ato logo

Cyber Security Stakeholder Group key messages 11 May 2021

Key topics discussed at the Cyber Security Stakeholder Group meeting 11 May 2021.

Last updated 3 June 2021

ATO update

The pace at which threat actors weaponize vulnerabilities before patches can be applied is accelerating. The importance of patching as soon as possible after release was reiterated. Noting Microsoft patches are released the first Wednesday of each month, it’s worth scheduling patching to coincide with the same timeline.

Ransomware, cyber enabled crime and the sale of compromised credentials and sensitive information is quickly becoming a major income stream for threat groups.

2021 has seen extensive ransomware campaigns Avaddon RansomwareExternal Link

The ATO has recently published new guidelines for Strengthening client verification and is seeking feedback on the strategies.

A joint media release between the ATO and the Tax Practitioners Board has been released targeting Identity fraud in partnership with tax profession.

ATO Impersonation Scams

The ATO has issued two scam alerts since the beginning of the year. The first in February, following a concerning rise in people losing money to scams regarding suspended tax file numbers. The second scam alert and media release for 2021 was for a new MyGov email impersonation scam.

These alerts are a timely reminder that in the lead up to tax time, we expect to see a rise in malicious attempts to harvest identity details. The ATO strongly encourages everyone to be on alert and take the time to remind family and friends to be on the lookout and stay safe.

The ATO is working with the Australian Competition and Consumer Commission and other members in preparation for Scams Awareness Week which will be 16–20 August 2021 with a theme of ‘speaking up' about scams. From an ATO perspective the focus will look at new ways to promote how everyday individuals can help prevent vulnerable members from being scammed – with tag lines like ‘scam hero’ and ‘scambassador’.

Australian Cyber Security Centre (ACSC)

The ACSC managed Australian Cyber Security Hotline,1300 CYBER1, is 24 hours a day, seven days a week service that provides cyber security advice and assistance to callers, particularly in relation to reporting cyber security incidents, or cybercrimes.

The ACSC Partnership Program has been expanded to enable a wide range of organisations – including, but particularly small businesses, to engage with the ACSC and fellow partners, drawing on collective understanding, experience, skills and capability to lift cyber resilience across the Australian economy.