Eliana Willis

Image: Getty Images
South Korean telco KT has said its network outage on Monday was caused by an internal router issue, backtracking on its initial claim that the incident was caused by a large-scale distributed denial-of-service (DDoS) attack.In a statement, the telco said it initially suspected a DDoS attack due to traffic overload but after it scrutinised the matter it found that the cause was a routing error.KT added it would cooperate with the government to investigate the precise cause.The telco is yet to announce what caused the routing error in the first place and how this led to the outage, which is expected to be announced at a later date.KT’s nationwide network suffered an outage on Monday for around 40 minutes at around 11am local time. The telco’s subscribers were unable to use their credit cards, trade stocks, or access apps, while some large commercial websites were also shut down during that period.South Korean police, which is also investigating the matter, said it could not find any circumstances to indicate that there was an external cyber attack in its initial investigations.

Meanwhile, the Ministry of Science and ICT is still conducting its own investigations on the matter. The ministry has ordered KT to investigate the extent of the damage caused to customers by the outage.RELATED COVERAGE More

Image: Getty Images
The Department of Home Affairs is in talks with the telecommunications industry to provide more powers to telcos for blocking spam and malicious content.”We are in discussion with the telcos that provide your services … under the Telecommunications Act, section 313, there might be a possibility for the telcos to act as an authorised blocking agent — that is to say, it’s unwanted, I don’t want this to come to my computer, I don’t want this to come to my phone. It’s malicious,” Home Affairs secretary Mike Pezzullo told Senate Estimates on Monday evening.Pezzullo noted that more work needed to be done in this area, however, as it is currently unclear whether the Telecommunications Act deems providing a link to be an offence or whether the offence is actually the subsequent action taken by a criminal actor of taking advantage of a victim after they’ve clicked on a malicious link.”There are some complexities here because it has to be a nexus to an offence. So scamming, click this link, may itself not be an offence, in which case, our advice to government in due course might well be that legislative changes are required. But the act of clicking might create a nexus to an offence, that offence might be identity, theft, fraud, etc,” Pezzullo said.Marc Ablong, Home Affairs deputy secretary of National Resilience and Cybersecurity, analogised this “complexity” to how a mail service provider such as Australia Post would not be responsible for disposing the contents of a letter if it were dangerous.”If there was something criminal in [a letter], you wouldn’t go after Australia Post … nor would you ask Australia Post to block the letter. And so, the nature of the conversations that we’re having with the telco sector at the moment is: Do they have sufficient information at scale to be able to block the whole class of these spam messages? Or would they need to report each and every one that came in?” Ablong explained.Ablong added that part of Home Affair’s discussions with telcos about blocking malicious SMS messages have been focused on how best to define the attributes of an SMS message in a way that only blocks malicious messages, while still allowing normal SMS messages to be passed through.

The explanation of the potential expanded blocking measures followed the theme of yesterday’s Senate Estimates, at least for the Department of Home Affairs and federal law enforcement authorities, with Pezzullo saying they would all be “more aggressive” in addressing cyber threats moving forward.”We’re going hunting. We’re using offensive capabilities,” he said. “The AFP is very actively engaged with international colleagues to go after the gangs that, don’t only engage in ransomware — time’s up for them — but also other forms of identity theft, phishing, and so on and so forth.” In Pezzullo’s opening statement at Senate Estimates, he said Home Affairs was becoming increasingly concerned about the potential for adversaries to preposition malicious code in critical infrastructure, particularly in areas such as telecommunications and energy. “Such cyber-enabled activities could be used to damage critical networks in the future. The increasingly interconnected nature of Australia’s critical infrastructure exposes vulnerabilities which, if targeted, could result in significant consequences for our economy, security, and sovereignty,” he said. Earlier on Monday, AFP commissioner Reece Kershaw share a similar sentiment at Senate Estimates, saying the federal police has been implementing a new cyber offensive arm, which has entailed talking with the Five Eyes alliance about the growth of cyberthreats.”At the moment, we’re actually going through an internal review of how we can be more aggressive in cyber, and it may mean a mini restructure internally for us to really have what we would call a cyber offensive operation of the AFP, which would actually conduct disruption operations on these individuals,” he said.Throughout his testimony at Senate Estimates, Kershaw explained that the powers given to the AFP through the Surveillance Legislation Amendment (Identify and Disrupt) Act 2021, which passed earlier this year, would allow its cyber offensive capabilities to increase across various fronts, from countering child abuse, to spam, to terrorism.Pezzullo’s declaration follows his department launching a national ransomware action plan earlier this month. The major focus for that plan is to create new laws and tougher penalties for people who use ransomware to conduct cyber extortion. The federal government last week also amended the Security Legislation Amendment (Critical Infrastructure) Bill 2020, which is currently under consideration in Parliament, as part of efforts to expedite the process for it to become law. That Bill is seeking to create mandatory reporting requirements for organisations that suffer a cyber attack and provide government with “last resort” powers that allow it to direct an entity to gather information, undertake an action, or authorise the ASD to intervene against cyber attacks.  When asked by Senator and Shadow Minister for Home Affairs Kristina Keneally how the development of these capabilities have progressed, he said he expected the policy work to be completed by “this side of Christmas”. Kenneally and Shadow Assistant Minister Tim Watts the next morning said the lack of concrete details meant the federal government was “all announcement, no action”.”Three months after Home Affairs Minister Karen Andrews declared that ‘Time’s Up’ for ransomware gangs, Senate Estimates has confirmed the government has committed no new funding, has initiated no new law enforcement action, and will pass no new legislation in the Parliament before Christmas,” the Labor politicians said in a statement. Related Coverage More

The New South Wales government has established a dedicated unit that will provide support for citizens who have had their personal information or government proof of identity credentials stolen or fraudulently obtained.The new unit, known as IDSupport NSW, will become the single point of call for citizens who have had their identity stolen. It will work with other NSW government departments and Australia and New Zealand’s national identity and cyber support service, IDCare, to mitigate the risk of stolen personal information being used for identity crimes and replace compromised identity documents where appropriate.”IDSupport NSW will for the first time provide a single point-of-contact for citizens who have had their identity compromised, while ensuring we have a coordinated end-to-end privacy incident response service in NSW Government,” Minister for Digital and Customer Service Victor Dominello said.”The unit will remove the burden from customers who need to replace identification documents, improving their experience at what we know can be a difficult time.”The state government added IDSupport NSW would also provide citizens with options for additional support, such as counselling services, and deliver education and awareness campaigns about personal cybersecurity and identity resilience together with Cyber Security NSW and other government agencies.The Department of Customer Service is now recruiting experts to join IDSupport NSW, which is due to be launched early next year. The launch of IDSupport NSW forms part of the NSW government’s identity strategy [PDF] and follows on from recommendations made by the Parliamentary Inquiry into Cyber Security released earlier this year.

Back in 2019, the NSW government’s Cyber Security NSW arm established IDCare Identity Recovery Service to help state government customers whose identities are compromised due to a “cyber incident”.The service, at the time, was only available for up to 500 individual referrals by NSW government departments and agencies to IDCare.Related Coverage More

Representatives from the Australian Transaction Reports and Analysis Centre (Austrac) on Monday said far-right extremists were increasingly using online platforms, such as Telegram and cryptocurrency exchange platforms, to fund their operations. But due to Austrac’s remit only being financing activity within Australia’s banking system, the agency’s CEO said its scope for catching financing of terrorism activities could often be limited. “That’s why we rely so heavily on the banks if it’s going to the banking system, but of course, much of this doesn’t go through the banking system so that’s why we’re [trying to] enhance our capability,” Austrac CEO Nicole Rose said at Senate Estimates. In terms of what Austrac can do when it comes to restricting prominent far-right extremists from fundraising through those digital channels, Rose said the agency can work with partner agencies to help identify these payments. “We provide intelligence on targets that we may create ourselves or the police may actually ask us national security agencies asked us to provide intelligence,” Rose said. Austrac deputy CEO John Moss added the agency was working with digital currency exchange providers to build indicators and financial crime guides that can be used to detect suspicious matter reports and send those to government, which can then be shared with governments outside of Australia. Identifying these payments is difficult though, with Moss explaining at Senate Estimates that terrorism financing through these digital channels are often in the form of small payments, which are hard to detect.

Last month, one of the country’s largest fintech industry bodies Fintech Australia said Austrac had too heavy of a burden in its fight against money laundering and counter terrorism. The fintech industry body said Austrac has struggled to respond to and rely upon various regulatory reports it receives to deal with money laundering and terrorism financing due to resourcing and technology budgeting reasons. Meanwhile, Australian Security Intelligence Organisation director-general Mike Burgess said current trends indicate that espionage and foreign interference would supplant terrorism as Australia’s principal security concern, despite terrorism continuing to remain as a key threat. “On a daily basis, multiple countries are making multiple attempts to conduct espionage and foreign interference against Australia,” Burgess said in his opening statement at Senate Estimates.”These attempts are sophisticated and wide-ranging. They are enabled and accelerated by technology.”Such cyber-enabled activities could be used to damage critical networks and infrastructure in the future, especially in times of increased tensions.”Concurring with the findings made by Austrac that online platforms have helped spur the rise of far-right extremism, Burgess said almost half of the agency’s domestic onshore counter-terrorism caseload was focused on far-right extremism. “People being online have potentially been subject to information that has helped put them up a path of radicalisation,” he said.”Obviously with lockdowns, they don’t benefit from the social interactions that tend to normalise what people get through their online interactions.”Related Coverage More

BillQuick has said a short-term patch will be released addressing some of the vulnerabilities identified this weekend by cybersecurity firm Huntress. In a blog post on Friday, Huntress security researcher Caleb Stewart said the company’s ThreatOps team “discovered a critical vulnerability in multiple versions of BillQuick Web Suite, a time and billing system from BQE Software.” “Hackers were able to successfully exploit CVE-2021-42258 — using it to gain initial access to a US engineering company — and deploy ransomware across the victim’s network. Considering BQE’s self-proclaimed user base of 400,000 users worldwide, a malicious campaign targeting their customer base is concerning,” Stewart said. “This incident highlights a repeating pattern plaguing SMB software: well-established vendors are doing very little to proactively secure their applications and subject their unwitting customers to significant liability when sensitive data is inevitably leaked and/or ransomed.”Huntress also found eight other vulnerabilities: CVE-2021-42344, CVE-2021-42345, CVE-2021-42346, CVE-2021-42571, CVE-2021-42572, CVE-2021-42573, CVE-2021-42741, CVE-2021-42742.In a statement to ZDNet, BQE Software said their engineering team is aware of the issues with BillQuick Web Suite, which customers use to host BillQuick, and said that vulnerability has been patched. “Huntress also identified additional vulnerabilities, which we have been actively investigating. We expect a short-term patch to the BQE Web Suite vulnerabilities to be in place by the end of the day on 10/26/2021 along with a firm timeline on when a full fix will be implemented,” the spokesperson added. 

“The issue with BQE Web Suite affects fewer than 10% of our customers; we will be proactively communicating to each of them the existence of these issues, when they can expect the issues to be resolved, and what steps they can take in the interim to minimize their exposure.”Huntress explained how they were able to recreate the SQL injection-based attack, which they showed can be used to access customers’ BillQuick data and run malicious commands on their on-premises Windows servers.Huntress said it worked with BQE Software on the issue and commended the company for being responsive while also taking the issues seriously.But the blog post notes that the bug could easily be triggered by “simply navigating to the login page and entering a single quote (`’`).””Further, the error handlers for this page display a full traceback, which could contain sensitive information about the server-side code,” Stewart wrote. CVE-2021-42258 was patched by BQE Software on October 7 in WebSuite 2021 version 22.0.9.1. But the eight other issues still need patches. Stewart told BleepingComputer that unnamed hackers used CVE-2021-42258 as an entry point into the US engineering company as part of a ransomware attack that took place over the Columbus Day weekend. The news outlet reported that the ransomware group did not leave a ransom note and did not have a readily identifiable name. More

Cybersecurity schools train ethical hackers and information security analysts. A cybersecurity degree can help learners launch careers in this high-demand, lucrative field.Degree-seekers study cybersecurity at the undergraduate and graduate levels. Each degree prepares graduates for specific career paths. 
Associate degree in cybersecurity: A two-year associate degree introduces learners to fundamental concepts in cybersecurity. Students build core skills and pursue entry-level tech careers.Bachelor’s degree in cybersecurity: A four-year bachelor’s degree strengthens key skills like intrusion detection and security incident response. Majors take computer science, programming, and information security courses. The degree meets the requirements for careers such as information security analyst.Master’s degree in cybersecurity: A two-year master’s program provides advanced technical and leadership skills. Graduate students learn to create and implement information security plans. The degree leads to supervisory and leadership roles.Doctoral degree in cybersecurity: A doctorate in cybersecurity typically takes 3-5 years and builds advanced research skills. After completing coursework and a dissertation, graduates pursue careers in research and academia.Our guide walks through what you need to know before enrolling in a cybersecurity program.What to expect in a cybersecurity programCybersecurity degree programs emphasize the theoretical and practical skills necessary for careers in tech. Degree-seekers complete coursework in computer programming, networking technology, and information security. Many cybersecurity programs incorporate experiential learning opportunities such as projects, practicums, and internships. While cybersecurity programs build technical skills, they also emphasize important people skills. The ability to solve problems, pay attention to details, and work effectively on a team help professionals in the cybersecurity field.
People skills taught in cybersecurity programsProblem-solvingAttention to detailCollaboration and teamworkCommunication skillsTime management

Hard skills taught in cybersecurity programsSecurity incident responseComputer programmingIntrusion detectionMalware preventionSecurity information and event managementCybersecurity degree coursesCybersecurity students learn fundamental principles and programming languages early in their education. As they gain more advanced skills, they study concepts like ethical hacking and vulnerability assessment. Below are a few classes commonly required in cybersecurity programs.Certified ethical hackingEthical hackers, also known as white hat hackers, test a system’s security procedures to improve them. In ethical hacking courses, learners explore penetration testing and ethical hacking techniques. They also learn how to implement security measures. The course prepares learners for the Certified Ethical Hacker certification.Networking conceptsDiverse organizations rely on networks to connect their systems, interact with customers, and store and retrieve data. In networking concepts courses, learners explore common network configurations, network security, and vulnerabilities in computer networks. The course prepares learners for cybersecurity roles requiring strong networking skills.Principles of programming languagesLike many other tech fields, cybersecurity jobs require programming skills. Courses in programming introduce learners to important programming languages and key concepts in computer programming. Theory-oriented courses cover topics like syntax, memory management, and control structures. Python programmingMany cybersecurity professionals use Python as their primary coding language. During an undergraduate cybersecurity program, learners build fluency in Python through project-based assignments and lessons. The course introduces students to Python tools and the language’s applications in information assurance.Vulnerability assessmentCybersecurity professionals identify threats and system vulnerabilities. This course trains students to assess an organization’s information security vulnerabilities. Students conduct penetration testing, evaluate infrastructure, and recommend improvements to the security system. The class prepares students for careers as cybersecurity analysts and consultants.Cybersecurity degree jobsCybersecurity schools prepare learners for many top-paying tech careers. For example, as of May 2020, information security analysts earned a median annual salary of $103,590.The field also reports much faster than average projected job growth. While entry-level roles often offer starting salaries around $60,000 per year, top-paid information security analysts earn over $163,000 annually.Many of the best careers with a cybersecurity degree offer advancement opportunities and above-average salaries.
Is cybersecurity a good degree?

A cybersecurity degree builds the knowledge and skills for in-demand careers. For example, information security analysts earn a median salary of $103,590 per year. The computer and IT field reports job growth above the national average for all occupations.

What do people with a cybersecurity degree do?

Cybersecurity schools train graduates for careers in IT security, information assurance, penetration testing, and security architecture.

How much schooling do you need for cybersecurity?

Most cybersecurity jobs require at least a bachelor’s degree in computer science, cybersecurity, or a related field. Professionals with cybersecurity training outside of a degree-granting program can also work in cybersecurity. 

This article was reviewed by Brian NicholsBorn and raised in upstate New York, Brian Nichols began his IT education through a vocational high school where he focused on computer science, IT fundamentals, and networking. Brian then went to his local community college and earned his associate of science in computer information science. He then received his bachelor of science in applied networking and system administration from a private college. Brian now lives in Kansas City, Kansas, where he works full-time as a DevOps engineer. Brian is also a part-time instructor in cybersecurity. He’s passionate about cybersecurity and helping students succeed. Brian Nichols is a paid member of the Red Ventures Education freelance review network. 

ZDNet Recommends More