Cyber Vigilance Update

Today’s Connection

Cyber Engage Update - 15/03/2023 (#22)

Office Alert

TikTok or Not?

Why the App's Clock Is Running Out.

On the last day of February, the White House sent out an order to US federal agencies announcing that TikTok must be removed from government devices within 30 days.

The TikTok ban includes any app made by parent company Bytedance, though its other products are relatively rarely used outside of China.

It was also announced that the ban extends to government contractors, though this aspect will be implemented over a longer period. Agencies must add language that forbids the use of the app over the next 90 days, and must cancel any contracts in which the partner is not able to stop using the app. In 120 days vendors that continue to use TikTok will no longer be able to solicit.

These actions arise from concerns about both the possibility of sensitive information finding its way to servers in China (where the government would then have easy access to it), and the possibility of TikTok being used by the Chinese government as a propaganda channel.

The TikTok ban bill has appeared to spark several similar pieces of legislation around the world. The EU and Canada have issued similar bans for government devices that are going active at about the same time, and Taiwan issued a ban on it from the entire public sector in December.

Chinese intelligence tactics are fuelled by the sustained collection of user data such as commerce and purchasing information, combined with biometrics and activity tracking, feeds detailed intelligence to be used in operations with longer term objectives. Such data can deliver targeted, timely psychological operations against individuals or groups of citizens. This has been seen this during recent election cycles and politically charged events in recent years.

While the TikTok bans thus far largely focus on government devices, some state bans that have been enacted that also require state schools to block the app from their campus networks and WiFi.

What can you do?

From a local perspective there are already discussions in Government circles about similar legislation being applied in Australia.

It can be assumed that this will go forward and all businesses whether directly or indirectly associated should assess the implications of these changes on their business models and practices.

It makes sense to consider whether TikTok is:

  1. A potential risk to your business or your clients/customers
  2. Likely to be banned in a similar way by your customer base in the short to medium-term future
  3. Whether it is a necessity for you and/or your staff and/or contractors and what short to medium-term steps you can take to prepare for future changes and legislation


Home Alert

Gaming … Where hackers may be part of your child’s team.

Free currency and tokens in return for ‘login deets’! … #Winning!

Hacking and online scams do not have to be the result of carefully designed fake sites, complex business email compromise campaigns, and other threats.

A new report by software company Kasperskey suggests that targeting children, and especially young gamers provides easy and particularly rich pickings.

Some of the tactic’s hackers use when they target children, are in some cases, minimal. The rewards, though, can be impressive, especially if kids are playing games on a device that a parent or other family works from home on. 

The most common scam is to offer young players free in-game currency through games such as Fortnite and Roblox. Rather than trying to trick personal details out of their targets, the scammers simply ask outright for the email a game account is registered to and its password, straight up promising free currency in return for the login details.

This leads to a game account being entirely compromised — including any in-game items or currency currently attached to it, which the scammer can then sell.

Other tricks are even clearer in their intentions. 

One scam offers free game cheats to download, but to do so, the target must turn off all antivirus software first. The downloaded file purports to hold the desired cheats but is, in fact, a malicious zip file that, once run (without any antivirus protection present) can now extract data from a machine at will.

If the machine is a shared one, with possibly important work information, the hack can be incredibly dangerous, particularly if the victim’s antivirus software remains disabled for a protracted time.

Older gamers can fall prey to similar scams, though the older the gamer is, the more subtle the scam needs to be. This can be done by using more mature titles, such as Rockstar’s Grand Theft Auto series, as the basis of phishing scams, or by mimicking a game’s online store entirely, tricking gamers into sharing their Steam account details, or even social media passwords.

What can I do?

It is recommended the following tactics be applied to counter such scams:

  1. Use a password manager.
  2. Take advantage of two-factor authentication.
  3. Install Antivirus software.

Remember to educate your children and keep an eye on what’s going on.


This week's Training module


Cyber Threat Reporting (1/1)

Cyber Security Vigilance Program

Version 16-11-2022

Cyber Security Vigilance