Your All-in-One AI-Powered Toolkit for Academic Success.

+13062052269

info@desklib.com

Available 24*7 on WhatsApp / Email

Company

Tools

Support

Malicious Cyber Activities and Security Defences

Verified

Added on 2023/01/05

AI Summary

This report discusses the types of malicious cyber activities identified by ACSC, categorizes assets, prioritizes threats, and analyzes fundamental security principles with recommended mitigations. It covers topics such as SMS phishing, phishing emails, money laundering scams, identity theft, and more. The report also emphasizes the importance of layering, limiting access, diversity, obscurity, and simplicity in implementing security defences.

Contribute Materials

Your contribution can guide someone’s learning journey. Share your documents today.

Assessment 1

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

Table of Contents
INTRODUCTION...........................................................................................................................2
TASK 1............................................................................................................................................2
1. Identify and examine all types of the malicious cyber activities identified by ACSC and
summarize them in a table......................................................................................................2
2. Identification and categories assets, including all elements of an organisation’s system. .5
3. Create table to identifying and prioritising threats against each type of assets identified. 6
4. Analyse fundamental security principles with the mitigation strategies proposed by the
ACSC and demonstrate each recommended mitigation in relation to fundamental security
principle with justification......................................................................................................8
CONCLUSION..............................................................................................................................10
REFERENCES..............................................................................................................................11

INTRODUCTION
Internet is a global system which interconnects the computer network by using the
Internet Protocol Site so that communication can be made between device and network. The
technology era has made the individual dependent on the internet for all includes which have
severe consequences on the other side which is referred to as the cyber crimes. These have
gained a rapid increase in the last few years where people and organisations are subject to cyber
criminals. Cyber crimes refer to the activity which is criminal in nature where computer, c
network device and computer network is targeted by the individual or the organisations in order
to make money (Shah Jones and Choudrie, 2019). During the covid 19 time, this era is no more
an exceptional for these cyber crimes, rather there has been a rapid increase during this time.
This report shall cover the malicious cyber activities, identification and categories assets,
prioritising threats against each asset and the security defences based on fundamental security
principles and its analysis together with recommended mitigations.
TASK 1
1. Identify and examine all types of the malicious cyber activities identified by ACSC and
summarize them in a table
The malicious cyber activity is referred to as the activity that seeks to impair or
compromise the confidentiality, availability of information, integrity, communication or
information systems, virtual or physical infrastructure, networks that are controlled by the
computer (Siddiqui, Yadav and Husain, 2018). These are the external threats that infiltrate the
system with an aim to steal the information or damaging the software or hardware.
From the early 2020, March, there have been a major increase in malicious cyber crimes
in Australia as identified by the Australian Competition and Consumer Commission (ACCC) and
Australian Cyber Security Centre (ACSC). The following malicious cyber activities have been
spreading in the past few months from the time of Covid 19 which are discussed below-
Cyber crime Description Impact What was done?
SMS Phishing It is an act which
involves text message
which tries to fraud the
This attack ask the
user to redirect them
to a website which
The Australia Cyber
Security Centra
reached six

victim in revealing its
account information or
installation of malware.
The text message usually
includes the link of fake
website which looks like
legitimate site in order to
ask the recipient to enter
their financial or personal
information.
may appear to look
like government
website in order to
make it look like
legitimate but is a
fraud in an attempt to
take information of the
recipient.
telecommunication
companies including
Microsoft and
Google to block the
websites.
Phishing emails This is a most common
form of cyber attack
which involves an
attempt to steal the
personal and sensitive
information of the people
through emails. It is a
mass attack rather than
targeted (Warren and
Manuel, 2020).
These phishing emails
contain attachments or
word document which
has virus embedded in
them in order
download the
malicious soft ware in
the android phones of
recipients to spy on
them or take their
personal information.
The ACCC warned
the citizens of
Australia regarding
these phishing emails
to immediately delete
those emails and do
not open the
attachments.
Money laundering
(Work from home
scam)
This scam includes an
invitation to the people to
contribute money in
donations to support any
social service. It also
includes scams where
people receive the
invitation to transfer the
money from one
These scam contains
attachments which ask
the users to contribute
money in Covid Relief
fund so that donations
can be made in the
name of Covid 19
support service.
The ACCC has
warned the people
working from home
to avoid such emails
and attachment which
ask voluntary or
employee donations.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

company to another with
an advantage of flat fee
or percentage
commission while
transferring the money.
This is money laundering
Identity theft/ Fraud
emails
This cyber crime
involves the attacker to
obtain financial or
personal information of
the people so that their
identity can be used to
commit frauds for
unauthorised transactions
(Wirth, 2020).
The attackers design
the fake employment
advertisements in
order to steal their
information for other
malicious purpose. It
ask the user to provide
passport or driver
licence to validate
their application so
that themed job scams
or identity theft can be
committed.
The ASCA has asked
people to verify the
advertisement before
entering any details
so that this crime can
be prevented.
2. Identification and categories assets, including all elements of an organisation’s system
Organisations can focus on applying the information security risk assessments
methodologies so that they can systematically indentified the information assets and the
security risk that is related to it. In this it is very essential to indentify and categories assets
so that risk can be easily identified so that firm will effectively focus on reducing it
appropriately. In this it explains the identification and categories assets that can be shown
below:
 People- It is one of the elements of organisation system in which it is to be
identified that there is a high threat for money laundering that is denoted as risk
assets. In this assets related to paper document is also high where there is high risk
of cyber crime because they are not stored in a fire proof cabinet. In this there is no

backup if the document. it is quite complicated but at the same time it simplifies the
person work(Kharb, 2017).
 Procedures- It is another organisational system which may affect the asset of the
cyber crime. In this the procedures related to maintaining the employee satisfaction
within company is affected. Within Australia many employees facing the scam of
fraud payments on behalf of company policy. due to locked down employees are
working from home and at time they get the fraud emails which hack the worker
accounts. For this company provide the training and guidance for their people so
that it is to be reduced. In this firm will review their business continuity plans and
procedures.
 Data and information- This is one of the effective organisation systems of the
company as it involves the data and information regarding the customers, suppliers
and many other stakeholders. When the people are doing work from home
 Software and hardware- Due to COVID-19, payment can be assist in the people
account for their work at tat time they can trap into the fraud. in this ACCC warned
the Australian for saving them phishing mail. It is occur due to malicious software
onto their professional device(Collins, 2020).
 Networking- In developing the network by the organisation for their growth and
success firm will face the major threats that are fraud related to financial risk. In
this company can give the rights to create networking by donating the money for
social service. At this they face the threats of money laundering, SMS phishing etc.
3. Create table to identifying and prioritising threats against each type of assets identified
A threat refers to the artificial circumstances or a natural impact that can place a huge
impact on the assets of the organisation. For example- A cybercriminal is one of the major
issues that deliver malware. As a software is specifically designed for their to damage, gain
unauthorized to personal computers of the user that can phishing mails that trace the
customer information database in an unauthorised way. This report is focusing on
exploiting the organisation system by assets, vulnerability and risk. In these employees of
the company if opens the phishing link that they can downloads the malicious link in this
they find vulnerabilities to exploit.
Assets Threats

People It is first on the priority list in which people will face the
issue if identity risk in which cyber crime is included where
the attacker can get the information regarding financial
resources and also personal information which may affect
their working majorly. In this people can trap into the fraud
related to collecting money for social service but they do not
understands they loose their money from their accounts(Al
Halaseh and Alqatawna, 2016).
Data and information It is secondly prioritising assets in which major threat is
based on digital document in which there is no back up plan
of the document which is the potential loss of availability
that is majorly denoted as disk failure. In this the firm will
majorly face the virus issue which affect the data and
information of the company in an negative way. For this
company will update the anti virus program majorly in this
pandemic situation so that loss can be less.
Networking It is the third on priority list where the system administrators
the assets. In this unavailability of the person vulnerabilities
is occur where there is no placement for this position. At the
time of developing network frequent errors are occurs due to
lack of training and capabilities of handling the issues.
(Mikolai, 2020)
Software and hardware It is the last on the priority list in which phishing e-mails
containing malicious attachments in which person get the
phishing e-mails that are malicious the word document. in
this employee get the mail from the fraud site and of they
open the link from that site than the receiver device can be
display it will depicts the hacking of software and hardware
devise..(Radev, 2019)
Procedures It is the last type prioritising asset that are procedures that

Secure Best Marks with AI Grader

Need help grading? Try our AI Grader for instant feedback on your assignments.

💎 Get Pro

placing the threat of unauthorized access in which procedures
are not locked into the one cabinet that are beneficial for the
company sustainability. In this Australian employees can
facing the scam in procedures of payment. in this leaking the
financial information is done by clicking the link of the
payment there bank account payment can be transfer to the
fraud account.
4. Analyse fundamental security principles with the mitigation strategies proposed by the ACSC
and demonstrate each recommended mitigation in relation to fundamental security
principle with justification.
In order to prevent the malicious cyber activities, multiple security defences are available
to withstand the attacker which are based on five fundamental security principles which
includes-
 Layering- It means that the information security must be clear which shall be created in
the layers so that it becomes difficult for attacker to break each layer of defences. It helps
in resisting the attacker.
 Limiting- It refers to provide limited access to the information which results in reducing
the threat. The information must be provided to the user who has access to it.
 Diversity- It means that the layers for information must be different so that if the attacker
breaks one layer it cannot use the same technique to break the other layer.
 Obscurity- It refers to obscuring the information so that information can be protected as
the attacker does not know about the type of computer, soft ware, operating system, etc.
 Simplicity- It means that the security system must be simple for those people who have
to use and understand it. Complex system may make the work of trusted users
complicated (Shanleyand et. al., 2020).
Relation of mitigation strategies with fundamental security principle-
 Layering- The mitigation strategy under this principle is to use those SMS, emails or
social media accounts that provide message or spam scanning so that information on
these sources are safe. Layering ensures that information is break into layers so that
attacker cannot access to full information in one go. So these scanners will help in

identifying the attackers and from the perspective of attacker, it will enable him to break
each layer before accessing the information.
 Limiting- The mitigation strategy under this principle is to not provide the personal
information to the unverified sources so that limited information is shared at verified
sources and do not provide remote access of any link to the computer. This makes the
user aware of sharing only legitimate information to the verified sources so that the risk
of misusing is eliminated or prevented. By limited sharing of information, the attacker
cannot access to the complete information of the user and this will help the recipient to
eliminate the risk of cyber attack.
 Diversity- The mitigation strategy under this principle is to use the two factor
authentication on all the essential services like bank, emails or social media accounts so
that the identity can be made stronger and there will be diversed layer of protection like
SMS and email verification before accessing the information. This will unable the
attacker to get access of all information in one go rather diversed protection will help the
recipient in protecting its information.
 Obscurity- The mitigation strategy under this principle shall be to not click on the links
provided in SMS or emails rather hover the mouse on link to its legitimacy. Without
clicking on the link, the user cannot fund the source of user or type of computer or soft
ware used by it so there are very less chances of attacking the user and committing cyber
crime against it (Lin and et. al., 2018).
 Simplicity- The mitigation strategy under this principle is that the soft wares used by the
users must be simple enough to make the trusted user to easily access them. For instance
the user must use such sources like mobile application, social media page or website to
verify the message in simple form so that it can easily see whether it is a scam or not.
CONCLUSION
It is concluded from the above report that there has been a major rise in the cyber crimes
during the Covid 19 time where the attackers got an opportunity to conduct malicious cyber
crimes. The crimes like SMS phishing, email phishing, money laundering, identity theft have
seen the major increase where the people have become more conscious in sharing their
information or connecting to the internet. The era of technology has made people dependent on
internet which is being misused by these attackers in order to make money or defraud the users.

The fundamental security principles helps in securing the information. The mitigation strategies
proposed by ACSC has been effective enough for the users to prevent themselves from becoming
victims of these crimes. Further the identification of assets has helped the people in prioritising
their threats against these assets so that cyber crimes can be prevented.

Paraphrase This Document

Need a fresh take? Get an instant paraphrase of this document with our AI Paraphraser

💎 Try AI Paraphraser

REFERENCES
Books and Journals
Al Halaseh, R. and Alqatawna, J.F., 2016, August. Analyzing cybercrimes strategies: The case
of phishing attack. In 2016 Cybersecurity and Cyberforensics Conference (CCC) (pp.
82-88). IEEE.
Collins, G., 2020. Cyber security: Don't let cyber criminals capitalise on covid-19 chaos-tips for
working from home. LSJ: Law Society of NSW Journal. (69). p.82.
Kharb, L., 2017. Cyber Crimes Becoming Threat to Cyber Security. International Journal of
Engineering and Management Research (IJEMR). 7(2). pp.48-51.
Lin and et. al., 2018. Security and privacy for the internet of drones: Challenges and
solutions. IEEE Communications Magazine. 56(1). pp.64-69.
Mikolai, E.R., 2020. Cybercriminals Exploitation of the Coronavirus Pandemic (Doctoral
dissertation, Utica College).
Radev, G., 2019. Cyber Threats for Modern Economy. In Proceedings of International
Conference on Application of Information and Communication Technology and
Statistics in Economy and Education (ICAICTSEE) (pp. 192-197). International
Conference on Application of Information and Communication Technology and
Statistics and Economy and Education (ICAICTSEE).
Shah, M.H., Jones, P. and Choudrie, J., 2019. Cybercrimes prevention: promising organisational
practices. Information Technology & People.
Shanleyand et. al., 2020, July. Australian Attitudes Towards Privacy of Information: Will
COVID-19 Make a Difference?. In International Symposium on Human Aspects of
Information Security and Assurance (pp. 3-15). Springer, Cham.
Siddiqui, M.Z., Yadav, S. and Husain, M.S., 2018. Application of artificial intelligence in
fighting against cyber crimes: A REVIEW. International Journal of Advanced Research
in Computer Science. 9(Special Issue 2). p.118.
Warren, M. and Manuel, D., 2020. The Australian cyber security skills and jobs: NSW study.
Wirth, A., 2020. Cyberinsights: COVID-19 and what it means for cybersecurity. Biomedical
instrumentation & technology. 54(3). pp.216-219.

1 out of 11

+13062052269

info@desklib.com

Malicious Cyber Activities and Security Defences

Contribute Materials

Secure Best Marks with AI Grader

Paraphrase This Document

Secure Best Marks with AI Grader

Paraphrase This Document

Related Documents

IS Security and Risk Management

Threats Faced by Australian Health Sector Organizations

IS Security and Risk Management

How to Recognize and Avoid Cybercrime in Australia

Cybersecurity Risk Assessment and Investment

The Assignment on Information Security