Search This Blog

Showing posts with label Australia. Show all posts

AUSTRAC Publishes New Guidance on Ransomware and Crypto Crime

 

The Australian Transaction Reports and Analysis Centre (AUSTRAC) has released two new financial guides for businesses to detect and prevent criminal abuse of digital currencies and ransomware. 

Each guide provides practical recommendation to assist businesses detect if a payment is related to a ransomware assault, or if someone is exploiting digital currencies and blockchain technology to commit crimes such as tax evasion, terror financing, scams or money laundering. 

The guideline implored businesses to be on the lookout for users who tried to obfuscate the trail of their digital assets transactions by using mixers, privacy assets, and decentralized finance (DeFi) platforms suspiciously. 

Among the particular indicators, Austrac recommends being careful when figuring out if somebody is using digital currencies for terrorism financing, for example, is when transactions to crowdfunding or online fundraising campaigns are linked to ideologically or religiously motivated violent extremism centered boards, or when a buyer account receives a number of small deposits, that are instantly transferred to private wallets. 

In the meantime, some indicators of identifying when an individual is a sufferer of a ransomware assault, according to Austrac, include when a customer increases the limit on their account after which rapidly sends funds to a third party; following a preliminary giant digital currency transfer, a customer has little or no additional digital forex exercise; and when a newly onboarded customer desires to make a direct and huge buy of digital currency, followed by a direct withdrawal to an exterior digital currency address. 

"Financial service providers need to be alert to the signs of criminal use of digital currencies, including their use in ransomware attacks," Austrac CEO Nicole Rose said in a statement. 

The guides have been released in response to the increase in cyber threats to Australia. In 2020-21, 500 ransomware attacks were reported, marking a 15% increase from the previous fiscal year, analysts at Austrac noted. 

Earlier this month, IDCare reported that over 5,000 customer details of former cryptocurrency exchange Alpha were exposed online. The details included the driver's license, passport, proof of age, and national identity card images of 232 Australians and 24 New Zealanders. 

IDCare initially discovered the breach in late January when it noticed a post for sale on a Chinese-speaking platform for $150, before it was eventually posted to be accessed without spending a dime on another online forum called Breached.

"This event poses a serious risk to the identities of any involved. Due to the nature of the identity documents discovered, we urge anyone who had any dealings with AlphaEx to contact us," IDCare said.

How Australia’s Leader Lost Control of His Chinese Social Media Account

 

After Prime Minister Scott Morrison's WeChat account was hacked, a Liberal member of parliament accused the Chinese government of foreign intervention. 

"It is a matter of record that the platform has stopped the Prime Minister's access, while Anthony Albanese's account is still active featuring posts criticising the government," Liberal representative Gladys Liu stated

"In an election year especially, this sort of interference in our political processes is unacceptable, and this matter should be taken extremely seriously by all Australian politicians." 

Liu stated she would stop utilizing her professional and personal WeChat accounts until the platform presented an explanation for the incident as part of her accusations against the Chinese government. 

Several Coalition members have supported Liu's charges and boycott, with Liberal Senator James Paterson, chair of the Parliamentary Joint Committee on Intelligence and Security, asking for Opposition Leader Anthony Albanese to boycott WeChat as well. 

The Prime Minister's office is attempting to contact the Chinese government regarding the account hijacking, according to Stuart Robert, the Minister responsible for digital transformation, who told The Today Show on Monday morning. 

"It is odd, and of course, the Prime Minister's office is seeking to connect through to them to work out and get it resolved," Robert said. 

Morrison's WeChat account was apparently changed and he had accessibility issues months ago, according to NewsCorp Australia, with the Prime Minister being unable to access the account at all.

Morrison's account is linked to a Chinese national based in Fujian, according to Australian Strategic Policy Institute senior analyst Fergus Ryan, because WeChat's policies at the time mandated accounts to be linked to the ID of a Chinese national or a business registered in China. 

A Tencent spokesman confirmed to ZDNet on Monday evening that the account was originally registered by a PRC individual, but that it is currently being managed by a technology services organisation. 

"Based on our information, this appears to be a dispute over account ownership -- the account in question was originally registered by a PRC individual and was subsequently transferred to its current operator, a technology services company -- and it will be handled in accordance with our platform rules," the Tencent spokesperson said. 

"Tencent is committed to upholding the integrity of our platform and the security of all users accounts, and we will continue to look into this matter." 

According to ABC News, Morrison's WeChat account was sold to Fuzhou 985 Information Technology in November of last year by the registered owner. 

The Chinese corporation allegedly purchased the social media account since it had roughly 75,000 followers and had no idea it was owned by Morrison. 

WeChat has been subjected to increasing restrictions in China, after being placed on notice last year for gathering more user data than was considered essential while providing services.

Services Australia Dismisses Security Concerns with COVID-19 Digital Certificates

 

During Australia's federal Budget Estimates last year, senators questioned Services Australia on a variety of initiatives under its purview, ranging from the COVID-19 digital certificate rollout to the botched Robo-debt programme. 

The purported lack of security of Australia's COVID-19 digital certificates concerned Labor Senators Tim Ayres and Nita Green, with both accusing the certificate of being easily falsified by man-in-the-middle cyber-attacks. 

Fenn Bailey, a Melbourne-based software developer, discovered the security flaw in September 2021 after reading about previous publicly disclosed flaws. He observed that the government was using a "high-school grade permissions password" to prevent unauthorized people from altering or copying vaccination certificates. Mr. Bailey discovered that it was then possible to change a name or the vaccinated status on the certificate.

Responding to the senators' concerns, Services Australia stated that it was aware of reports of man-in-the-middle cyber assaults using the Medicare Express Plus app, but dismissed the worries by stating that such attacks "need significant knowledge and skill."

It further stated that there are no existing vulnerability disclosure mechanisms in existence, nor are there any plans to develop such a programme for digital vaccination certificates in the future. This is despite the fact that security researcher Richard Nelson detailed last year the difficulty for the private sector and the general public in disclosing issues about certificates to the government, which Ayres mentioned during Budget Estimates. 

"Services Australia takes the integrity of the Medicare system and the Australian Immunisation Register extremely seriously," Services Australia said in its response to questions on notice. "Full cyber assessments are undertaken several times a year and we work closely with the Australian Signals Directorate and Australian Cyber Security Centre on potential vulnerabilities on mobile applications."

The Digital Transformation Agency (DTA) released an update for Australia's other federal COVID-19 product, COVIDSafe, stating that monthly costs to run the app have been approximately what it expected of around AU$60,000 per month since it took over responsibility for the app. During Budget Estimates, Labor Senator Marielle Smith asked the DTA how many individuals downloaded and then removed the app, but the agency said it does not track that data. 

In response to complaints regarding Service Australia's progress in refunding incorrectly issued Robo-debts, the agency supplied additional information about the clients who have yet to get a refund.
 
According to the organization, approximately 8,500 customers have yet to get a reimbursement; 501 are deceased estates, 280 are incarcerated, 539 are indigenous, and 106 had a vulnerability indicator on their customer record at the time they were last paid.

190 Australian Organisations Left Vulnerable to Phishing Attacks

 

An "extremely permissive" Sender Policy Framework document exposed 190 Australian companies to business email compromise and phishing, allowing cybercriminals to mimic verified sender addresses. 

The Sender Policy Framework (SPF) is an anti-spam and verification mechanism that allows delivering organizations to inspect within the Domain Name System (DNS) which Internet Protocol addresses recipient email systems may expect legitimate emails to originate from. 

Sebastian Salla of security vendor Can I Phish in Sydney discovered that an unknown city government in Queensland had added to its SPF file each IP address that Amazon Web Services reserves for Elastic Cloud Compute cases in Australia. 

This totaled to over 1,000,000 IPv4 addresses, posing a threat to many organizations' email supply chain, according to Salla. 

“Each of the affected 190 organizations and their downstream customers is at an extreme risk to business email compromise and phishing-related attacks,” Salla wrote.

“Anyone with a credit card can sign-up for an AWS account, spin up an EC2 instance, request AWS to remove any SMTP restrictions, and begin sending SPF authenticated emails as though they are any of these organizations.” 

Salla's tests revealed that he was prepared to submit SPF-authenticated emails that passed all scans. Salla was able to determine that the SPF file had been used for customers of an Australian managed service provider and internet development company by analyzing it. 

He also stated that the vulnerabilities discovered had been addressed by the managed service provider. Salla discovered that the too permissive SPF file was produced about three years ago, putting the businesses impacted by the flaw in jeopardy all that time. 

Salla said the MSP has “removed all the overly permissive /16 address blocks and replaced them with single IP addresses for the mail servers that are actually under their control” – thus applying “the fix to all affected customers at once”.

For 9 Months, Hackers Went Unnoticed on a Queensland Water Supplier's Server

 

Hackers hid on a server holding client information for a Queensland water company for nine months, demonstrating the need for robust cyber defenses for key infrastructure. SunWater is a government-owned water company in Australia that manages 19 large dams, 80 pumping stations, and 1,600 miles of pipelines. SunWater was hacked for nine months, according to the Queensland Audit Office's annual financial audit report, with the perpetrators going unnoticed the entire time. 

Although the entity isn't named in the report, ABC Australia questioned the authority and discovered it was SunWater. Between August 2020 and May 2021, the actors gained access to a webserver that the water company used to store customer information. The hackers didn't appear to be interested in stealing critical information, as they instead used specialized malware to drive traffic to an online video platform.  

There is no evidence that the threat actors stole any consumer or financial information, according to the audit report, and the vulnerability that they exploited has since been addressed. According to the report, the actors only hacked the older, more vulnerable version of the system, leaving the modern, far more secure web servers unharmed. 

The audit looked at six water authorities, including Seqwater, Sunwater, Urban utilities, Unitywater, Gladstone Area Water Board, and Mount Isa Water Board, and warned of information system vulnerabilities. Internal control flaws, such as those involving money transfer payment information, were also discovered. The 36-page report recommended that "ongoing security weaknesses in information systems" be addressed immediately. 

It was observed that in the instance of the cyber breach, steps were made to address the problem, including software updates, the use of stronger passwords, and the monitoring of incoming and outgoing network traffic. Despite the audit office's recommendation last year that institutions tighten the security of their information systems, not all had taken action, according to the study. On June 30, three of the six organizations still exhibited "control weaknesses," according to the report. The report also identified issues with internal controls, identifying 24 flaws in the sector. According to the report, one authority had three deficiencies in managing user access across financial, invoicing, and payroll systems. 

"We continue to identify several control deficiencies relating to information systems. Cyber-attacks continue to be a significant risk, with ongoing changes in entities' working environments due to COVID-19," reads the auditors' report.

Thousands of South Australian License Accounts Compromised in mySA GOV Data Breach

 

More than 2,000 SA driver’s licenses were compromised in a cyberattack that uncovered passwords to mySA GOV accounts. 

mySA Gov is the South Australian government's online platform that provides residents to access all state services with a single account, such as checking into a venue or completing transactions for vehicle registration. 

The department of Infrastructure and Transportation said attackers gained access to these accounts as account holders used the same or a similar password for their mySA Gov account as they had used for their account with an unrelated website. However, the department did not provide details regarding the unrelated website.

The hackers secured access to 2,601 mySA Gov accounts, 2,008 of which contained registration and licensing details, ABC reported. The government said there is “no evidence” of any unauthorized transactions on the compromised accounts, but is taking necessary precautions to mitigate further risks. It includes blocking the compromised accounts, informing the victims regarding the breach, urging all impacted account holders to change their driver's license number by attending a Service SA Centre. 

"It is strongly recommended that when choosing a new password for their account, customers do not use a password that has been previously used or is currently being used for any other accounts This is a timely reminder to all mySA Gov account holders and South Australians more generally to always set complex passwords and do not use the same password for more than one account," the Department for Infrastructure and Transport said in a statement. 

Fortunately, the hack does not relate to the mySA GOV app currently used for COVID check-ins, Chris McArdle from the department told David & Will on FIVEaa Breakfast. “There is no compromise or connection to that for this incident. That’s really important for the community to understand that the COVID safe check-in that is part of that app is completely unaffected and all the data that is associated with that is still safe and secure… none of that has been affected.” 

According to the Cost of a Data Breach Report 2021, published by IBM Security, the total global cost of data breaches in public sectors surged nearly 79% between 2020 and 2021. That’s a total average data breach cost of $1.93 million. It reflects that governments are facing an uphill battle to combat the growing surge of cyber espionage and extortion.

Cryptoscams Cost Australians About AU$6.6 Million Every Month

 

From the beginning of the year to the end of August, losses due to cryptocurrency investment scams accounted for over a quarter of all scams reported to the Australian Competition and Consumer Commission (ACCC). The ACCC said that it received 3,007 reports totaling losses of AU$53.2 million in response to a notice from the Senate Select Committee on Australia as a Technology and Financial Centre. This accounted for 55% of all investment fraud losses and 48% of all investment fraud reports. 

New South Wales had 860 reports for losses of AU$20.6 million, Victoria had 563 reports for losses of AU$12.6 million, Queenslanders lost AU$8.2 million and submitted 485 reports, and Western Australia had 268 reports for losses of AU$3.8 million. 

People in the 55-64 age group lost over AU$12.6 million and submitted 365 complaints, while those over 65 lost AU$10.7 million and filed 356 reports, and those in the 44-54 age group filed 352 reports and lost AU$8.7 million. The losses declined with age, with individuals aged 35-44 reporting 627 losses totaling AU$7.6 million. Young people aged 25 to 34 lost AU$7 million and filed 570 reports. 

Between January and July 2021, Australians lost over 70 million AUD (or 50 million USD) as a result of such scams, according to Delia Rickard, ACCC Deputy Chair. The most popular investment frauds included cryptocurrencies, particularly Bitcoin. 

Ms. Rickard went on to say that threat actors frequently entice victims with promises of high earnings and minimal risk. She cautioned that such incidents should draw the attention of investors rather than luring them in carelessly. “Be wary of investment opportunities with low risk and high returns. If something sounds too good to be true, it probably is,” she said. 

"While the proportion of reports involving a financial loss has dropped this year, the people who do lose money are losing bigger amounts. The average loss so far this year is about AU$11,000 compared to AU$7,000 for the same period in 2020," Delia said. 

According to the ACCC, phishing scams have increased by 261%, remote access scams have increased by 144%, and identity theft has increased by 234%. The consumer watchdog said it has been giving scammer phone numbers to Australian carriers and working with banks to "raise awareness with their consumers" who may have been infected with the Android spyware Flubot.

Flubot Malware Targets Australians, Spreads Via SMS

 

Muddled phone SMSs and phantom calls attack smartphones in a new wave of hoaxes throughout Australia, including the one that claims a friend's voice message but provides malware that can acquire user personal information. This latest SMS scan, called Flubot, has affected thousands of Australians that intend to implant dangerous malware programs on their smartphones. 

Although the messages could be received by iPhone users as well, Flubot is a sort of virus that targets Android users. It informs the receiver of a missed call or a fresh voicemail and gives the recipient a bogus link to listen to the voice mail. This link leads users to a website that appears like a legitimate brand - maybe Telstra in Australia but it was a packaging provider in Europe. This page asks users to install software to listen to the voice message on their phones. 

It then downloads malware if somehow the user approves. The attacker will gain access to payment card details, private information, SMs intercept, browsing pages, and collect additional information stored on the smartphone if privileges are given for the application. The malware additionally allows the attacker to browse the list of contacts of the user and potentially find new victims. 

Manual solutions are available to eliminate the spyware, although Telstra has recommended users to reset the device with the factory version and to recover the device to a version before the virus was implanted. 

Flubot initially hit Europe earlier this year even before Australians started being inundated with it this month. The Australian Competition and Consumer Commission has informed The Guardian Australia that its Scamwatch Service has gathered over 3700 reports of this exact fraud since the initial report on 04 August. Scamwatch got 413 daily reports on all frauds linked to SMS including Flubot from 4 to 17 August, compared to the 122 received from 01 July to 03 August. 

Delia Rickard, deputy chair of the Australian Competition and Consumer Commission said, “It is flooding the country and it is a really dangerous one.” “We’ve just had one complaint about an instance where the person lost nearly $5000. It appears that the malware has created a fake Google Pay login screen, and the person logged in and then the money disappeared from their account afterward.” 

The finishing touches for fraudsters are cash or personal data, that may subsequently be auctioned on the dark web. Flubot is only one of several frauds in existence that contributes to the pandemic's best year for hackers and cyber thieves. Australians sacrificed almost $850 million to cyber criminals last year, according to ACCC. 

Telstra’s deputy chief information security officer, Clive Reeves, said last week the company was “working with the security community to address this scam”. 

An Optus spokesman said that the business has started contacting impacted consumers. The telecom additionally recommended McAfee Wi-Fi Secure antivirus software to protect consumers linked to wifi connections. 

Another TPG spokeswoman, who manages the Brand Vodafone in Australia, said that last week the firm, including the Flubot scam, has banned over 14m scam SMS. “As scammers constantly morph their tactics, we continually update our filters and mechanisms to catch new scams,” the spokesperson said.

SecureWorx, an Australian Cybersecurity Firm Acquired by EY

 

SecureWorx, a managed services provider, has been bought by Ernst & Young (EY) Australia for an undisclosed sum. SecureWorx, based in Melbourne, specializes in multi-cloud services, managed security operations, and security advisory services for businesses that handle sensitive data. It also offers managed security operations services 24 hours a day, seven days a week, with government-approved staff and facilities. 

“Cyber security is a critical business function that has moved beyond our clients’ technology agenda,” said recently installed EY Australia CEO David Larocca. “This is because we’re seeing a dramatic escalation in the frequency and impact of ransomware attacks that are changing the way Boards are accountable to stakeholders. Our clients are telling us that cybersecurity is one of their greatest concerns.” 

In response to new mandatory requirements in the Security Legislation Amendment (Critical Infrastructure) Bill 2020, including sovereign cybersecurity capabilities, EY said the purchase will boost its cybersecurity services portfolio. SecureWorx CEO Philip Mulley will join EY Australia as Sovereign Cybersecurity Leader as part of the acquisition. 

“We have long admired EY and in particular the work of their cybersecurity team,” Mulley said. “Joining gives us access to EY’s global thought leadership and deep industry knowledge. For our people it provides exciting career development opportunities through industry focus, technology career paths and global reach and mobility. EY’s Cyber team in Australia is a natural, cultural fit for us.” 

The purchase was motivated by EY's desire to improve its ability to assist clients with their mandated duties under new security legislation. “The latest updates to the Security of Critical Infrastructure Act outline new requirements that will require significant investment for onshore cyber capabilities to detect and combat threats,” said EY Oceania cybersecurity lead partner Richard Bergman. 

“SecureWorx has a set of cybersecurity assets that complement EY Australia’s existing cybersecurity team and capabilities including government-accredited hosting facilities in Melbourne and Canberra and an accredited Security Operations Centre in Melbourne,” Bergman continued, adding that the purchase would complement Aleron's 2019 cybersecurity acquisition and Open Windows' earlier acquisition. 

Over the last few years, the Australian consulting industry has seen a flurry of M&A activity in the cybersecurity space, which appears to be intensifying due to rising market demand. According to a recent Boston Consulting Group report, Australia's cloud market will approach $10 billion in 2022 or 2023, up from under $5 billion three years ago.

1.2 Million Aussies Suffered when Uber was Breached in 2016

 

Uber infringed on the privacy of more than 1 million Australians in 2016, according to the Office of the Australian Information Commissioner (OAIC). Personal data of an estimated 1.2 million Australian customers and drivers was accessed from a breach in October and November 2016, Australia's Information Commissioner and Privacy Commissioner Angelene Falk said on Friday that US-based Uber Technologies Inc and Dutch-based Uber B.V. failed to adequately protect it.

In late 2017, it was revealed that hackers had stolen data on 57 million Uber users throughout the world, as well as data on over 600,000 Uber drivers. Uber hid the breach for over a year and paid the hacker to keep it hidden instead of notifying individuals affected. OAIC said its investigation focused on whether Uber had preventative measures in place to secure Australians' data, even though Uber compelled the attackers to destroy the data so that there was no evidence of future exploitation. 

The Uber company, according to Falk, violated the Privacy Act 1988 by failing to take reasonable precautions to protect Australians' personal information from unauthorized access and destroy or de-identify the data as required. She also claimed that the tech giant failed to take reasonable steps to implement practices, procedures, and systems to ensure compliance with the Australian Privacy Principles (APP). 

"Rather than disclosing the breach responsibly, Uber paid the attackers a reward through a bug bounty program for identifying a security vulnerability," the determination says. "Uber did not conduct a full assessment of the personal information that may have been accessed until almost a year after the data breach and did not publicly disclose the data breach until November 2017." 

Falk said the case presented complicated questions about how the Privacy Act applies to firms situated overseas that outsource the handling of Australians' personal information to other companies within their corporate group. "Australians need assurance that they are protected by the Privacy Act when they provide personal information to a company, even if it is transferred overseas within the corporate group," she added. 

Uber agreed to pay $148 million in a US settlement over the incident in September 2018 and was fined over £900,000 by the UK and Dutch regulators a few months later for the 2016 data breach. In October 2019, two men pled guilty to the hack, and US authorities accused Uber's former chief security officer in August 2020 of the cover-up. "We learn from our mistakes and reiterate our commitment to continue to earn the trust of users," an Uber spokesperson said.

Operation Trojan Shield a Success: The FBI and Australian Officials

 

More than 800 suspects, 8 tonnes of cocaine as well as more than $48 million have been captured in a large worldwide sting operation involving sixteen countries, including the US, officials revealed on Tuesday 8th of July.

According to Europol, the European Union law enforcement agency, the FBI, and Australian law enforcement have established and operated an encoded device company, named ANOM, which was then utilized to obtain access to organized criminal networks in over 100 nations. 

The ANOM APP allows police officers to track the drug smuggling, money laundering, and even assassination plans, which had been discreetly circulated among the offenders. 

Drug gangs and those linked to the mafia were their targets. The operation, which took place in even more than a dozen nations, comprised drugs, firearms, luxury automobiles, and cash of the offenders. 

“Operation Trojan Shield is a shining example of what can be accomplished when law enforcement partners from around the world work together and develop state of the art investigative tools to detect, disrupt and dismantle transnational criminal organizations,” said Calvin Shivers, the assistant director of the FBI’s Criminal Investigative Division in a press conference in The Hague, Netherlands. 

Whereas Australian Prime Minister Scott Morrison said the operation had "struck a heavy blow against organized crime" around the world. 

Initially, the FBI started using a network of protected devices named ANOM and disseminated devices that over the criminal world using the chat app. The operation came about when the law enforcement agencies took over two other encrypted websites leaving criminal gangs on the market for new protected phones. 

Initially, the gadgets were utilized by claimed senior criminals, which provided the platform with confidence to other offenders. 

Van der Berg added that the users of the network had talked in 45 languages about drug trafficking, arms and explosives, armed robbery, contract assassinations, and more. 

Australian fugitive and suspected drug trafficker Hakan Ayik was vital to the sting because, after being provided a cell phone by undercover detectives, the App was relentlessly recommended to criminal friends, authorities said. 

Officials added that the operation was able to eliminate over 100 threats to lives, other than the drug, weapons, and money arrests and seizures. Access to their networks also permitted law enforcement agencies to see images of hundreds of tonnes of cocaine camouflaged in fruit and canned goods. Authorities have indicated that they have triggered these large arrests because illicit companies have gained critical strength. 

Australian Prime Minister Scott Morrison said in a press conference Tuesday that the operation "struck a heavy blow against organized crime — not just in this country, but one that will echo around organized crime around the world."

World’s Biggest Meat Supplier JBS Suffered a Cyber Attack

 

An advanced cyber attack was carried out at the largest meat processing enterprise in the world. 

JBS, the largest beef supplier in the world, stated that its systems returned online late on Tuesday, following a severe cyberattack that took down certain activities of the USA and Australia. 

The attack damaged servers in North America and Australia that were supporting their IT systems, the corporation said in a press release. 

"The company is not aware of any evidence at this time that any customer, supplier, or employee data has been compromised or misused as a result of the situation," JBS said. "Resolution of the incident will take time, which may delay certain transactions with customers and suppliers." 

JBS USA, the food giant, is part of JBS Foods. According to its website, it operates in 15 countries and has clients in around 100 nations. Pilgrim's, Great Southern, and Aberdeen Black are among its brands. JBS said that it is working with an incident response company to restore its systems as quickly as possible. 

During a press conference on Tuesday, the White House acknowledged the attack. Principal Deputy Secretary of Press, Karine Jean-Pierre, briefed reporters that JBS has been a victim of a ransomware attack "from a criminal organization likely based in Russia." The FBI investigates the attack, the White House confirms. 

President Biden has also instructed his government, to assess the impact on the supplies of beef in the country that may be mitigated, alongside the United States Dollars. 

According to Union officials, JBS stopped slaughtering cattle in every U.S. plant on Tuesday. The incident on Monday brought Australian activities to a halt. JBS controls approximately 20% of the US livestock slaughter capability with North American operations based in Greeley, Colorado. 

Australia's Agriculture, Drought, and Emergency Management Minister David Littleproud tweeted regarding the JBS cyber-attack on Tuesday, stating that the company works tightly with law enforcement authorities and in Australia and abroad, to get operational activities back and forth and "to bring those responsible to account." 

The attack happened a few weeks after a cyberattack that prompted a six-day shutdown from one of the largest gas pipelines in the United States: Colonial Pipeline. Since then, the pipeline has returned to normal working. 

"If the Colonial Pipeline cyberattack didn't impact enough consumers to spur response by the international community, the JBS meat supplier incident likely will," Meg King, the director of the science and technology innovation program at The Wilson Center, told CNN Business. "Now is the time for a global agreement to break the business model of ransomware," she added. 

However, "The White House is engaging directly with the Russian government on this matter and delivering the message that responsible states do not harbor ransomware criminals," Jean-Pierre said. 

In the past, the US government has suggested that firms do not compensate offenders for ransomware attacks if they encourage such hacking in the future.

US and Australia Warn of Rise in Avaddon Ransomware Attacks

 

The Federal Bureau of Investigation (FBI) and the Australian Cyber Security Centre (ACSC) have issued an alert about an ongoing Avaddon ransomware campaign that is affecting organizations across a wide range of industries in the United States and across the world. 

Avaddon ransomware associates are attempting to breach the networks of manufacturing, healthcare, and other private sector entities around the world, according to a TLP:GREEN flash warning issued by the FBI last week. 

The ACSC clarified the targeting details today, stating that the ransomware group's associates are targeting companies from a broad variety of industries, including government, banking, law enforcement, energy, information technology, and health. Although the FBI only cites ongoing attacks, the ACSC lists a number of countries that have been targeted, including the United States, the United Kingdom, Germany, China, Brazil, India, the United Arab Emirates, France, and Spain, to name a few.

"The Australian Cyber Security Centre (ACSC) is aware of an ongoing ransomware campaign utilizing the Avaddon Ransomware malware [..] actively targeting Australian organizations in a variety of sectors," the ACSC added. 

Avaddon threat actors threaten victims with denial-of-service (DDoS) attacks in order to persuade them to pay ransoms, according to the ACSC (in addition to leaking stolen data and encrypting their system). However, no evidence of DDoS attacks has been discovered as a result of the Avaddon ransomware attacks, according to the FBI. 

The Avaddon ransomware group first declared in January 2021 that they would use DDoS attacks to bring down victims' websites or networks before they reach out and negotiate a ransom payment. 

When ransomware groups started using DDoS attacks against their victims as an additional leverage point, BleepingComputer first posted on this new trend in October 2020. SunCrypt and RagnarLocker were the two ransomware operations that used this new strategy at the time. 

The first Avaddon ransomware samples were discovered in February 2019, and the ransomware started hiring affiliates in June 2020 after launching a massive spam campaign that targeted users all over the world. Affiliates of the Avaddon RaaS operation are required to obey a set of guidelines, one of which is that no targets from the Commonwealth of Independent States be pursued (CIS). 

Avaddon pays each affiliate 65 percent of the ransom money they bring in, with the operators receiving the remaining 35 percent. Avaddon ransomware’s affiliates have also been known to steal data from their victims' networks before encrypting systems in order to double-extortion. 

Almost all active ransomware operations have adopted this technique, with victims commonly informing their customers or employees of potential data breaches following ransomware attacks.

New South Wales Labor Party Hit By Avaddon Threat Attackers Demand Ransom


On Wednesday afternoon New South Wales (NSW) police unit has disclosed an apparent ransomware attack on the New South Wales labor party. 

Global cybercriminals group has given a 10 days timeline to the labor party to pay a ransom or else the illicitly accessed credentials will be put into the public domain including driver’s licenses, images of passports, and employment contracts.

According to the data, the ransomware operational group named Avaddon, which emerged in Russia is found to be behind the recent breach. Additionally, for further information Sydney City Police Area Command, has already begun its inquiries against the attack. 

The Avaddon ransomware was originated in the middle of 2020 in an underground forum(where participants exchange information on abusive tactics and engage in the sale of illegal goods and services, which are a form of online social network (OSN). Research suggests that Avaddon has been linked to various malicious activities, including data compromise and leaked credentials of at least 23 organizations as of February this year. 

Further, a research university, Rey Juan Carlos in Spain has published a research paper in which it disclosed that the Avaddon ransomware uses distributed denial-of-service attacks against its victims that denied to pay the ransom. 

“NSW Labor, the company does not want to cooperate with us, so we give them 240 hours to communicate and cooperate with us. If this does not happen before the time counter expires, we will leak valuable company documents…” 

“…We have a large amount of data on contracts, a lot of confidential information, confidential contracts, driver’s licenses, passports, employment contracts, information about employees, resumes, and more,” Avaddon said in a post on its website. 

Prior to this cyberattack, Austrian high profile organizations have been targeted including the email systems of the Commonwealth and West Australian parliaments that were taken offline this year. Now, a major political party has become a victim of cyber threats; however, this is the first time when cyber attackers have tried to extort an Australian political party for their financial advantages. 

Josh Lemon, managing director of digital forensics and incident response at business advisory firm Ankura, said most of the screenshots contained keywords such as “sensitive” and “confidential”. 

“Although it’s a little bit abstract, as someone who isn’t the victim, it’s intended to provide proof to the actual victim,” Mr. Lemon added. 

Customers Deceived by Google for Collection of User Location Data

 

The Federal Court of Australia observed that somewhere between January 2017 and December 2018, Google LLC and Google Australia Pty Ltd (together, Google) deceived customers in a world-first compliance action by ACCC on personal location information gathered from Android mobile devices. 

As a result of the 2019 legal proceedings against Google, the Australian Competition and Consumer Commission (ACCC) has stated that the rulings represent an "important victory for consumers" over protecting online privacy. Google deceived Android users to believe that the tech giant will only collect personal information, the ACCC said. 

“This is an important victory for consumers, especially anyone concerned about their privacy online, as the Court’s decision sends a strong message to Google and others that big businesses must not mislead their customers,” ACCC Chair Rod Sims said. “Today’s decision is an important step to make sure digital platforms are upfront with consumers about what is happening with their data and what they can do to protect it.” 

The Court ruled that in the initial installation Google misrepresented the setting of 'Location History' as the only Google Account setting which impacted whether Google obtained, maintained, or used personally identifiable information on the location of a device once consumers had created a new Google Account. In reality, Google was also able to capture, store and use personal location data during activation through a different Google Account setting entitled 'Web & App Activity.' Though this setting was set by default.

Also between 9 March 2017 and 29 November 2018, customers were deceived by the fact that Google didn't bother to tell them that perhaps the configuration was related to the collection of personal location data after they had accessed the 'Web & App Activity settings on their Android system. The Court held that the actions of Google could trick the audience. 

“We are extremely pleased with the outcome in this world-first case. Between January 2017 and December 2018, consumers were led to believe that ‘Location History’ was the only account setting that affected the collection of their location data, when that was simply not true,” Mr. Sims said. He also added, “Companies that collect information must explain their settings clearly and transparently, so consumers are not misled. Consumers should not be kept in the dark when it comes to the collection of their location data.” 

The Court rejected the claims of the ACCC concerning certain declarations by Google on how users could prevent Google from obtaining and then using the location information and the purposes for which Google uses its personal location information. Though the ACCC seeks declarations, fines, instructions for publishing, and conformity orders.

Live Broadcast Got Disrupted Due to Cyber-Attack on The Australian Tv Network- Nine

 

A cyber-attack on Australia's Channel Nine TV network has interrupted live broadcasts, raising questions about the country's exposure to hackers. ‘Weekend Today’, the broadcaster's Sunday morning news program that broadcasts from 7:00 a.m. to 1:00 p.m. from its Sydney headquarters, was also unable to air. In addition, the network's 5:00 p.m. newscast was also not broadcasted in Melbourne. 

The hack was being investigated as "criminal sabotage or the work of a foreign nation," according to Nine. On Sunday, Australia's parliament was looking into a potential cyber-attack in Canberra. Entry to IT and emails at Parliament House has been restricted as a precaution, according to Assistant Defense Minister Andrew Hastie. 

“We wish to inform you there has been a cyber-attack on our systems which has disrupted live broadcasts out of Nine Sydney,” reads an email sent by the company to staff. “Our IT teams are working around the clock to fully restore our systems which have primarily affected our broadcast and corporate business units.” 

The company reported that it had placed in position contingencies to ensure that its NRL and 6:00 pm news broadcasts would go ahead as scheduled. While the IT team has been working nonstop to fully restore their systems, that have mainly impacted their broadcast and corporate business units. The publishing and radio systems are still up and running. 

The broadcaster expressed optimism that the ‘Today Show’ would be able to resume with normal programming. Until further information, all employees have been requested to operate from home. Emails did not appear to be affected, according to the company, but the Nine IT network was. The company had previously reported that it was "responding to technical issues" that were impacting its live broadcasting. 

“Cyber hackers have targeted Channel Nine in a massive ransomware attack bringing down its network Australia-wide. No-one has claimed responsibility for the bug but IT experts are working to bring systems back on-line,” said Loxley. 

According to a source, Nine management had told staff that a "malicious" cyber-attack was suspected as the cause. The Australian Financial Review, which is also owned by Nine, also announced that the media group was possibly the victim of a cyber-attack, which could have long-term consequences.

Australian Cyber Security Centre Hit by Cyber Security Attack

 

The Australian Cyber Security Centre is on high alert for the vulnerability lately. The Australian corporate regulator has been the latest high-profile survivor of a hacking attack on the same program that used to target both the New Zealand Reserve Bank and the Allens law firm. On Monday (25th January) evening, a 'cyber safety incident involving a server used by ASIC' was said to have been hit by the Australian Securities and Investments Commission. 

It all started when the Australia Securities Regulator reported that a server that was used to move files, including credit license applications, recently had a data security violation, where possibly some information has been viewed. The ASIC (Australian Securities and Investments Commission) said it became aware of the case on 15 January, but the credit license form(s) or attachments did not seem to have been downloaded, however. 

Furthermore, the ASIC stated that “This incident is related to Accellion software used by ASIC to transfer files and attachments. It involved unauthorized access to a server which contained documents associated with recent Australian credit license applications.” Moreover, the regulator also said that “While the investigation is ongoing, it appears that there is some risk that some limited information may have been viewed by the threat actor. At this time ASIC has not seen evidence that any Australian credit license application forms or any attachments were opened or downloaded.” Accellion's file transfer program framework is a two-decade-old product but was revised last year after it heard about system vulnerabilities. The same incident occurred with the file-sharing software provided by Accellion based in California. The same software was also used by the New Zealand Central Bank, which suffered a cyber attack earlier this month. 

The server was disabled and there was no abuse of any other tech infrastructure, added the ASIC, “No other ASIC technology infrastructure has been impacted or breached. ASIC is working with Accellion and has notified the relevant agencies as well as impacted parties to respond to and manage the incident.” 

“ASIC’s IT team and cybersecurity advisers engaged by ASIC are undertaking a detailed forensic investigation and working to bring systems back online safely,” says the regulator.