the extent of this until the next coming weeks. And even as we are recording this show today, [inaudible 00:02:56] news is breaking in terms of what we're finding. Um, I think it's important f- for, for listener, I guess, to understand a bit around the timeline of the attack, um, understanding quite recently Microsoft did release an announcement. And we'll kind of, go into more detail about that later, but...

The attack first started, or at least it was first observed in the world around the 6th of January. So around the same time that the Capitol riots were happening within the, uh, the United states. There were a couple of organizations who reported to Microsoft. I think the DEVCORE was the, the initial firm who kind of found the exploit. But it was an incident response firm called Volexity, who saw it being effectively used in the world. So [inaudible 00:03:33] Volexity there, they were seeing a whole bunch of traffic coming from two of their Exchange [inaudible 00:03:37] customers and they thought they might warrant more investigation.

What we now know is that it seems to be a sophisticated string of, of really four main exploits surrounding Exchange affecting Microsoft Exchange 2013, 2016, 2018, as well as 2010, and Service Pack 3. And I guess the main, the big scary thing here is that... This, we're talking about, I guess, an open exploit for a very large mail platform, that you know, potentially 60,000 customers globally utilizing.

Daniel McDermott: It's massive. And I guess, Garr, uh, what do we sort of see, in terms of like, you would see the breadth of this, um, the number of... I guess, you know, Exchange, that is, that are impacted and the different, sort of variations over the years. Um, what sort of response, you know, can we expect, I guess you know, from Microsoft and from the security community?

Garrett O'Hara: Yeah, like, it's sort of an interesting one. A term, hafnium, which I actually had to go up and find on the internet. And I'm embarrassed of it, a honor student in chemistry. Didn't recognize the name, but it's a metal. Melts at, uh, 2,233 degrees Celsius for those who are interested in that kind of stuff. Completely irrelevant to [inaudible 00:04:48]. I just thought that was interesting.

Um, you know, from a CVSS perspective, it's pretty serious. Um, of the CIA tryout, it hits confidentiality and integrity. And availability is not affected, um, when you look at the report from Microsoft, but it's... it's scoring pretty highly in terms of the base and temporal score, so... You're hovering around eight and I think nine, depending on which particular CV you look at. And that points it being great importance and very, very widespread.

I think the, uh, but the real concern is that it's, um, you know, you essentially, what you're seeing the huge spike in, um, in sort of volume of this is because you can just go do scans and find vulnerable, um, Exchange services and then, you know, execute a, um, execute the attack. So, you know, that, that is, I think pretty concerning, um, Microsoft have patches, so it comes down to then a race to get the patches out there to hopefully protect organizations from it.

I think what I take from this is that, you know, this is a vulnerability that's been around for 10 years and we see that quite often, and this, you know, has nothing to do with Microsoft. This is just a general comment on platforms and some software is that it sort of doesn't matter how long something has been around, you know, the, the vulnerabilities will be discovered and continued to be discovered, even when you sort of feel like something is being in the spotlight or being used for a really, really long time. '

Um, we had, uh, we had an example actually internally, and I know we don't normally talk about our stuff, but I think it's relevant here. Um, so that is one of our engines that was a, an organization we, we kind of acquired, but one of the things that had happened there, which is sort of similar, less severe was that they were picking up what they told were false positives based on some of the Microsoft and productivity file types.

And so things like Word documents and Access, Excel, and assumed it was a false positive until they did the research. And actually it turned out that the engine had, had picked up essentially a vulnerability, which I think from memory was there from, uh, was about 15 years old, but it just never been discovered. And I wonder, you know, part of this we'll see more and more of as attackers and, you know, white hat and black hats and gray hats. And, you know, everyone's gonna have access to tools to do analysis on exploits and vulnerabilities that they didn't have before, you know, the emergence of things like machine learning and to start doing the analysis and this type of stuff, I suspect we're gonna see more and more of these and to kind of echo both of your comments.

It just feels like the, every time we talk, it feels like, "Oh my God, we've just seen the biggest thing that's ever happened." You know, it's, it's sort of like, you know, the four minute a mile where once it happens, all of a sudden everybody's doing the four minute mile and it just, I don't know at the moment, it, it feels big. I don't know if it's that, if that's your sense guys, but, you know, December, January was a whopper and then this has happened and this is a whopper. Um, you know, just, it feels like what's, what does April bring? [laughs].

Daniel McDermott: So couple of layman's questions that I have around sort of, I guess, the timeframe and the impact then. So you have the vulnerabilities been there, you know, really day zero from these, from these environments. Um, when, you know, do we know that the attacks have only recently started or like, you know, has that vulnerability being exploited, you know, previously, or is it only just now that the compromises actually started?

Bradley Sing: We don't know. Do we like, uh, that's the, the, the obvious, um, I mean, so that's the, I guess the, the aspect of it being a zero day out there in the world? One thing I do find a little bit, I guess, all my strange, um, was disclosed to Microsoft on the fifth by one security firm, then a completely different security firms sort of out in the world, literally a day later. So from a timing perspective, it all does seem a little bit bizarre to me.

Garrett O'Hara: I mean, that's something that does happen in it happens in science, but it also happens in security. And I think quite often what it is, is that there's conversations happening between, you know, hardcore security people, you know, on Twitter publicly, but also in the background, you know, they've got Slack channels that, um, you know, folks like us just have no concept of. And I think what often is going on is that there's kind of thematic approaches to vulnerabilities and, and it's light go off in different people's heads based on, you know, articles they've read or other things. And then you see that, you know, almost w- weird coin- what it looks like a coincidence in the surface, but actually in the background, it's that, you know, there's being inches and, and sort of centimeters movements in terms of approaches and attacks.

And so we thinks this thing is a doable and then, you know, they, they kind of figure it out and yeah, weirdly looks like, "Hang on, dude, like two totally different people figure out the same ten-year-old vulnerability?" But actually, you know, it's based on your conversations and work, that's kind of happening in the backgrounds and... Yeah, the, the folks who I have a huge amount of respect for, um, when it comes to, you know, exploits, figuring this stuff out is just, you know, for me, mind-boggling sometimes.

Daniel McDermott: I guess the other thing that that then brings to mind for me is if this vulnerability has been exploited now, so you might patch it to stop it, but is it too late? Are you, are you compromised because you have the attacker inside your system now. Um, and so you may not allow anybody else in, um, but you know, are you, are you compromised in any way because, um, it's been open for, like you say, a couple of months that people, at least that people know about.

Garrett O'Hara: Yeah. My, like my thoughts on that is like potentially, um, but there's pretty good stuff you can do these days around sort of beacons or understanding the kind of signatures of network traffic. So if you've got reasonably good, um, IDS systems, um, you know, m- multiple telemetry that you could look at, okay, what do you know, what did we see in terms of activity and a little bit like the same in the solar wind stuff, when you think about it, you know, they get in, but there's mechanisms now to understand whether you've been breached, not based on, you know, network signature, uh, traffic, or, you know, looking at an end point or host detection where this things that will show up and, you know, um, you know, the, the light flashes or the alarm bell goes off. And, you know, in theory, you know, you might be able to understand that, uh, to...

I think Bradley said this already though, we, this is tin foil hat stuff, and potentially, you know, and I get that, but you know, when you see this stuff, the, the question that almost immediately Springs to mind is, "Okay, we can, this is public acknowledgement of zero day, but you know, what one, was there any state level stuff that was using this that just wasn't detected because they were, you know, maybe more stealthy or went after very specific targets rather than..." Like, here, here's a question and I don't know the answer, but if, if this was used very targeted, but for a couple of organizations, would we be having this conversation or is it only because you're talking about 60,000 organizations that have been breached.

Bradley Sing: In terms of, um, you know, potentially organizations, which, which is still vulnerable to this. Um, there's been a lot of talk about having network segregation and, you know, if you have a VPN and you don't have your OWA exposed to the internet, or you say from happ- happening, um, to a degree, yes, you're safe from the initial exploit, but there's also quite a few comments saying that if somehow, you know, an administrator managed to run a malicious file or it gained, you know, went into the network for another mechanism, it was a good chance that you could still be infected. So even if you're expose, if anybody listening out there, even if you don't expose your OWA to the open internet, I'd definitely recommend you run those patches and check for those ICS as well.

Daniel McDermott: Yeah. And I think that's a great way to maybe wrap up the conversation here is, is to just acknowledge the, um, the high alert that has been released by the Australian Cyber Security Centre. Um, you know, to make sure that everybody, you know, as much as possible are aware of this are aware of, um, the patching that is available and the steps to take around it as well. So, um, you know, and we've really seen that all the way from the Assistant Defence Minister, um, Andrew Hastie, sort of, you know, warning to take that immediate action now, um, and really trying to get Australian organizations across this and not let the vulnerability sort of persist, um, in the market and then continue to be an issue.

So, you know, and it's, it's a big deal, you know, with we're talking 7,000 plus Australian organizations that need to get across this, um, and, you know, making sure that they are, you know, patched remove any of those potential vulnerabilities, as you mentioned, guard that that may have been there.

Um, and really have, I guess, a sense of confidence to be able to move forward in terms of, um, in terms of their email and, and continuing to communicate effectively, um, with their customers and stakeholders across the market as well. So the next one, um, is always, you know, unfortunately to the, the, high sort of profile attacks that do occur, um, and one that's occurred recently, um, that has sort of, ag- again, I think touches on just, you know, always makes me feel a bit sick in the stomach regarding sort of who the cyber criminals do go after, but we saw the Oxfam breach and, um, obviously a very well-known charity, um, across the country.

Um, and, you know, getting into, you know, one, again, sort of a not-for-profit charity organization, um, and compromising them and then getting there, you know, the details of their, um, the people that, uh, donors. Um, so we certainly, um, have been in, have been, um, you know, contacted by Oxfam and, you know, as part of that list of, uh, of people whose, um, whose data may have been compromised as part of this, um, and, and therefore also, you know, you know, potentially who released for sale. Um, but it's, again, they're just always, uh, it's bewildering and, and upsetting as to, you know, the, the fact of who they do target. And it's a real shame to see, you know, such a high profile brand and such a, you know, but I guess, you know, they have lots of data, right?

1.7 million people, um, you know, on their, on their records. Um, I guess that's seen as a, as a rich source of data.

Bradley Sing: Yeah. I think the interesting thing about some of the others, there's a few things to unpack here. And first of all, I guess initially how it was found. So it was just posted online as database saying 1.7 million records for Oxfam Australia. Um, in terms of the, I guess the sensitive details like it does sound like to a large degree that went to many credit cards or kind of bank details, and potentially only details were, were kind of gathered as well. Um, uh, quite interestingly, if, if you go to the Oxfam website now, and they've got this whole kind of inbuilt response where you get, you get, apparently if you are part of the breach, you get like an SMS message, you go onto their website and you type in the SMS message, and it'll give you a customized message based on, I guess, potentially, you know, what your details were exploited.

So I don't think that's a terrible response when we consider, I guess, the breadth of it. And then with 1.8 million potential records, uh, th- there has to be, I guess, a degree of, you know, who do you triage first? Who do you reach out to? You know, who do you watch out for fraud and things like that?

Garrett O'Hara: Yeah, it's such a large number of records where my head goes in. This is every time I go to like, have I been pawned any of those sites? The like at this point is everybody's data, not somewhere like in some breach it's sort of being exposed. What worries me is that any organization that I went through this actually pretty recently with a fairly well-known Australian brand where to approve my identity and I'm not even kidding here. They asked me for a date of birth and they asked me for my address. And I suspect that would take about five seconds for anyone with intent to find and that that's a real worry. So I wonder, like, is there a bigger societal thing where we have to, we have to start moving away from insecure methods of kind of identity verification into stuff that's just more meaningful, you know, and I get the, you want it to be easy when you wanna make a change to something, you know, a service provider you're using or, um, telecommunications provider.

And like everybody wants it to be as easy as possible, but the cost there is the data is just so easily available. You're, you're not secure. And, um, you know, we had, we had said somebody speak in one of our events recently about how they couldn't afford a house. You know, they, they miss... Oh, sorry, they couldn't buy a house, right because they miss the ability to make a purchase based on identity theft and prices went up, you know, so there's huge impact to somebody's life based on the fact that ideas so easily, so easily, easily sto- um, stolen.

And it also heartbreaking like the idea that it's a not-for-profit and then charity, I mean, just like really, um, there's a huge amount of commercial and enterprise organizations out there that, um, also have this data. Um, yeah. I just hope it hope it doesn't break any trusts, but I suspect based on your comments, probably the, what sounds like a pretty rich, um, response activity from Oxfam, you know, that they've embraced it and not try to, I suppose, hide from it. Hopefully it's an opportunity for them to almost build trust in a way. And you know, the more people will kind of trust them as a brand and maybe make more donations to that, a hundred kilometer walk that I've heard so much about where people finish exhausted and dehydrated, but you know, full of beans because they managed to do it. So-

Bradley Sing: But I don't wanna confirm whether or not my details were preached in the recent Oxfam. Um, I guess you use, but I did start receiving recently targeted SMS messages, like smishing, where I haven't had it before it's actually said, "Hello, Bradley, can you please open this file?" So I assume somewhere in some breach, my name has been linked to my phone number somewhere.

Garrett O'Hara: Yeah. So easily, so easily done. Didn't you finish the a 100K walk. I feel like I've seen a photo of you sort of stumbling across the Oxfam finished line?

Bradley Sing: I did finish the a 100K, uh, Oxfam, uh, walk a few years ago. And for anyone listening, I strongly recommended, I think it's, uh, not running this year, but potentially the year after.

Daniel McDermott: I can confirm we were only a donor, I definitely didn't do the walk.

Garrett O'Hara: [laughs].

Bradley Sing: [laughs].

Daniel McDermott: So just supporting others along the way.

Garrett O'Hara: Um, yeah, I do think Oxfam have done a good job in their response. Um, yeah. And that, that personal level, like not being, doesn't seem like a credit card sort of breach and stuff. So you sort of feel, have some sense of, I guess, calmness around that. Um, but it is more around the fact of, you know, what does this mean longer term, right?

So like this is, you know, is this a sustained effort again, to compile a whole range of personal information that then becomes, you know, an identity theft issue over time? So it may not be from this alone or this per se, but, uh, it, I think it is that longer-term impact, which I think every individual has to consider. As you said, uh, we heard from Bennett Aaron, uh, recently, and his story around identity theft and what that meant and the impact on his life and how he's had to, I guess, overcome that.

Um, and how long it took to actually, you know, come back from, from that it took years, right. Um, to, to really get back established and overcome the impact that was, uh, had on him at that time. So, um, I think that that's, I guess the, the greater concern and for all of us going forward, what is the role of our identity? How do we, you know, when so much of the information is publicly available and accessible, um, what does that actually really mean and how do we start to take control of it? I think it's a big conversation that, um, I don't think many truly understand at this stage and then what that will look like and how do you actually take control of your own identity as you move forward is gonna be, I think a really interesting area.

Bradley Sing: Yeah, totally agree with you. And maybe one last point, I know no passwords were compromised and this one, but I'm going to say that friends, don't let friends not use password managers. You know, if you're not using one, get, get your m- mom, your dad, your f- brothers, sisters, your friends, cousins, get everybody using password managers.

Daniel McDermott: Great, great advice, you know, and, um, I think, you know, time doesn't go by at the moment, right. Without, uh, some sort of related COVID story and what's, what's going on. And, um, at the moment, uh, you know, we've started the vaccine rollout program. Um, and you know, and we've seen, you know, Australia off to what you have may say, a cautious start. Um, but looking to, you know, expand that role out fairly quickly and the government are looking to try to, I guess, help right in that process and make it make, take a proactive step in terms of being able to make the ability to get appointments and get the vaccine, and then sort of move the country forward in, in a fast, and I guess, um, you know, safe way, um, have appointed, uh, an, a company to create, um, that online booking system, um, for the vaccines.

Um, but Brad, uh, you've got some interesting insights on, um, and I guess the data appointment and, um, and, you know, I guess some of the underlying concerns from a security perspective that is start to add to, to highlight.

Bradley Sing: Yeah, it reminds me a lot, uh, I guess the beginning of COVID, we were talking a lot about the COVIDSafe app, the potential implications of privacy, you, you know, what that meant for us as individuals and, and how it could, you know, kind of help contribute to, to, I guess, the health crisis that we're facing, you know, save lives, um, and look at a national booking system is no different from that.

And I think in other countries already, we've seen great success where, you know, if there's, um, potentially, uh, elder elderly people who can't make their appointment potentially can get someone in a lower risk groups, they can still get their shot and you're not wasting vaccines. So I think ultimately it's a, it's a great thing, but the company that's been awarded the contract is one that some of our listeners may be familiar with, uh, an organization called HealthEngine.

Um, quite recently, in 2019, they suffered a 2.1... a2.9 million, ACCC, fine in relation to a few bad things they've done in the past. Um, I might just as well just kind of run through a couple of those, but based on the A- ACCC's report, um, HealthEngine admitted between 30th of April and 2014 and the 30th of June, 2018. It gave the nonclinical personal information of over 135,000 patients to private health insurance brokers without adequately disclosing that to this, to their consumers. Um, following that they made about $1.8 million from those arrangements during that time.

They also engaged in, they also engaged in the, um, the method of cleaning reviews online. So allegedly there was around 17,000 reviews, which were edited at around 3000 reviews, which remove, uh, which were negative reviews, which were removed. So there has been a bit of a public outcry on Twitter and a bit from the health community as well considering, you know, why would you just, why would you award this company the contract basis? And I guess there are recent, uh, failings.

Daniel McDermott: Yeah. It's, uh, it's like you say, like the, the sort of imperative to create this system and then the potential benefits of it. Right. And then what that means is, is obviously, you know, uh, first class than that, I guess it is, you know, sort of the due diligence of, you know, what does this create again, from a privacy point of view, um, you know, what sort of data is being collected? Um, who's gonna know what about us and then what sort of risk are we creating again, more in the longterm potentially, um, as we continue to give away more and more of our, our personal data and information, um, it's definitely seems to be a, a concern as to, I guess, those practices that they have in place as well.

Garrett O'Hara: Yeah. I, I think you're spot on, Dan. And I think that the thing is we need trust in these kind of larger systems. I think tackling any kind of healthcare issue. Like there's no way any single organization or a single state will get this done. You know, we've got people that can move between different states. We need collaboration. We need to trust that, you know, information that we supply is safe and secure and won't be either exposed or ex-filtrated, but also that it won't be on sold in a way that's not appropriate.

Um, yeah, I don't, I probably don't. That would be my only comments. So like, this is the time when we actually need absolutely trust in these kinds of platforms and these moves because we, we do need it population that's vaccinated, so we can get back to some sort of normality. And I think like my two senses, anything that gets in the way of that, that's not necessarily the best thing for Australia. Um, so yeah, hopefully, hopefully we're all good there and you know, that it goes well and it goes smoothly and, s- you know, there's no issues.

Bradley Sing: It, it does appear that, that the platform has been contracted to make ease independent from the HealthEngine platform. So it's going to be something solely just for booking. So hopefully there will be, you know, levels of transparency around it, but I think definitely one for us to, you know, keep- keep watchful of.

Daniel McDermott: Yeah. And I was going to say, Brad, and I think like, I guess bringing this to light, but I guess the positive, hopefully there's, this is that, you know, the extra scrutiny and that that's gonna be put on it to make sure that there is no vulnerability and that there, that the practices are absolutely first-class. Um, because as you said, Garr, you know, trust is the underlying fabric of all of this. Um, and if that starts to get eroded, um, you know, it impacts not only the vaccine rollout and what that means from a public health point of view.

Um, but it continues, you know, erodes trust in, in the government and what they're trying to achieve from a cybersecurity point of view, as well as obviously the health issue. So, um, so certainly we hope that, uh, you know, this puts a spotlight on it and ensures that all of the people involved, uh, you know, uh, how to account and really put through, I guess, you know, high degrees of scrutiny to ensure absolutely, you know, the best practices that are possible. Um, and you know, that everything does proceed, you know? Well, and that, uh, it does actually achieve the outcomes that we're all hoping for as well.

Garrett O'Hara: Yeah. Agreed. And you know, one of the other things we've, we've seen a little bit it's yeah. I'm actually spoke to some people this morning is around the vaccine related scams that are floating around and that's, you know, adding to the noise and that the hassle of all of this stuff is... Yeah some of the things that are coming through pretending to be HR departments and, you know, weirdly DHL delivery of a vaccine application form. And if you see things that are happening... [crosstalk 00:26:09].

Yeah, I know, yeah. That's, that's the thing, but, you know, to, to the point where we're at and, and Dan's coming through there, I think you said you were like the conservative role. I can't remember what your exact words were, but we're at a time where this stuff is critical and it's the last thing we need now is people getting scammed or, you know, something go wrong with the booking engine for, for vaccines. So yeah. Fingers crossed the next kind of month goes as well for, for all of us.

Daniel McDermott: Yeah, definitely. You know, it's funny, Garr, like it was what, March, April last year we saw an enormous spike in COVID related scams, right?

Garrett O'Hara: Mm-hmm [affirmative].

Daniel McDermott: You know, 60,000 websites being spun up in, in a couple of weeks, um-

Garrett O'Hara: Yep.

Daniel McDermott: ... period, um, you know, many fake videos of, of malicious intent, um, you know, lots of emails with, you know, um, information on COVID and, and before we knew a lot about it, right? At that sort of stage and everybody being hungry for that information. Um, history is repeating itself in many ways, right? Like the vaccine again, is it's something very new, um, you know, how the role is gonna be when you're available to be on the list, all of those types of things. People who, again, are hungry for information and wanting to understand that quickly to be able to sort of take action. Um, so when they feel like, you know, something's delivered, you know, as an SMS to their phone or in their email, that seems like a great way to get that information quickly, right?

Right. Um, so it's, again, a time, I guess, those extra caution needs to be applied from everybody at this time for these things and make sure that, you know, edits from trusted sources, um, that, you know, when it does, it's looking weird, it probably is for a reason, um, and sort of, you know, find the trusted source and make sure that, you know, we don't sort of, you know, fall victim to anything. Ha- 'cause again, the attackers have seen this as an opportunity or at this point in time that you know, that everyone is hungry for information feeling a bit vulnerable. Um, and, uh, and you know, again, they're looking to unfortunately exploited again during this period.

Garrett O'Hara: Yep. Definitely agree. They, they mean they ride the waves, right? That's the thing. They look at real world events and then they hook into those. We s- we saw [inaudible 00:28:05] you're, you're spot on with the, um, the early phases of COVID. We saw some of it with work from home or there, sorry, their return to office stuff, where there was a little bit of a, a spiker and that when that looked like that was going to happen and, you know, the vaccine there'll be other things. And there will be, I mean, let's be honest, there's no way we're gonna get away from the COVID stories for, [laughs]-

Daniel McDermott: [laughs].

Garrett O'Hara: ... for a little while. Um, but yeah, I mean, I suspect there will be, there'll be more, they will, they will use the next big events that's COVID related and, and we'll see more scams around that.

Daniel McDermott: You're about that. Well, uh, on that note, I think, uh, we've covered the big issues of, of today that's for sure with the, uh, Microsoft Exchange breach, um, the Oxfam breach, um, and then obviously the, the vaccine, uh, appointment booking rollout as well. So, um, and, and all of the potential scams going on with the vaccine roll out as well.

So thanks Garr. Thanks Brad, again for your time. And, um, we look forward to, uh, talking to you all again in, in a couple of weeks, um, with the next round of, uh, of news from cybersecurity in Australia and New Zealand.


Principal Technical Consultant

Garrett O’Hara is the Principal Technical Consultant at Mimecast having joined in 2015 with the opening of the Sydney office, leading the growth and development of the local team. With over 20 years of experience across development, UI/UX, technology communication, training development and mentoring, Garrett now works to help organisations understand and manage their cyber resilience strategies. When not talking about the cyber security landscape, data assurance approaches and business continuity Garrett can be found running, surfing or enjoying the many bars and eateries of Sydney's Northern Beaches.

User Name
Garrett O'Hara