Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Australia. Show all posts
SOCI
Australia Cloud Security Cyber Security Medibank Optus Attack SOCI

Australia Takes Stride In Cybersecurity Measures



In the aftermath of several high-profile cyber attacks targeting key entities like Optus and Medibank, Australia is doubling down on its efforts to bolster cybersecurity across the nation. The Australian government has unveiled a comprehensive plan to overhaul cybersecurity laws and regulations, aiming to strengthen the country's resilience against evolving cyber threats.

A recent consultation paper released by government officials outlines a series of proposed reforms designed to position Australia as a global leader in cybersecurity by 2030. These proposals include amendments to existing cybercrime laws and revisions to the Security of Critical Infrastructure (SOCI) Act 2018, with a focus on enhancing threat prevention, information sharing, and cyber incident response capabilities.

The vulnerabilities exposed during the cyberattacks, attributed to basic errors and inadequate cyber hygiene, have highlighted the urgent need for improved cybersecurity practices. As part of the government's strategy, collaboration with the private sector is emphasised to foster a new era of public-private partnership in enhancing Australia's cybersecurity and resilience.

Key reforms proposed in the consultation paper include mandating secure-by-design standards for Internet of Things (IoT) devices, instituting a ransomware reporting requirement, and establishing a national Cyber Incident Review Board. Additionally, revisions to the SOCI Act 2018 aim to provide clearer guidance for critical industries and streamline information-sharing mechanisms to facilitate more effective responses to cyber threats.

Australia's expansive geography presents unique challenges in safeguarding critical infrastructure, particularly in industries such as mining and maritime, which rely on dispersed and remote facilities. The transition to digital technologies has exposed legacy equipment to cyber threats, necessitating measures to mitigate risks effectively.

Addressing the cybersecurity skills gap is also a priority, with the government planning to adopt international standards and provide prescriptive guidance to enforce change through mandates. However, some experts have pointed out the absence of controls around software supply chains as a notable gap in the proposed policy.

Recognising our responsibility in enhancing cybersecurity, both the government and the private sector are making significant investments in information security and risk management. Gartner forecasts a substantial increase in spending on cloud security and other protective measures driven by heightened awareness and regulatory requirements.

With concerted efforts from stakeholders and a commitment to implementing robust cybersecurity measures, Australia aims to strengthen its resilience against cyber threats and secure its digital future.


Read more »
Supply Chain
Australia Christmas Goods Cyber Attacks Shipping Company Supply Chain

Cyberattack Could Lead to a Shortage of Christmas Goods in Australia

 

A cyberattack over the weekend partially closed four major Australian ports, raising concerns about cascading effects. 

Forty percent of the freight that enters the country is handled by DP World Australia, which discovered a security breach on Friday and immediately turned off its internet connection. 

This meant that throughout the weekend, the company's port operations in Sydney, Melbourne, Brisbane, and Fremantle were shut down. 

The company could not estimate how long it would take to recuperate from the cyberattack, but experts believe it could take weeks, prompting price hikes and rising inflationary pressure. 

According to AMP chief economist Shane Oliver, a lengthy disruption in the operations of UAE-owned DP World could have a ripple effect on the overall economy and help trigger another interest rate hike. 

He stated that the attack on DP World, as well as its inability to move goods in or out of its ports, constituted a supply shock, and that a prolonged closure could push up commodity prices, forcing the Reserve Bank to consider another interest rate hike at its December meeting.

“It goes to the nature of the supply shock here, and this could have an impact on the prices, and inflation rate, of goods, which has been coming down. If this stops that, or it pushes up prices, then the Reserve Bank could be looking at it at their December meeting,” Oliver noted. 

However, senior Westpac economist Justin Smirk stated that the Reserve Bank is beginning to consider disruptive incidents such as cyberattacks on supply chain infrastructure. 

The founder of the data breach tracker Have I Been Pwned and cybersecurity researcher Troy Hunt warned that disruptions to Australian consumers could last for weeks and have an impact on Christmas delivery. 

Hunt told this masthead, "If you look back to COVID, look at the sheer number of things that got disrupted just because bits and pieces couldn't get delivered." "It depends on the actions taken here as well; have the internal systems of [DP World] been destroyed?" 

He cited preliminary research from cybersecurity veteran Kevin Beaumont, who discovered that DP World was most likely the victim of a ransomware attack enabled by a vulnerability in Citrix NetScaler software. 

According to Hunt, ransomware groups are now far more professional than they used to be, with websites listing every victim and a countdown timer indicating how much longer they had to pay. 

“There’s … a financial motive for this sort of stuff,” Hunt noted. “Of course, we’ve seen this in Australia recently with the Medibank situation, we’re seeing this more and more. If you have a spin through some of the dark web ransomware websites, it’s just stunning the number of organisations that are listed on there.”
Read more »
Vulnerability
Australia Breach Customer Cyber Attacks Data Energy Experts Investigation Ransomware Report Security Software threat UK Vulnerability

Cyberattack Strikes Australian Energy Software Company Energy One

 

Energy One, an Australian company specializing in software solutions and services for the energy industry, has fallen victim to a cyber assault.

In an announcement made on Monday, the company revealed that the breach was identified on August 18 and had repercussions for certain internal systems both in Australia and the United Kingdom.

“As part of its work to ensure customer security, Energy One has disabled some links between its corporate and customer-facing systems,” Energy One said.

Energy One is actively engaged in an inquiry to ascertain the extent of the impact on customer-related systems and personal data. The organization is also committed to tracing the initial point of intrusion employed by the attacker.

Though detailed specifics about the attack are presently undisclosed, the company's official statement strongly suggests the possibility of a deliberate ransomware attack.

To facilitate the investigation, cybersecurity specialists have been enlisted, and competent authorities in both Australia and the UK have been informed about the incident.

According to a recent report by Searchlight Cyber, a British threat intelligence firm, malevolent actors have been peddling opportunities for initial access into energy sector enterprises globally, with prices ranging from $20 to $2,500.

Perpetrators of cybercrime can exploit various avenues, including Remote Desktop Protocol (RDP) access, compromised login credentials, and vulnerabilities in devices like Fortinet products.
Read more »
PwC
Australia CIop MOVEit Attack CLOP Clop Ransomware Cyber Security PwC

PwC Caught in the Crossfire: Australian Fallout from Major Cyber Breach Deepens

 


There has been a severe scandal going on at the accounting firm PwC over the past few weeks involving a tax scam and the company was dealt another blow as Russian hackers have just managed to steal sensitive information. 

It has come to the attention of PwC that a notable cyber breach has so far affected 267 Australian companies, and would also have a significant impact on many more corporations from other countries. In a recent attack on popular file-sharing software, cybercriminals with Russian connections broke into the system, which resulted in new high-profile attacks on the system. 

During the last week of May, clop, a cybercrime group, made its first attempt to break into the MOVEit file-sharing service. The company had begun the theft of data from various institutions, including agencies of the US federal government, Shell, the BBC, and many others. As more and more companies reveal that they have been targeted by the data breach, which has affected rival consultancy EY as well, this breach is expected to grow much larger by the day. 

The cybercrime group reportedly obtained client data after hacking third-party software called MOVEit, which PwC used to transfer confidential information. 

The hackers, who have executed two other global attacks in the last three years, have told companies to pay a ransom or have their files released online. “Pay attention to avoid extraordinary measures that may negatively impact your company,” Clop’s website reads. On Monday, PwC Australia confirmed it had used the software for a “limited number” of its clients, adding to its woes stemming from the Collins tax scandal. 

PwC said its initial investigations showed that the company’s internal IT network had not been compromised. The cyberattack on MOVEit had a limited impact on PwC. 

The firm had determined its own IT network had not been compromised, saying the breach was likely to have a "limited impact." PwC has reached out to the businesses whose files were affected and is discussing the next steps. The spokesman added that data security remained a "key priority" for the firm and that it was continuing to put "the right resources and safeguards in place" to protect its network and data.

Although the company appears to have escaped significant harm, the revelation comes at a poor time as it battles to regain governments' trust following the leaking of confidential tax information. 

Former PwC partner Peter Collins allegedly distributed documents describing the government's tax plans to other staff at the firm. This led to his registration termination with the Tax Practitioners Board. It also caused a slew of governments and their agencies to terminate agreements with the company. 

Clop demanded large ransoms for data return, but senior US officials have reportedly said no such demands have been made to federal agencies. It remains to be seen if the group will seek money from either of the Australian firms caught up in the breach. Progress, the company that created and maintains MOVEit software, patched the vulnerability within 48 hours. It also said it was aiding affected clients and had drafted in some of the world's best cybersecurity firms to assist with its response. 

In the face of a cybersecurity crisis that has hit Australia, PwC finds itself at the forefront, bracing for the expanding fallout. This incident serves as a stark reminder of the urgent need for robust cybersecurity measures and collaboration between organizations and government agencies. 

As the nation grapples with the aftermath, it becomes crucial for stakeholders to fortify their cybersecurity strategies, invest in advanced technologies, and enhance incident response capabilities. Australia must come together to address the immediate challenges and lay the groundwork for a more resilient and secure digital future.
Read more »
User Privacy
Australia Charity Organisation Data Breach Data Leak Human rights User Privacy

Amnesty International Takes a While to Disclose the Data Breach From December

 

Amnesty International Australia notified supporters via email last Friday that their data might be at risk owing to "anomalous activity" discovered in its IT infrastructure. 

The email was sent extremely late in the day or week, but it was also sent very far after the behaviour was discovered. The email, which Gizmodo Australia saw, claims that the activity was discovered towards the end of last year. 

“As soon as we became aware of this activity on 3 December 2022, we engaged leading external cyber security and forensic IT advisors to determine if any unauthorised access to our IT environment had occurred,” Amnesty International Australia stated.

“We acted quickly to ensure the AIA IT environment was secure and contained, put additional security measures in place and commenced an extensive investigation.” 

Amnesty International said that while it took the organisation some time to notify its supporters of a security breach, the investigation is now complete and has revealed that an unauthorised third party temporarily got access to its IT system. 

“In the course of this investigation, we identified that some low-risk information relating to individuals who made donations in 2019 was accessed, but of low risk of misuse,” the organisation added. 

Although "low risk" information was not defined, it is clear from the security advice that it offered that the data is most likely name, email address, and phone number. Despite being satisfied that the information obtained through the breach won't be used inappropriately, Amnesty International Australia advised its supporters to "carefully scrutinise all emails," "don't answer calls from unknown or private numbers," and "never click on links in SMS messages or social media messages you are not expecting to receive." 

The breach only affected the local arm of the charity, according to Amnesty International Australia, and did not affect any other branches. The statement further stated that although the scope of the "information accessed in the cyber event" did not match the requirements or level for notification under the Notifiable Data Breaches Scheme, Amnesty International Australia had decided to notify its supporters" in the interest of transparency".
Read more »
TPG
Australia Cyber Threats Data Breach Data threats TPG

Email Hack Hits 15,000 Business Customers of TPG

The second largest Australian telecommunications company TPG fell victim to a high-profile cyber attack. TPG is Australia’s No. 2 Internet service provider which serves 7.2 million accounts in the nation. TPG Telecom was previously known as Vodafone Hutchison Australia, however, it was renamed after its merger with TPG. 

The company released its documents on Wednesday in which it shared that the e-mails of up to 15,000 of its corporate customers had been breached. The company identified this attack during a forensic review. 

“TPG Telecom’s external cyber security advisers, Mandiant, advised that they found evidence of unauthorized access to a Hosted Exchange service which hosts email accounts for up to 15,000 iiNet and Westnet business customers,” the wireless carrier reported. 

The company also revealed that the group of threat actors was looking for cryptocurrency and other financial information. However, the company further did not describe whether customers’ data has been accessed during the attack or not. 

“We apologize unreservedly to the affected iiNet and Westnet Hosted Exchange business customers. We continue to investigate the incident and any potential impact on customers and are advising customers to take necessary precautions,” TPG Company's report read.  

As per the data, before this attack around 8 other Australian companies witnessed hacks since the month of October. These incidents are prompting public outrage in Australia. 

Following the reports, the government said last week that the government is working hard to develop a new cyber-security strategy to fight against cyber threats. Furthermore, the government is also considering banning the payment of ransom to threat actors. 

After the public announcement, the company further added that we had implemented measures against the vulnerabilities in the system to stop unauthorized access. Also, the company has started contacting all its customers on the exchange service affected by the incident. 

“The matter remains under investigation and we will be communicating with directly affected customers as more information becomes available,” the company added. 
Read more »
Scumbags
AFP Australia Cyber Attacks CyberCrime Hackers Medibank Russia Scumbags

Medibank's Hackers will be Hacked in Australia

 


Threat actors behind the Medibank hack that compromised nearly 10 million customers' private information are being hunted by the Australian government, cyber security minister Clare O'Neil said. 
A hack on Medibank's computer, which was attributed to Russian cybercriminals, was announced by the Australian Federal Police on Friday afternoon. 

AFP identified Russian criminals as the culprits without contacting Russian officials before the public announcement, as the embassy in Australia has expressed disappointment that the AFP has identified Russian-based criminals as the culprits without contacting Russian officials. 

In the statement released by the Consulate on Friday evening, the consulate mentioned that it encouraged the AFP to promptly contact the respective Russian law enforcement agencies to seek assistance. 

Combating cybercrime that adversely affects the lives of citizens and damages businesses is a complex task that demands a cooperative, non-political and responsible approach from all members of the international community. 

It was announced on Saturday that the Australian Federal Police (AFP) and the Australian Signals Directorate (ASD) have signed an agreement on the creation of a comprehensive policing model which will take into account both the Optus and Medicare data breaches and effectively deal with the criminals behind them. 

"Around 100 officers from these two organizations will be a part of this joint standing operation, and many of these officers will be physically co-located with the Australian Signals Directorate," she said.

As Ms. O'Neil pointed out, officers report to work every day of the week. The goal is to deal with these gangs and thugs in the most effective manner possible. 

Ms. Saunders explained, With this partnership, the Australian Government has formalized a standing body which will be responsible for the day-to-day pursuit and prosecution of the con men responsible for these malicious crimes against innocent people and who will, day in and day out, hunt them down. 

A group of the smartest and most determined people in Australia will be collaborating to track down the hackers. 

A New Permanent Policing Model 

In a statement, Attorney General Mark Dreyfus described the situation as "extremely distressing."

In response to the attack, the government released a statement stating that it would do everything it could to limit the impact of this horrible crime. It would also provide support and comfort to the families and friends of those who are affected. 

Dreyfus said in his remarks that the updated partnership between the AFP and the ASD aimed at fighting cyber criminals will be a permanent and formal agreement. 

The AFP, he explained, works full-time on this issue, and they are working with international partners, such as the FBI, which has done great work on this problem, with the assistance of their international partners, including the United Nations. 

As part of the investigation, AFP Commissioner Reece Kershaw on Friday said officers were also working with Interpol to track down the perpetrators of the crime. 

"We know who you are," he said. In the area of bringing overseas offenders back to Australia to face the justice system, it has been noted that the AFP has been doing a good job on the scoreboard. 

A Review of Australia's Diplomatic Relations With Russia is Currently Taking Place

There will be no slowdown in the work of the national security agencies because diplomatic channels with Russia will remain open concerning extradition, according to Mr. Dreyfus. 

According to the president of the Russian Federation, Russia should do all that it can to protect its citizens from engaging in these kinds of crimes, while within its borders. 

In a statement, Mr. Dreyfus said that his government is taking a close look at the options available to it. This is because it wants to maintain Russia's diplomatic profile in Australia. 

In regards to our diplomatic channels, we would like to maintain them as long as they are appropriate for our national interests. However, diplomatic profiles must always be consistent with that. 

A spokesman for the opposition's cyber security wing, James Paterson, said that the disclosure could have broad implications for Australia's Magnitsky regime. Those who violate the law are subject to this.

With the passage of the regime with bipartisan support, which was passed with the support of the Republican and Democratic Parties, it becomes possible to impose targeted financial sanctions and travel bans in response to serious corruption and significant cyberattacks. 

At a press conference earlier today, Prime Minister Albanese told reporters he was dismayed and disgusted by the actions of those who committed this crime. He authorized AFP officials to release the details as a matter of public interest. 

In the recent past, hackers have released more information about some of the medical records of their customers on the dark web, including information about abortions and alcoholism. 

A ransomware attack was carried out by a criminal group targeting Medibank's data, which resulted in close to 500,000 health claims, along with personal information, being stolen. 

There are several mental health and other support services available through Medibank's Resources Page, which is available to affected customers.
Read more »
User Privacy
Abortion Data Leak Australia Data Breach Data Leak Health Insurer User Privacy

Abortion Data of Medibank Patient’s Leaked on the Dark Web

 

Threat actors who siphoned customer data from Australia's largest health insurer Medibank last month have released sensitive details of patients' medical diagnoses and procedures, including abortions, onto the dark web. 

The ransomware group also disclosed they allegedly demanded a $US1 ($1.60) per customer ransom from the health insurer but Medibank refused to pay ransom for the data, a decision supported by the Australian government. 

"Added one more file abortions.csv ...," read a post on the blog. "Society asks us about ransom, it's a 10 million USD (A$15.5 million). We can make a discount 9.7m (A$15 million) 1$ (A$1.60) =1 customer." 

The file reportedly contained a spreadsheet with 303 customers' details alongside billing codes related to pregnancy terminations, including non-viable pregnancy, miscarriage, and ectopic pregnancy. 

Day after the data leak, minister for cyber security Clare O'Neil described the leak of the patients’ data as "morally reprehensible". 

"I want to say, particularly to the women whose private health information has been compromised overnight, as the minister for cybersecurity but more importantly, as a woman, this should not have happened, and I know this is a really difficult time," she said. I want you to know that as a parliament and as a government, we stand with you. You are entitled to keep your health information private and what has occurred here is morally reprehensible and it is criminal." 

Meanwhile, David Koczkaro, CEO at Medibank requested the public to not seek out the files, which contain the names of policyholders rather than patients. 

"These are real people behind this data and the misuse of their data is deplorable and may discourage them from seeking medical care," he said. Koczkaro also apologized for what he called the "malicious weaponization" of personal data. 

Additionally, the Australian government has defended the insurer's decision to not pay the ransom. Both have warned that more releases of customer information are expected. Prime Minister Anthony Albanese has said that he is also a Medibank customer. 

The Medibank hack follows a string of unrelated cyber assaults against Australian organizations in recent weeks and months, as customer data have come under siege from hackers. 

Earlier this year in September, Australia's second-largest telecommunications firm Optus was also targeted for extortion, after the private information of nearly 10 million customers was siphoned in what the firm called a cyber-attack. The attackers also targeted supermarket chain Woolworths, and Australian Federal Police classified documents, which exposed agents working to stop international drug cartels.
Read more »
real estate agency
Australia Data Breach Data Theft Harcourts real estate agency

Harcourts Real Estate Agency Suffered a Data Breached


Australian real estate agency Harcourts confirmed that it has suffered a data breach last month at its Melbourne city office which potentially exposed the credential of tenants, landlords, and tradespeople. 

The agency wrote to its customers that its rental property database has been trespassed by an unknown third party without authorization.

Furthermore, on Thursday Harcourts said that the breach took place when the account of a representative at service provider Stafflink, which provides the franchisee administrative support, was attacked, and accessed by a third party.

"We understand the unauthorized access occurred because the representative of Stafflink was using their own device for work purposes rather than a company-issued (and more secure) device," it said in a statement.

The agency learned about the attack on October 24 in an email sent to customers has confirmed. According to the email circulated online, it said that for tenants the credentials potentially breached included their names, email addresses, addresses, phone numbers, photo identification, and signatures. 

For landlords and trades, bank details as well as their names, addresses, phone numbers, email addresses, and signatures have been compromised. 

The attack came to notice after weeks when the security experts and tenancy advocates raised concerns about the potential for data breaches in the industry.

Following the attack, the chief executive Adrian Knowles said dealing with the incident was the company’s top priority. Further, he added that an investigation is going on and we are hoping we will solve the matter soon.

“We understand people will be deeply concerned and upset about this data breach. I would like to offer our sincere apologies to everyone who has been inconvenienced as a result…,” Knowles said. “…We are working together with the franchisee to ensure that all impacted individuals are advised of the incident. In addition, we are in the process of establishing complimentary credit monitoring and access to the IDCARE support service for impacted individuals.” 
Read more »
MedBank
aus Australia Cyber Attacks Cyberattacks Defense ForceNet MedBank

Australian Department of Defense Hit by Cyberattack


Department of Defense Suspects Cyberattack

The Department of Defence is afraid that the personal information of personnel, like DoB, may have been breached after a communications platform used by the military suffered a ransomware attack. 

Hackers attacked the ForceNet service, which is operated by an external information and communications technology (ICT) provider. 

The organisation in the beginning told the Defense Department no data of former or current personnel was breached.

Defense says personal info not stolen 

However, the Department of Defense believes that personal details like the date of enlisting and DoB may have been stolen, despite initial hints being contrary to what the external provider is saying. 

In a message notification to the staff, the defence chief and secretary said the issue is being taken "very seriously."

There has been a series of cyberattacks in recent times, from health insurance companies to telecommunications.

Cyberattacks on rise in recent time

Medibank earlier this week confirmed a criminal organization behind a cyber attack on its company had access to the data of around 4 million customers, some of these consist of health claims. 

In September, Optus said a cyberattack had leaked the data of around 10 Million Australian users, with a considerable amount of information stolen from around 2.8 million people.

Minister for Defense Personnel Matt Keogh ForceNet kept upto 40,000 records, saying "I think all Australians, and rightly the Australian government, is quite concerned about this sort of cyber activity that's occurring, people seeking through nefarious means to get access to others' personal data."

ForceNet involved, however IT department safe

In the email to the staff, the Defense Department was confident that the hack of ForceNet was not targeted at the IT systems of the department. 

It said "we are taking this matter very seriously and working with the provider to determine the extent of the attack and if the data of current and former APS [Australian public service] staff and ADF personnel has been impacted. If you had a ForceNet account in 2018, we urge you to be vigilant but not alarmed."

Earlier talks with the service provider hint that there is no substantial proof that data of former and current ADF Personnel and APS staff personnel have been breached. 

It said, "we are nevertheless examining the contents of the 2018 ForceNet dataset and what personal information it contains."




Read more »
User Privacy
Australia Data Breach Data hack Healthcare Industry User Privacy

Why Australian Healthcare Industry is Becoming a Lucrative target for Cyber Criminals

 

Data breaches are rising across Australia’s healthcare industry faster than many others. Hackers are lured by healthcare’s large attack surface, which includes sensitive and time-critical information. 

According to the latest research from Darktrace, cyber-attacks targeting the health and social care sector in Australia doubled in 2021 compared with data from 2020, and the industry is still the most attacked in Australia in 2022. 

Over the past month, Australians learned the scale of two major health data breaches, with some patients' private data — including bank details and test results — published on the dark web. 

Last week on Thursday, pathology firm Australian Clinical Labs (ACL) disclosed its subsidiary Medlab, which carries out COVID-19 testing and other services, suffered a data breach eight months ago in February and since then it had discovered the data of 223,000 individuals were stolen. 

The same week, Medibank Private also revealed had accessed the data of at least 4 million customers, including their health claims. 

Why hackers are targeting healthcare?


The goal behind the Optus breach in September was crystal clear as it was a human error. The hack exposed the data of nearly 10 million Australians, including driver’s licenses and passport numbers. 

But the data stolen in the Medibank and Medlab hacks is more private and includes test results and diagnostic details. 

According to Peter Lewis, director of the Centre for Responsible Technology, whose data was siphoned in both the telco and Medibank Private breaches, health sector criminals are launching attacks to blackmail people, damage the firms’ reputations, or sell on the vast pools of data to other hackers. 

"There is the sense that they may try and blackmail people," he says. There is sensitive information out there, but I don’t know if that’s the game. The second is to do damage to the organization that they’ve hacked so it is potential for more damaging to Medibank than it is to any individual. But thirdly, it is true that they’ve captured that entire base of health information; maybe they’ll ... try to find ways to make value out of big pools of data."

I think a breach in the intimacy of health information could also open some people up to blackmail or make them less open with healthcare professionals. It is a smart move by hackers but whether it's going to be a sustained shift or only a shift which we've seen with these most recent cases is unclear, says Dr Rob Hosking, Chairman of the Royal Australian College of General Practitioners' technology committee.

"Nobody wants their personal, private information exposed to the public and that’s one of the risks we run with using the benefits of the internet for other things, for remote access, for transfer of information about people’s health and doing things in a much timelier fashion,” Dr. Hosking stated. “The worrying thing here is that it [health breaches] creates mistrust if people are fearful of divulging information to their practitioners; that means they may not get the care that they deserve."

Small steps 

Healthcare providers need to have an incident response plan following the discovery of a data breach. Educating staff on the common attack vectors, such as malware, viruses, email attachments, web pages, pop-ups, instant messages, and text messages, and how to discern unusual activity is essential. 

According to Dr. Robertson-Dunn, health data is expensive and difficult to manage, and sometimes it can be hard to differentiate between what should be kept, and what can be deleted. We need to re-evaluate what has to be held onto. 

"The government and organizations need to get more serious about the security of the data that they keep," he stated. They need to question if they need all of it, if it all needs to be online. If you change GP should the old GP keep your records? There’s probably an argument that maybe they should, but it is a risk. Curating health data is not easy because how do you know what you might need in the future?"
Read more »
User Security
Australia Data Breach Data Leak Data Thefy IABs ransomware attacks User Security

Initials Access Brokers are Playing Major Role in Data Breaches

 

As the cybercrime ecosystem continues to expand in Australia, the job of security professionals has also come under scrutiny. In the past month, alone seven major Australian enterprises including Optus, Medibank, and Woolworths have suffered data breaches. 

According to the latest Recorded Future intelligence report, the rise of initial access brokers (IABs) has led to increasing data breaches. IABs employ several multiple tools, techniques, and procedures (TTPs) to achieve initial access to the targeted network. 

IABs modus operandi 

IABs often launch the first stage of a ransomware attack and then sell this access to other hackers who deploy the ransomware to paralyze the victim’s computer system. 

IABs are primarily active on top-tier Russian-language platforms like Exploit, XSS, and RAMP, and typically operate using multiple languages and online pseudonyms to bypass detection. The advertising on underground forums includes a series of important details that hackers will need to select their next victim. These include victim country, annual revenue, industry, type of access, rights, data to be exfiltrated, devices on the local network, and pricing. 

While many ransomware affiliates are happy to negotiate publicly, with IABs advertising on these forums, others are thought to work directly and secretly with a pre-selected group of access brokers. Either way, the advantage of working alongside IABs is clearly to accelerate their campaigns. 

According to the latest research conducted by KELA, IABs sell initial access for $4600, and sales take between one and three days to finalize. Once access has been purchased, it takes up to a month for a ransomware attack to take place -- and potentially for the victim to be subsequently named on a leak site. The average price for access was around USD 2800 and the median price - USD 1350.

How to counter the threat 

Fortunately, there are multiple things businesses can do to mitigate the threat, not only of initial info-stealing attacks but also the ransomware that follows. 

Organizations should train employees to recognize and neutralize social engineering attacks. When it comes to ransomware, maintain offline backups of sensitive data, segment networks to contain an attack’s blast radius, and apply two-factor authentication everywhere. Continuous monitoring and robust threat intelligence will also provide a useful early warning system. 

Most importantly, the right defensive posture can help organizations to regain the initiative and put enough roadblocks in the way that their adversaries give up and move on to the next target.
Read more »
Digital Census
ABS Australia Census Day Cyber Security Digital Census

Australia Fended Off Nearly 1 billion Cyberassults on Census Day

 

Australia’s Bureau of Statistics (ABS) thwarted nearly one billion cyberattacks on its systems during the nation’s census in August 2021, statistician Dr. David Gruen stated during the Melbourne Business Analytics Conference last week. 

According to Dr. Gruen, after the 2016 distributed denial of service assaults that caused the first digital census to be taken offline by the ABS for 40 hours, every necessary precaution was taken to guard the census and its data. 

“In the event, everything ran smoothly even though there were slightly less than one billion cyber attacks on our Census digital system on Census day, 10 August 2021,” Gruen stated. 

Australia’s second-ever digital census was conducted from 28 July 2021 to 1 October 2021, and during that time the public-facing systems were under constant attack. 

ABS collaborated with the Australian Cyber Security Center (ACSC), PricewaterhouseCoopers (PwC), and Amazon Web Services (AWS) to simulate attack scenarios and enhance its defenses. The officials also worked with ethical hackers to discover security loopholes in its systems. 

“While it is hard to quantify what an attack is, in our case, these were connections that were obviously malicious which we blocked, either automatically or manually,” Gruen said. On census day alone we blocked 308,735 malicious connections, and on investigating these we blocked 130,000 IP addresses which were the source of this attack traffic.” 

The ABS said it would continue to prepare for malicious cyber-attacks and has taken multiple steps to guard the data under its possession, which includes testing its systems with information security registered assessors accredited by the Australian Cyber Security Centre. 

To bolster national cybersecurity defense, the Australian government has also passed a resolution to spend A$1.66 billion ($1.1 billion). Earlier this year in March, the government put forward a A$10 billion ($7.5 billion) security spending package dubbed “REDSPICE” (Resilience, Effects, Defense, Space, Intelligence, Cyber Enablers) to address the national cybersecurity issues. 

“There is an element here that cybercrime is growing really quickly around the world – there was an Interpol conference yesterday where the kind of police heads of forces from around the world got together and their message to the community was that cybercrime is now their main crime concern internationally,” cybersecurity Minister Clare O’Neil stated in response to the recent Medibank ransomware attack.
Read more »
Sensitive Information
ABC ACSC Australia Cyber Attacks Data Theft FBI Healthcare Medibank Melbourne Optus Attack Sensitive Information

Cyber-Attackers Claim to Have Accessed Customer Data at Medibank Australia

 


According to Medibank, which covers one in six Australians, an unidentified person notified the company that some 200 gigabytes of data had been stolen. This included medical diagnoses and medical treatments, as part of a theft that began a week earlier when the company disclosed a theft of 200 gigabytes of data.

As far as the number of its 4 million customers who may have been affected, the company did not provide information. However, it warned that the number is likely to rise as the issue unfolds. It was announced by the Australian Federal Police that they had opened an investigation into the breach, but that they had no further comments to make.

An Australian newspaper report has warned that the data of at least 10 million customers may have been stolen. This adds a heightened layer of intrigue to a wave of cyberattacks on the country's largest companies since No. 2 Telco Optus, owned by Singapore Telecommunications Ltd, revealed a month ago that the data of ten million customers may have been stolen. 

The majority of public commentary has so far focused on the possibility that hackers could gain access to bank accounts if they steal data or used identity theft to gain access to personal information. An article in the Sydney Morning Herald stated that it received a message from a person claiming to be the Medibank hacker threatening to publish medical records for high-profile individuals without receiving any payment until the hacker has been paid for his or her work.

Currently, the Melbourne-based security company is working with several cyber-security firms and has also contacted the Australian Cyber Security Centre (ACSC), which is the government's lead agency for cyber security.

"This is a situation where we have very sensitive information regarding healthcare and that information, if made public by itself, could cause severe harm to Australians, and that is why we at the Australian Broadcasting Corporation are so actively involved with this," said Cybersecurity Minister Clare O'Neill in an exclusive interview with the ABC.

As cyber security experts pointed out, it was unclear whether the three disclosures on data breaches were related to a single incident. This is because these attacks were diverse. However, the perceived publicity generated by the Optus attack may have drawn public attention to the hacker networks created by this company.

"When there is the highly visible breach, such as what happened to Optus in Australia, then hackers take notice of it and think they are planning to try to see what I can get away with down there," said the executive editor Jeremy Kirk for Information Security Media Group, one of the leading cybersecurity specialist magazines out there.

Interestingly, more than 2.2 million shoppers get their bargains on a bargain website that is used by Optus rival Telstra Corp Ltd. which on Tuesday disclosed an issue with employee data breaches, while Woolworths Group Ltd on Thursday said an unidentified party gained unauthorized access to the customer database of that site.

It has been well documented that high-profile data breaches demonstrate how crucial it is to use multi-factor authentication at every level of a company's network - i.e. when the person uses an authentication code sent to a separate device to log in - to prevent data breaches, according to Sanjay Jha, chief scientist at the University of New South Wales Institute for Cybersecurity.

Jha told Reuters over the phone that, although they have implemented such controls for end users, they should have even tougher controls for internal servers, since server security is a major concern.

"Continuous authentication is necessary for people not to log in and leave after logging in and leave forever, allowing attackers to access your computer and compromise it." Jha continued.

Founder and chief intelligence officer of F5, Dan Woods, a former FBI cyberterrorism investigator, commented that Australia had "undoubtedly endured its most difficult few weeks from a cybercrime perspective, but on the positive side, it's been a wake-up call for the country, one that it may have needed." 
Read more »
Optus Breach
Australia Data Breach Data Leaked online data risks Optus Breach

19-Year-Old Arrested for Using Leaked Optus Breach Data in SMS Scam

The Australian Federal Police (AFP) took a 19-year-old teen into its custody for allegedly attempting to leverage the data leaked following the Optus data breach late last month to extort victims. 

Officials said that the accused was running a text message blackmail scam, asking victims to transfer $2,000 to a bank account or they will risk getting their personal information misused for fraudulent activities. Credentials of almost 10 million customers were exposed in the Optus breach, including millions of passports, medicare numbers, and driver’s licenses. 

This attack raised questions as to why multiple organizations need to collect and store so much personal data of customers. Following the incident, the government of Australia is now considering developing a single digital identification service that businesses could use instead. However, the public is questioning this development. 

 “Within the audit’s remit is to consider how myGov can deliver seamless services that will frequently involve private enterprise service providers. This would prevent the need for citizens to provide sensitive data multiple times to multiple entities,” Shorten’s spokesperson said. 

As per the police, they have collected a sample database of 10,200 records that was posted briefly on a cybercrime forum accessible on the clearnet by an actor named "optusdata," before taking it down. 

The AFP further added that a search warrant at the home of the offender has been executed in which they have successfully seized a mobile phone used to send text messages to about 93 Optus customers.

"At this stage, it appears none of the individuals who received the text message transferred money to the account," the statement reads. 

The offender has been charged with using a telecommunication network with the intent to commit a serious offense and dealing with identification information. In both cases, the offender has to spend 10 and 7 years, respectively in imprisonment.
Read more »
Optus
Australia cyber incident Data Breach online crimes Telstra Optus

Telstra Reacts to Optus Hack with Online Safety Tips for Customers

Since Optus was attacked, the telco constantly reached out to its customers to know if they had been a victim of the data breach, but there are still some customers claiming that they did not receive any official notice from Optus. 

Optus will be covering the number of replacement passports for customers who had their personal credentials leaked during the attack. The Prime Minister of Australia Anthony Albanese stated, “Optus has responded to my request that I made both in the parliament and that Senator Wong made in writing to Optus, they will cover the cost of replacing affected customers' passports." 

Telstra has also sent an informative email to its customers today in response to a large number of questions from their own customers regarding online safety tips. 

Titled "helping to keep you safe", the email from Telstra refers directly to the Optus attack, saying, "Over the past week many of our customers have reached out to us following the Optus cyber-attack with questions about how to stay safe online and to know if their data has been impacted." 

Following the incident, the telco confirmed to their customers that their data is not affected, however, they have "heightened our monitoring and, as cyber-attacks become more regular and scammers become more sophisticated, we all need to remain on alert." 

The following tips have been suggested by the Telco for its customers: 

• Switch on two-step verification with Telstra if you haven't already 
• Remain suspicious of unexpected communications 
• Switch on two-step verification on your bank account and monitor transactions 
• Keep your devices updated 
• Use strong passwords to your accounts 
• Pay attention to what you share on social platforms 

Since Optus was hacked it has taken a week to contact its 9.8 million customers via email, when the press asked Telstra how long it would take them to reach out to their all customers, Telstra's spokesperson said, "We anticipate our customers will receive this communication by close of business today.”
Read more »
Ransomware
Australia Crypto Crime Cyber Security Ransomware

AUSTRAC Publishes New Guidance on Ransomware and Crypto Crime

 

The Australian Transaction Reports and Analysis Centre (AUSTRAC) has released two new financial guides for businesses to detect and prevent criminal abuse of digital currencies and ransomware. 

Each guide provides practical recommendation to assist businesses detect if a payment is related to a ransomware assault, or if someone is exploiting digital currencies and blockchain technology to commit crimes such as tax evasion, terror financing, scams or money laundering. 

The guideline implored businesses to be on the lookout for users who tried to obfuscate the trail of their digital assets transactions by using mixers, privacy assets, and decentralized finance (DeFi) platforms suspiciously. 

Among the particular indicators, Austrac recommends being careful when figuring out if somebody is using digital currencies for terrorism financing, for example, is when transactions to crowdfunding or online fundraising campaigns are linked to ideologically or religiously motivated violent extremism centered boards, or when a buyer account receives a number of small deposits, that are instantly transferred to private wallets. 

In the meantime, some indicators of identifying when an individual is a sufferer of a ransomware assault, according to Austrac, include when a customer increases the limit on their account after which rapidly sends funds to a third party; following a preliminary giant digital currency transfer, a customer has little or no additional digital forex exercise; and when a newly onboarded customer desires to make a direct and huge buy of digital currency, followed by a direct withdrawal to an exterior digital currency address. 

"Financial service providers need to be alert to the signs of criminal use of digital currencies, including their use in ransomware attacks," Austrac CEO Nicole Rose said in a statement. 

The guides have been released in response to the increase in cyber threats to Australia. In 2020-21, 500 ransomware attacks were reported, marking a 15% increase from the previous fiscal year, analysts at Austrac noted. 

Earlier this month, IDCare reported that over 5,000 customer details of former cryptocurrency exchange Alpha were exposed online. The details included the driver's license, passport, proof of age, and national identity card images of 232 Australians and 24 New Zealanders. 

IDCare initially discovered the breach in late January when it noticed a post for sale on a Chinese-speaking platform for $150, before it was eventually posted to be accessed without spending a dime on another online forum called Breached.

"This event poses a serious risk to the identities of any involved. Due to the nature of the identity documents discovered, we urge anyone who had any dealings with AlphaEx to contact us," IDCare said.
Read more »
WeChat
Account Hack Australia China Chinese Apps Cyber Security Mobile Apps Security WeChat

How Australia’s Leader Lost Control of His Chinese Social Media Account

 

After Prime Minister Scott Morrison's WeChat account was hacked, a Liberal member of parliament accused the Chinese government of foreign intervention. 

"It is a matter of record that the platform has stopped the Prime Minister's access, while Anthony Albanese's account is still active featuring posts criticising the government," Liberal representative Gladys Liu stated

"In an election year especially, this sort of interference in our political processes is unacceptable, and this matter should be taken extremely seriously by all Australian politicians." 

Liu stated she would stop utilizing her professional and personal WeChat accounts until the platform presented an explanation for the incident as part of her accusations against the Chinese government. 

Several Coalition members have supported Liu's charges and boycott, with Liberal Senator James Paterson, chair of the Parliamentary Joint Committee on Intelligence and Security, asking for Opposition Leader Anthony Albanese to boycott WeChat as well. 

The Prime Minister's office is attempting to contact the Chinese government regarding the account hijacking, according to Stuart Robert, the Minister responsible for digital transformation, who told The Today Show on Monday morning. 

"It is odd, and of course, the Prime Minister's office is seeking to connect through to them to work out and get it resolved," Robert said. 

Morrison's WeChat account was apparently changed and he had accessibility issues months ago, according to NewsCorp Australia, with the Prime Minister being unable to access the account at all.

Morrison's account is linked to a Chinese national based in Fujian, according to Australian Strategic Policy Institute senior analyst Fergus Ryan, because WeChat's policies at the time mandated accounts to be linked to the ID of a Chinese national or a business registered in China. 

A Tencent spokesman confirmed to ZDNet on Monday evening that the account was originally registered by a PRC individual, but that it is currently being managed by a technology services organisation. 

"Based on our information, this appears to be a dispute over account ownership -- the account in question was originally registered by a PRC individual and was subsequently transferred to its current operator, a technology services company -- and it will be handled in accordance with our platform rules," the Tencent spokesperson said. 

"Tencent is committed to upholding the integrity of our platform and the security of all users accounts, and we will continue to look into this matter." 

According to ABC News, Morrison's WeChat account was sold to Fuzhou 985 Information Technology in November of last year by the registered owner. 

The Chinese corporation allegedly purchased the social media account since it had roughly 75,000 followers and had no idea it was owned by Morrison. 

WeChat has been subjected to increasing restrictions in China, after being placed on notice last year for gathering more user data than was considered essential while providing services.
Read more »
Security flaw
Australia Covid-19 Vaccinations Cyber Security Security flaw

Services Australia Dismisses Security Concerns with COVID-19 Digital Certificates

 

During Australia's federal Budget Estimates last year, senators questioned Services Australia on a variety of initiatives under its purview, ranging from the COVID-19 digital certificate rollout to the botched Robo-debt programme. 

The purported lack of security of Australia's COVID-19 digital certificates concerned Labor Senators Tim Ayres and Nita Green, with both accusing the certificate of being easily falsified by man-in-the-middle cyber-attacks. 

Fenn Bailey, a Melbourne-based software developer, discovered the security flaw in September 2021 after reading about previous publicly disclosed flaws. He observed that the government was using a "high-school grade permissions password" to prevent unauthorized people from altering or copying vaccination certificates. Mr. Bailey discovered that it was then possible to change a name or the vaccinated status on the certificate.

Responding to the senators' concerns, Services Australia stated that it was aware of reports of man-in-the-middle cyber assaults using the Medicare Express Plus app, but dismissed the worries by stating that such attacks "need significant knowledge and skill."

It further stated that there are no existing vulnerability disclosure mechanisms in existence, nor are there any plans to develop such a programme for digital vaccination certificates in the future. This is despite the fact that security researcher Richard Nelson detailed last year the difficulty for the private sector and the general public in disclosing issues about certificates to the government, which Ayres mentioned during Budget Estimates. 

"Services Australia takes the integrity of the Medicare system and the Australian Immunisation Register extremely seriously," Services Australia said in its response to questions on notice. "Full cyber assessments are undertaken several times a year and we work closely with the Australian Signals Directorate and Australian Cyber Security Centre on potential vulnerabilities on mobile applications."

The Digital Transformation Agency (DTA) released an update for Australia's other federal COVID-19 product, COVIDSafe, stating that monthly costs to run the app have been approximately what it expected of around AU$60,000 per month since it took over responsibility for the app. During Budget Estimates, Labor Senator Marielle Smith asked the DTA how many individuals downloaded and then removed the app, but the agency said it does not track that data. 

In response to complaints regarding Service Australia's progress in refunding incorrectly issued Robo-debts, the agency supplied additional information about the clients who have yet to get a refund.
 
According to the organization, approximately 8,500 customers have yet to get a reimbursement; 501 are deceased estates, 280 are incarcerated, 539 are indigenous, and 106 had a vulnerability indicator on their customer record at the time they were last paid.
Read more »
Phishing Attacks
Australia Cyber Security phishing Phishing and Spam Phishing Attacks

190 Australian Organisations Left Vulnerable to Phishing Attacks

 

An "extremely permissive" Sender Policy Framework document exposed 190 Australian companies to business email compromise and phishing, allowing cybercriminals to mimic verified sender addresses. 

The Sender Policy Framework (SPF) is an anti-spam and verification mechanism that allows delivering organizations to inspect within the Domain Name System (DNS) which Internet Protocol addresses recipient email systems may expect legitimate emails to originate from. 

Sebastian Salla of security vendor Can I Phish in Sydney discovered that an unknown city government in Queensland had added to its SPF file each IP address that Amazon Web Services reserves for Elastic Cloud Compute cases in Australia. 

This totaled to over 1,000,000 IPv4 addresses, posing a threat to many organizations' email supply chain, according to Salla. 

“Each of the affected 190 organizations and their downstream customers is at an extreme risk to business email compromise and phishing-related attacks,” Salla wrote.

“Anyone with a credit card can sign-up for an AWS account, spin up an EC2 instance, request AWS to remove any SMTP restrictions, and begin sending SPF authenticated emails as though they are any of these organizations.” 

Salla's tests revealed that he was prepared to submit SPF-authenticated emails that passed all scans. Salla was able to determine that the SPF file had been used for customers of an Australian managed service provider and internet development company by analyzing it. 

He also stated that the vulnerabilities discovered had been addressed by the managed service provider. Salla discovered that the too permissive SPF file was produced about three years ago, putting the businesses impacted by the flaw in jeopardy all that time. 

Salla said the MSP has “removed all the overly permissive /16 address blocks and replaced them with single IP addresses for the mail servers that are actually under their control” – thus applying “the fix to all affected customers at once”.
Read more »
Subscribe to: Posts (Atom)