The week in security: North Korea’s hackers are playing games – and you should be too

A buried government review found that users are deeply unsatisfied with the outcomes of complaints lodged with the Australian Cybercrime Online Reporting Network (ACORN), as an academic shared with the audience at the recent AISA Australian Cyber Conference.

The well-attended event was a focal point in the national cybersecurity agenda, with sessions spanning the gamut of security issues.

Deakin University shared its journey to multi-factor authentication, for example, while a cryptocurrency expert traced the evolution of regulation in the highly-targeted Japanese market.

Cybersecurity experts shared their journeys in work such as hunting for phishing kits, while panels addressed issues such as the growing role of women in cybersecurity.

An expert in North Korea’s low-and-slow cybercriminal activities warned that much of that “low-level” activity is going on behind the scenes and under the radar, with gaming and other consumer-level platforms often targeted.

Also on the attacks front, figures suggested that the UK National Cyber Security Centre is stopping more than 10 cyber threats against the UK every week.

US-CERT was warning that attackers could take control of devices affected by a host of software flaws in Cisco equipment.

All of these warnings lend more weight to suggestions that companies should be running cyber wargames more frequently to test and refine their internal response to cyber attack – and figures suggesting that most companies are woefully deficient in this area.

Github has taken a more progressive stance to warning developers about bugs like the ones used in the recent massive Equifax breach.

Speaking of exploitable weaknesses: the TLS 1.0 and 1.1 protocols are in their last days, with major browser makers announcing they will phase out support for the now deprecated protocols by 2020.

This, as Google launched Chrome 70 with support for fingerprint logins and a host of security fixes.