Telstra launches pilot to block phishing texts spoofing Services Australia
Telstra has taken the wraps off a pilot program that will see it block fake messages claiming to be from myGov or Centrelink before they hit the phones of the telco’s customers.
The telco worked with the Australian Cyber Security Centre (ACSC) and Services Australia on the layer 3 blocking effort.
Telstra CEO Andy Penn told ZDNet that the program has completed its proof-of-concept stage and would be fully rolled out across its network by the end of the year.
Penn also said involving the ACSC allowed for information sharing between government and industry, and by sharing information there was a greater chance of mitigating malicious acts.
« It’s not so much that ACSC has got something that we don’t, or we’ve got something the ACSC doesn’t have — we both look at the world through a different lens, and we have both have access to information, probably, that the other party doesn’t, » he said.
If the pilot is successful, it would then be rolled out to other Australian telcos, Minister for Defence Linda Reynolds told ZDNet.
« This is a national problem that requires a truly collaborative national approach, » she said.
Earlier, the minister said the number of malicious texts had not increased significantly due to the coronavirus pandemic.
« What has changed is that cyber criminals are getting better at adopting their tradecraft, » Reynolds said.
« They are exploiting people’s concerns, and also their desire for information during COVID-19. »
Reynolds added the messages directed people to sites where malware could be installed and personal information is obtained.
Telstra in May unveiled its Cleaner Pipes program to fight malware passing through its network.
The initiative focuses on blocking command and control communications of botnets, the downloading of remote access trojans, as well as other forms of malware. The telco said at the time it was already blocking « millions of malware communications » when the traffic hits its infrastructure.
« This action reduces the impact of cyber threats on millions of Telstra’s customers including stopping the theft of personal data, financial losses, fraudulent activity and users’ computers being infected with malware. We know many consumers and small businesses do not have the resources to adequately protect themselves, » Penn said.
« Cleaner Pipes means we are able to more actively block cyber threats on our network that would compromise the safety of our customers’ personal information. While it will not completely eliminate the risk, or substitute appropriate threat protection, it will contribute to significantly reducing the volumes and impact. »
Should Telstra customers click on a blocked link, they will be presented with a block page. The telco also said in May it had been trialling Cleaner Pipes for a year, and this had sat alongside its efforts to block malicious SMS and scam calls. Telstra said it blocks over half a million scam calls each month.
In July, a Penn-chaired industry advisory panel recommended in its report that ACSC be able to « disrupt cyber criminals on the Dark Web and to target the proceeds of cybercrime » and hold malicious actors accountable through law enforcement, diplomacy, or even economic sanctions.
« The Australian government should openly describe and advocate the actions it may take in response to a serious cybersecurity incident to deter malicious cyber actors from targeting Australia, » the report recommended.
The report also called for « larger, more capable » government departments to help out the cyber defences of smaller agencies.