Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Australia. Show all posts
MediSecure
Australia cyber attack Data financial strain Hacking Healthcare MediSecure

Massive Cyber Attack Hits MediSecure, Impacting Millions of Australians

 



In a shocking revelation, MediSecure, an eprescription provider, has confirmed that approximately 12.9 million Australians have been affected by a cyberattack that occurred in April. This incident has surpassed previous notable breaches, including the Optus and Medibank data breaches in 2022, in terms of the number of individuals impacted.

The administrators of MediSecure, FTI Consulting, disclosed that the compromised data includes individuals' healthcare identifiers. However, due to the complexity and sheer volume of the data involved, identifying the specific individuals whose data was stolen is financially unfeasible for the company. This inability to pinpoint affected individuals prevents MediSecure from notifying them about the breach.

Data Complexity and Financial Constraints

The compromised server contained 6.5 terabytes of data, equivalent to billions of pages of text. This data was stored in a mix of semi-structured and unstructured formats, making it extremely difficult to analyse without incurring substantial costs. The encrypted nature of the server further complicates efforts to determine the exact information accessed by the malicious actors. MediSecure's financial limitations have left the company unable to afford the extensive resources needed to sift through the massive amount of data.

Notification Delays and Administrative Actions

Despite the hack occurring in April, MediSecure did not make the incident public until May. The delayed notification has raised concerns about the company's crisis management and communication strategies. Subsequently, the company entered administration in June, and its subsidiary, Operations MDS, went into liquidation. This subsidiary was identified as the main trading entity of the corporate group, highlighting the severe impact of the cyberattack on the company's operational capabilities.

Impact on Healthcare Services

MediSecure had provided a crucial service that allowed healthcare professionals, such as general practitioners, to send electronic prescriptions to patients. However, this service has not been used for new electronic prescriptions since November 15, following a decision by the federal Health Department to designate eRx as the sole e-script provider. This shift has left many healthcare providers scrambling to adapt to the new system, further complicating the ecosystem for electronic healthcare services in Australia.

The MediSecure cyberattack highlights the growing threat of data breaches and the challenges companies face in managing and mitigating such incidents. With 12.9 million Australians potentially affected and the company unable to notify them, the breach underscores the need for robust cybersecurity measures and the financial resilience to respond effectively to such crises. This incident serves as a stark reminder of the vulnerabilities that exist in the digital age and the critical importance of safeguarding sensitive information.


Read more »
User Safety
Australia Cyber Fraud Data Leak Data Privacy Flight Scam User Safety

Australian Man Arrested for Evil Twin Wi-Fi Attacks on Domestic Flights

 

Police in Australia have arrested and charged a man with nine cybercrime crimes for allegedly setting up fictitious public Wi-Fi networks using a portable wireless access point to steal data from unsuspecting users. 

The man designed "evil twin" Wi-Fi networks at airports, during flights, and other places related to his "previous employment" that would deceive people into registering into the fake network using their email address or social media accounts. Police stated the login data was then transferred to the man's devices. 

Dozens of credentials were reportedly obtained. This information might have enabled the perpetrator to get access to victims' accounts and possibly steal further sensitive information such as banking login details or other personal information. Employees of the airline noticed one of the strange in-flight Wi-Fi networks. The anonymous Australian airline then reported the Wi-Fi's presence to authorities, who investigated the situation in April and arrested the suspect in May. 

According to the Australian Broadcasting Corporation, the man, Michael Clapsis, appeared before Perth Magistrates Court and was subsequently released on "strict" bail with limited internet access. He also had to submit his passport. Clapsis' LinkedIn profile, which has since been deleted, hints that he may have previously worked for a shipping company. 

He has been charged with three counts of unauthorised impairment of electronic communication, three counts of possession or control of data with the intent to commit a serious offence, one count of unauthorised access or modification of restricted data, one count of dishonestly obtaining or dealing in personal financial information, and one count of possessing identification information with the intent to commit an offence. Clapsis is set to appear in court again in August. 

Evil twin attacks can use a variety of tactics to steal victims' data. However, they typically entail providing free Wi-Fi networks that appear genuine but actually contain "login pages" designed to steal your data. Genuine Wi-Fi networks should never ask you to login using your social media credentials or provide a password for any of your accounts. It is also recommended to use a VPN and avoid connecting to public Wi-Fi networks when a more secure option is available.
Read more »
IT Infrastructure
Australia Australian Businesses Cyberattack cybercriminals Data Breach Fortinet Hacker attack Hackers IT Infrastructure

The Growing Threat of Data Breaches to Australian Businesses

 

Data breaches are now a significant threat to Australian businesses, posing the risk of "irreversible brand damage." A cybersecurity expert from Fortinet, a global leader in the field, has raised alarms about cybercriminals increasingly targeting the nation’s critical infrastructure. Cybercriminals are continually finding new ways to infiltrate Australia’s infrastructure, making businesses highly vulnerable to attacks. 

The Australian federal government has identified 11 critical sectors under the Security of Critical Infrastructure Act, which was amended in 2018 to enforce stricter regulations. Businesses in these sectors are required to complete annual reporting to notify the federal government of any attempts to access their networks. Michael Murphy, Fortinet’s Head of Operational Technology and Critical Infrastructure, recently discussed the severity of cyber threats on Sky News Business Weekend. During the 2022-2023 financial year, 188 cybersecurity incidents were reported across critical sectors, highlighting ongoing risks to national networks like water and energy supplies. 

Additionally, the Australian Bureau of Statistics found that 34 percent of businesses experienced resource losses managing cybersecurity attacks in the 2021-2022 financial year, and 22 percent of Australian businesses faced a cybersecurity attack during that period—more than double the previous year’s figure. Even small businesses are now vulnerable to cybercrime. Murphy pointed out that among entities with mandatory reporting, 188 incidents were reported, with 142 incidents reported by entities outside of critical infrastructure, demonstrating the widespread nature of the threat. He explained that hackers are motivated by various factors beyond financial gain, including the desire for control. 

The consequences of cyber attacks can be severe, disrupting systems and causing significant downtime, which leads to revenue loss and irreversible brand damage. Critical infrastructure sectors face unique challenges compared to the IT enterprise. Quick restoration of systems is often not an option, and recovery can take considerable time. This extended downtime not only affects revenue but also damages the reputation and trustworthiness of the affected organizations. Murphy noted that many incidents are driven by motives such as financial profiteering, socio-political influence, or simply the desire of hackers and syndicates to boost their credibility. 

As cyber threats evolve, it is crucial for businesses, especially those in critical infrastructure sectors, to strengthen their cybersecurity measures. While annual reporting and adherence to federal regulations are essential, proactive strategies and advanced security technologies are necessary to mitigate risks effectively.
Read more »
Privacy and Security
Australia Data Breach Data Leak Domestic Violence Privacy and Security

Data of Domestic Violence Victims Leaked in ZircoDATA Hack

 

Monash Health, a Victorian public health agency, has announced that it had been impacted by the recent ZircoDATA hack. 

Earlier this year in February, ZircoDATA, which provides safe document storage, data management, and digital conversion of 9,000 clients across Australia, reported a system vulnerability. The Victoria-based company also manages some of Monash Health's archived historical documents. 

Monash Health stated on May 3 that the hack revealed some of its historic data on domestic violence sufferers. 

"Investigation analysis indicates that the Monash Health information involved in the ZircoDATA data breach relates to a selection of archived data from the family violence and sexual assault support units at Monash Medical Centre, the Queen Victoria Hospital, and Southern Health, limited to the period from 1970 to 1993," noted Eugine Yafele, Monash Health chief executive, in a statement.

The National Office of Cyber Security has been informed of this incident. Monash Health said that the cyber attack had not compromised or damaged its systems. 

"Monash Health is deeply sorry that the external breach has occurred, and we continue to work with ZircoDATA in the investigation," Yafele added. 

The larger trend

The ransomware group Black Basta has taken credit for breaking into ZircoDATA on the dark web, claiming to have stolen nearly 395 gigabytes of data, including confidential agreements, financial papers, and personal data. The first ransom deadline was March 1st. 

ZircoDATA has received support from Lieutenant General Michelle McGuinness, the National Cyber Security Coordinator, in notifying its impacted customers. She added that other branches of the government have also been affected.

"The majority of these entities are still in the process of working with ZircoDATA to identify impacted data and any victims and are yet to begin notifying impacted individuals. There are clear processes for ZircoDATA and the affected government entities to work through," McGuinness noted. 

Before the new year, St Vincent's Health, one of the country's largest not-for-profit health and aged care organisations, disclosed a data breach by unidentified hackers, though no sensitive information was stolen.
Read more »
Outabox
Australia cyber attack Cyber Attacks Facial Recognition System Outabox

Facial Recognition System Breach Sparks Privacy Concerns in Australia

A significant privacy breach has shaken up the club scene in Australia, as a facial recognition system deployed across multiple nightlife venues became the target of a cyberattack. Outabox, the Australian firm responsible for the technology, is facing intense scrutiny in the aftermath of the breach, sparking widespread concerns regarding personal data security in the era of advanced surveillance. Reports indicate that sensitive personal information, including facial images and biometric data, has been exposed, raising alarms among patrons and authorities. 

As regulators rush to assess the situation and ensure accountability, doubts arise about the effectiveness of existing safeguards against such breaches. Outabox has promised full cooperation with investigations but is under increasing pressure to address the breach's repercussions promptly and decisively. Initially introduced as a safety measure to monitor visitors' temperatures during the COVID-19 pandemic, Outabox's facial recognition kiosks evolved to include identifying individuals in self-exclusion programs for gambling, showcasing the company's innovative use of technology. 

However, recent developments have revealed a troubling scenario with the emergence of a website called "Have I Been Outaboxed." Claiming to be created by former Outabox employees based in the Philippines, the site alleges mishandling of over a million records, including facial biometrics, driver's licenses, and various personal identifiers. This revelation highlights serious concerns regarding Outabox's security and privacy practices, emphasizing the need for robust data protection measures and transparent communication with both employees and the public. 

Allegations on the "Have I Been Outaboxed" website suggest that the leaked data includes a trove of personal information such as facial recognition biometrics, driver's licenses, club memberships, addresses, and more. The severity of this breach is underscored by claims that extensive membership data from IGT, a major supplier of gaming machines, was also compromised, although IGT representatives have denied this assertion. 

This breach has triggered a robust reaction from privacy advocates and regulators, who are deeply concerned about the significant implications of exposing such extensive personal data. Beyond the immediate impact on affected individuals, the incident serves as a stark reminder of the ethical considerations surrounding the deployment of surveillance technologies. It underscores the delicate balance between security imperatives and the protection of individual privacy rights.
Read more »
SOCI
Australia Cloud Security Cyber Security Medibank Optus Attack SOCI

Australia Takes Stride In Cybersecurity Measures



In the aftermath of several high-profile cyber attacks targeting key entities like Optus and Medibank, Australia is doubling down on its efforts to bolster cybersecurity across the nation. The Australian government has unveiled a comprehensive plan to overhaul cybersecurity laws and regulations, aiming to strengthen the country's resilience against evolving cyber threats.

A recent consultation paper released by government officials outlines a series of proposed reforms designed to position Australia as a global leader in cybersecurity by 2030. These proposals include amendments to existing cybercrime laws and revisions to the Security of Critical Infrastructure (SOCI) Act 2018, with a focus on enhancing threat prevention, information sharing, and cyber incident response capabilities.

The vulnerabilities exposed during the cyberattacks, attributed to basic errors and inadequate cyber hygiene, have highlighted the urgent need for improved cybersecurity practices. As part of the government's strategy, collaboration with the private sector is emphasised to foster a new era of public-private partnership in enhancing Australia's cybersecurity and resilience.

Key reforms proposed in the consultation paper include mandating secure-by-design standards for Internet of Things (IoT) devices, instituting a ransomware reporting requirement, and establishing a national Cyber Incident Review Board. Additionally, revisions to the SOCI Act 2018 aim to provide clearer guidance for critical industries and streamline information-sharing mechanisms to facilitate more effective responses to cyber threats.

Australia's expansive geography presents unique challenges in safeguarding critical infrastructure, particularly in industries such as mining and maritime, which rely on dispersed and remote facilities. The transition to digital technologies has exposed legacy equipment to cyber threats, necessitating measures to mitigate risks effectively.

Addressing the cybersecurity skills gap is also a priority, with the government planning to adopt international standards and provide prescriptive guidance to enforce change through mandates. However, some experts have pointed out the absence of controls around software supply chains as a notable gap in the proposed policy.

Recognising our responsibility in enhancing cybersecurity, both the government and the private sector are making significant investments in information security and risk management. Gartner forecasts a substantial increase in spending on cloud security and other protective measures driven by heightened awareness and regulatory requirements.

With concerted efforts from stakeholders and a commitment to implementing robust cybersecurity measures, Australia aims to strengthen its resilience against cyber threats and secure its digital future.


Read more »
Supply Chain
Australia Christmas Goods Cyber Attacks Shipping Company Supply Chain

Cyberattack Could Lead to a Shortage of Christmas Goods in Australia

 

A cyberattack over the weekend partially closed four major Australian ports, raising concerns about cascading effects. 

Forty percent of the freight that enters the country is handled by DP World Australia, which discovered a security breach on Friday and immediately turned off its internet connection. 

This meant that throughout the weekend, the company's port operations in Sydney, Melbourne, Brisbane, and Fremantle were shut down. 

The company could not estimate how long it would take to recuperate from the cyberattack, but experts believe it could take weeks, prompting price hikes and rising inflationary pressure. 

According to AMP chief economist Shane Oliver, a lengthy disruption in the operations of UAE-owned DP World could have a ripple effect on the overall economy and help trigger another interest rate hike. 

He stated that the attack on DP World, as well as its inability to move goods in or out of its ports, constituted a supply shock, and that a prolonged closure could push up commodity prices, forcing the Reserve Bank to consider another interest rate hike at its December meeting.

“It goes to the nature of the supply shock here, and this could have an impact on the prices, and inflation rate, of goods, which has been coming down. If this stops that, or it pushes up prices, then the Reserve Bank could be looking at it at their December meeting,” Oliver noted. 

However, senior Westpac economist Justin Smirk stated that the Reserve Bank is beginning to consider disruptive incidents such as cyberattacks on supply chain infrastructure. 

The founder of the data breach tracker Have I Been Pwned and cybersecurity researcher Troy Hunt warned that disruptions to Australian consumers could last for weeks and have an impact on Christmas delivery. 

Hunt told this masthead, "If you look back to COVID, look at the sheer number of things that got disrupted just because bits and pieces couldn't get delivered." "It depends on the actions taken here as well; have the internal systems of [DP World] been destroyed?" 

He cited preliminary research from cybersecurity veteran Kevin Beaumont, who discovered that DP World was most likely the victim of a ransomware attack enabled by a vulnerability in Citrix NetScaler software. 

According to Hunt, ransomware groups are now far more professional than they used to be, with websites listing every victim and a countdown timer indicating how much longer they had to pay. 

“There’s … a financial motive for this sort of stuff,” Hunt noted. “Of course, we’ve seen this in Australia recently with the Medibank situation, we’re seeing this more and more. If you have a spin through some of the dark web ransomware websites, it’s just stunning the number of organisations that are listed on there.”
Read more »
Vulnerability
Australia Breach Customer Cyber Attacks Data Energy Experts Investigation Ransomware Report Security Software threat UK Vulnerability

Cyberattack Strikes Australian Energy Software Company Energy One

 

Energy One, an Australian company specializing in software solutions and services for the energy industry, has fallen victim to a cyber assault.

In an announcement made on Monday, the company revealed that the breach was identified on August 18 and had repercussions for certain internal systems both in Australia and the United Kingdom.

“As part of its work to ensure customer security, Energy One has disabled some links between its corporate and customer-facing systems,” Energy One said.

Energy One is actively engaged in an inquiry to ascertain the extent of the impact on customer-related systems and personal data. The organization is also committed to tracing the initial point of intrusion employed by the attacker.

Though detailed specifics about the attack are presently undisclosed, the company's official statement strongly suggests the possibility of a deliberate ransomware attack.

To facilitate the investigation, cybersecurity specialists have been enlisted, and competent authorities in both Australia and the UK have been informed about the incident.

According to a recent report by Searchlight Cyber, a British threat intelligence firm, malevolent actors have been peddling opportunities for initial access into energy sector enterprises globally, with prices ranging from $20 to $2,500.

Perpetrators of cybercrime can exploit various avenues, including Remote Desktop Protocol (RDP) access, compromised login credentials, and vulnerabilities in devices like Fortinet products.
Read more »
PwC
Australia CIop MOVEit Attack CLOP Clop Ransomware Cyber Security PwC

PwC Caught in the Crossfire: Australian Fallout from Major Cyber Breach Deepens

 


There has been a severe scandal going on at the accounting firm PwC over the past few weeks involving a tax scam and the company was dealt another blow as Russian hackers have just managed to steal sensitive information. 

It has come to the attention of PwC that a notable cyber breach has so far affected 267 Australian companies, and would also have a significant impact on many more corporations from other countries. In a recent attack on popular file-sharing software, cybercriminals with Russian connections broke into the system, which resulted in new high-profile attacks on the system. 

During the last week of May, clop, a cybercrime group, made its first attempt to break into the MOVEit file-sharing service. The company had begun the theft of data from various institutions, including agencies of the US federal government, Shell, the BBC, and many others. As more and more companies reveal that they have been targeted by the data breach, which has affected rival consultancy EY as well, this breach is expected to grow much larger by the day. 

The cybercrime group reportedly obtained client data after hacking third-party software called MOVEit, which PwC used to transfer confidential information. 

The hackers, who have executed two other global attacks in the last three years, have told companies to pay a ransom or have their files released online. “Pay attention to avoid extraordinary measures that may negatively impact your company,” Clop’s website reads. On Monday, PwC Australia confirmed it had used the software for a “limited number” of its clients, adding to its woes stemming from the Collins tax scandal. 

PwC said its initial investigations showed that the company’s internal IT network had not been compromised. The cyberattack on MOVEit had a limited impact on PwC. 

The firm had determined its own IT network had not been compromised, saying the breach was likely to have a "limited impact." PwC has reached out to the businesses whose files were affected and is discussing the next steps. The spokesman added that data security remained a "key priority" for the firm and that it was continuing to put "the right resources and safeguards in place" to protect its network and data.

Although the company appears to have escaped significant harm, the revelation comes at a poor time as it battles to regain governments' trust following the leaking of confidential tax information. 

Former PwC partner Peter Collins allegedly distributed documents describing the government's tax plans to other staff at the firm. This led to his registration termination with the Tax Practitioners Board. It also caused a slew of governments and their agencies to terminate agreements with the company. 

Clop demanded large ransoms for data return, but senior US officials have reportedly said no such demands have been made to federal agencies. It remains to be seen if the group will seek money from either of the Australian firms caught up in the breach. Progress, the company that created and maintains MOVEit software, patched the vulnerability within 48 hours. It also said it was aiding affected clients and had drafted in some of the world's best cybersecurity firms to assist with its response. 

In the face of a cybersecurity crisis that has hit Australia, PwC finds itself at the forefront, bracing for the expanding fallout. This incident serves as a stark reminder of the urgent need for robust cybersecurity measures and collaboration between organizations and government agencies. 

As the nation grapples with the aftermath, it becomes crucial for stakeholders to fortify their cybersecurity strategies, invest in advanced technologies, and enhance incident response capabilities. Australia must come together to address the immediate challenges and lay the groundwork for a more resilient and secure digital future.
Read more »
User Privacy
Australia Charity Organisation Data Breach Data Leak Human rights User Privacy

Amnesty International Takes a While to Disclose the Data Breach From December

 

Amnesty International Australia notified supporters via email last Friday that their data might be at risk owing to "anomalous activity" discovered in its IT infrastructure. 

The email was sent extremely late in the day or week, but it was also sent very far after the behaviour was discovered. The email, which Gizmodo Australia saw, claims that the activity was discovered towards the end of last year. 

“As soon as we became aware of this activity on 3 December 2022, we engaged leading external cyber security and forensic IT advisors to determine if any unauthorised access to our IT environment had occurred,” Amnesty International Australia stated.

“We acted quickly to ensure the AIA IT environment was secure and contained, put additional security measures in place and commenced an extensive investigation.” 

Amnesty International said that while it took the organisation some time to notify its supporters of a security breach, the investigation is now complete and has revealed that an unauthorised third party temporarily got access to its IT system. 

“In the course of this investigation, we identified that some low-risk information relating to individuals who made donations in 2019 was accessed, but of low risk of misuse,” the organisation added. 

Although "low risk" information was not defined, it is clear from the security advice that it offered that the data is most likely name, email address, and phone number. Despite being satisfied that the information obtained through the breach won't be used inappropriately, Amnesty International Australia advised its supporters to "carefully scrutinise all emails," "don't answer calls from unknown or private numbers," and "never click on links in SMS messages or social media messages you are not expecting to receive." 

The breach only affected the local arm of the charity, according to Amnesty International Australia, and did not affect any other branches. The statement further stated that although the scope of the "information accessed in the cyber event" did not match the requirements or level for notification under the Notifiable Data Breaches Scheme, Amnesty International Australia had decided to notify its supporters" in the interest of transparency".
Read more »
TPG
Australia Cyber Threats Data Breach Data threats TPG

Email Hack Hits 15,000 Business Customers of TPG

The second largest Australian telecommunications company TPG fell victim to a high-profile cyber attack. TPG is Australia’s No. 2 Internet service provider which serves 7.2 million accounts in the nation. TPG Telecom was previously known as Vodafone Hutchison Australia, however, it was renamed after its merger with TPG. 

The company released its documents on Wednesday in which it shared that the e-mails of up to 15,000 of its corporate customers had been breached. The company identified this attack during a forensic review. 

“TPG Telecom’s external cyber security advisers, Mandiant, advised that they found evidence of unauthorized access to a Hosted Exchange service which hosts email accounts for up to 15,000 iiNet and Westnet business customers,” the wireless carrier reported. 

The company also revealed that the group of threat actors was looking for cryptocurrency and other financial information. However, the company further did not describe whether customers’ data has been accessed during the attack or not. 

“We apologize unreservedly to the affected iiNet and Westnet Hosted Exchange business customers. We continue to investigate the incident and any potential impact on customers and are advising customers to take necessary precautions,” TPG Company's report read.  

As per the data, before this attack around 8 other Australian companies witnessed hacks since the month of October. These incidents are prompting public outrage in Australia. 

Following the reports, the government said last week that the government is working hard to develop a new cyber-security strategy to fight against cyber threats. Furthermore, the government is also considering banning the payment of ransom to threat actors. 

After the public announcement, the company further added that we had implemented measures against the vulnerabilities in the system to stop unauthorized access. Also, the company has started contacting all its customers on the exchange service affected by the incident. 

“The matter remains under investigation and we will be communicating with directly affected customers as more information becomes available,” the company added. 
Read more »
Scumbags
AFP Australia Cyber Attacks CyberCrime Hackers Medibank Russia Scumbags

Medibank's Hackers will be Hacked in Australia

 


Threat actors behind the Medibank hack that compromised nearly 10 million customers' private information are being hunted by the Australian government, cyber security minister Clare O'Neil said. 
A hack on Medibank's computer, which was attributed to Russian cybercriminals, was announced by the Australian Federal Police on Friday afternoon. 

AFP identified Russian criminals as the culprits without contacting Russian officials before the public announcement, as the embassy in Australia has expressed disappointment that the AFP has identified Russian-based criminals as the culprits without contacting Russian officials. 

In the statement released by the Consulate on Friday evening, the consulate mentioned that it encouraged the AFP to promptly contact the respective Russian law enforcement agencies to seek assistance. 

Combating cybercrime that adversely affects the lives of citizens and damages businesses is a complex task that demands a cooperative, non-political and responsible approach from all members of the international community. 

It was announced on Saturday that the Australian Federal Police (AFP) and the Australian Signals Directorate (ASD) have signed an agreement on the creation of a comprehensive policing model which will take into account both the Optus and Medicare data breaches and effectively deal with the criminals behind them. 

"Around 100 officers from these two organizations will be a part of this joint standing operation, and many of these officers will be physically co-located with the Australian Signals Directorate," she said.

As Ms. O'Neil pointed out, officers report to work every day of the week. The goal is to deal with these gangs and thugs in the most effective manner possible. 

Ms. Saunders explained, With this partnership, the Australian Government has formalized a standing body which will be responsible for the day-to-day pursuit and prosecution of the con men responsible for these malicious crimes against innocent people and who will, day in and day out, hunt them down. 

A group of the smartest and most determined people in Australia will be collaborating to track down the hackers. 

A New Permanent Policing Model 

In a statement, Attorney General Mark Dreyfus described the situation as "extremely distressing."

In response to the attack, the government released a statement stating that it would do everything it could to limit the impact of this horrible crime. It would also provide support and comfort to the families and friends of those who are affected. 

Dreyfus said in his remarks that the updated partnership between the AFP and the ASD aimed at fighting cyber criminals will be a permanent and formal agreement. 

The AFP, he explained, works full-time on this issue, and they are working with international partners, such as the FBI, which has done great work on this problem, with the assistance of their international partners, including the United Nations. 

As part of the investigation, AFP Commissioner Reece Kershaw on Friday said officers were also working with Interpol to track down the perpetrators of the crime. 

"We know who you are," he said. In the area of bringing overseas offenders back to Australia to face the justice system, it has been noted that the AFP has been doing a good job on the scoreboard. 

A Review of Australia's Diplomatic Relations With Russia is Currently Taking Place

There will be no slowdown in the work of the national security agencies because diplomatic channels with Russia will remain open concerning extradition, according to Mr. Dreyfus. 

According to the president of the Russian Federation, Russia should do all that it can to protect its citizens from engaging in these kinds of crimes, while within its borders. 

In a statement, Mr. Dreyfus said that his government is taking a close look at the options available to it. This is because it wants to maintain Russia's diplomatic profile in Australia. 

In regards to our diplomatic channels, we would like to maintain them as long as they are appropriate for our national interests. However, diplomatic profiles must always be consistent with that. 

A spokesman for the opposition's cyber security wing, James Paterson, said that the disclosure could have broad implications for Australia's Magnitsky regime. Those who violate the law are subject to this.

With the passage of the regime with bipartisan support, which was passed with the support of the Republican and Democratic Parties, it becomes possible to impose targeted financial sanctions and travel bans in response to serious corruption and significant cyberattacks. 

At a press conference earlier today, Prime Minister Albanese told reporters he was dismayed and disgusted by the actions of those who committed this crime. He authorized AFP officials to release the details as a matter of public interest. 

In the recent past, hackers have released more information about some of the medical records of their customers on the dark web, including information about abortions and alcoholism. 

A ransomware attack was carried out by a criminal group targeting Medibank's data, which resulted in close to 500,000 health claims, along with personal information, being stolen. 

There are several mental health and other support services available through Medibank's Resources Page, which is available to affected customers.
Read more »
User Privacy
Abortion Data Leak Australia Data Breach Data Leak Health Insurer User Privacy

Abortion Data of Medibank Patient’s Leaked on the Dark Web

 

Threat actors who siphoned customer data from Australia's largest health insurer Medibank last month have released sensitive details of patients' medical diagnoses and procedures, including abortions, onto the dark web. 

The ransomware group also disclosed they allegedly demanded a $US1 ($1.60) per customer ransom from the health insurer but Medibank refused to pay ransom for the data, a decision supported by the Australian government. 

"Added one more file abortions.csv ...," read a post on the blog. "Society asks us about ransom, it's a 10 million USD (A$15.5 million). We can make a discount 9.7m (A$15 million) 1$ (A$1.60) =1 customer." 

The file reportedly contained a spreadsheet with 303 customers' details alongside billing codes related to pregnancy terminations, including non-viable pregnancy, miscarriage, and ectopic pregnancy. 

Day after the data leak, minister for cyber security Clare O'Neil described the leak of the patients’ data as "morally reprehensible". 

"I want to say, particularly to the women whose private health information has been compromised overnight, as the minister for cybersecurity but more importantly, as a woman, this should not have happened, and I know this is a really difficult time," she said. I want you to know that as a parliament and as a government, we stand with you. You are entitled to keep your health information private and what has occurred here is morally reprehensible and it is criminal." 

Meanwhile, David Koczkaro, CEO at Medibank requested the public to not seek out the files, which contain the names of policyholders rather than patients. 

"These are real people behind this data and the misuse of their data is deplorable and may discourage them from seeking medical care," he said. Koczkaro also apologized for what he called the "malicious weaponization" of personal data. 

Additionally, the Australian government has defended the insurer's decision to not pay the ransom. Both have warned that more releases of customer information are expected. Prime Minister Anthony Albanese has said that he is also a Medibank customer. 

The Medibank hack follows a string of unrelated cyber assaults against Australian organizations in recent weeks and months, as customer data have come under siege from hackers. 

Earlier this year in September, Australia's second-largest telecommunications firm Optus was also targeted for extortion, after the private information of nearly 10 million customers was siphoned in what the firm called a cyber-attack. The attackers also targeted supermarket chain Woolworths, and Australian Federal Police classified documents, which exposed agents working to stop international drug cartels.
Read more »
real estate agency
Australia Data Breach Data Theft Harcourts real estate agency

Harcourts Real Estate Agency Suffered a Data Breached


Australian real estate agency Harcourts confirmed that it has suffered a data breach last month at its Melbourne city office which potentially exposed the credential of tenants, landlords, and tradespeople. 

The agency wrote to its customers that its rental property database has been trespassed by an unknown third party without authorization.

Furthermore, on Thursday Harcourts said that the breach took place when the account of a representative at service provider Stafflink, which provides the franchisee administrative support, was attacked, and accessed by a third party.

"We understand the unauthorized access occurred because the representative of Stafflink was using their own device for work purposes rather than a company-issued (and more secure) device," it said in a statement.

The agency learned about the attack on October 24 in an email sent to customers has confirmed. According to the email circulated online, it said that for tenants the credentials potentially breached included their names, email addresses, addresses, phone numbers, photo identification, and signatures. 

For landlords and trades, bank details as well as their names, addresses, phone numbers, email addresses, and signatures have been compromised. 

The attack came to notice after weeks when the security experts and tenancy advocates raised concerns about the potential for data breaches in the industry.

Following the attack, the chief executive Adrian Knowles said dealing with the incident was the company’s top priority. Further, he added that an investigation is going on and we are hoping we will solve the matter soon.

“We understand people will be deeply concerned and upset about this data breach. I would like to offer our sincere apologies to everyone who has been inconvenienced as a result…,” Knowles said. “…We are working together with the franchisee to ensure that all impacted individuals are advised of the incident. In addition, we are in the process of establishing complimentary credit monitoring and access to the IDCARE support service for impacted individuals.” 
Read more »
MedBank
aus Australia Cyber Attacks Cyberattacks Defense ForceNet MedBank

Australian Department of Defense Hit by Cyberattack


Department of Defense Suspects Cyberattack

The Department of Defence is afraid that the personal information of personnel, like DoB, may have been breached after a communications platform used by the military suffered a ransomware attack. 

Hackers attacked the ForceNet service, which is operated by an external information and communications technology (ICT) provider. 

The organisation in the beginning told the Defense Department no data of former or current personnel was breached.

Defense says personal info not stolen 

However, the Department of Defense believes that personal details like the date of enlisting and DoB may have been stolen, despite initial hints being contrary to what the external provider is saying. 

In a message notification to the staff, the defence chief and secretary said the issue is being taken "very seriously."

There has been a series of cyberattacks in recent times, from health insurance companies to telecommunications.

Cyberattacks on rise in recent time

Medibank earlier this week confirmed a criminal organization behind a cyber attack on its company had access to the data of around 4 million customers, some of these consist of health claims. 

In September, Optus said a cyberattack had leaked the data of around 10 Million Australian users, with a considerable amount of information stolen from around 2.8 million people.

Minister for Defense Personnel Matt Keogh ForceNet kept upto 40,000 records, saying "I think all Australians, and rightly the Australian government, is quite concerned about this sort of cyber activity that's occurring, people seeking through nefarious means to get access to others' personal data."

ForceNet involved, however IT department safe

In the email to the staff, the Defense Department was confident that the hack of ForceNet was not targeted at the IT systems of the department. 

It said "we are taking this matter very seriously and working with the provider to determine the extent of the attack and if the data of current and former APS [Australian public service] staff and ADF personnel has been impacted. If you had a ForceNet account in 2018, we urge you to be vigilant but not alarmed."

Earlier talks with the service provider hint that there is no substantial proof that data of former and current ADF Personnel and APS staff personnel have been breached. 

It said, "we are nevertheless examining the contents of the 2018 ForceNet dataset and what personal information it contains."




Read more »
User Privacy
Australia Data Breach Data hack Healthcare Industry User Privacy

Why Australian Healthcare Industry is Becoming a Lucrative target for Cyber Criminals

 

Data breaches are rising across Australia’s healthcare industry faster than many others. Hackers are lured by healthcare’s large attack surface, which includes sensitive and time-critical information. 

According to the latest research from Darktrace, cyber-attacks targeting the health and social care sector in Australia doubled in 2021 compared with data from 2020, and the industry is still the most attacked in Australia in 2022. 

Over the past month, Australians learned the scale of two major health data breaches, with some patients' private data — including bank details and test results — published on the dark web. 

Last week on Thursday, pathology firm Australian Clinical Labs (ACL) disclosed its subsidiary Medlab, which carries out COVID-19 testing and other services, suffered a data breach eight months ago in February and since then it had discovered the data of 223,000 individuals were stolen. 

The same week, Medibank Private also revealed had accessed the data of at least 4 million customers, including their health claims. 

Why hackers are targeting healthcare?


The goal behind the Optus breach in September was crystal clear as it was a human error. The hack exposed the data of nearly 10 million Australians, including driver’s licenses and passport numbers. 

But the data stolen in the Medibank and Medlab hacks is more private and includes test results and diagnostic details. 

According to Peter Lewis, director of the Centre for Responsible Technology, whose data was siphoned in both the telco and Medibank Private breaches, health sector criminals are launching attacks to blackmail people, damage the firms’ reputations, or sell on the vast pools of data to other hackers. 

"There is the sense that they may try and blackmail people," he says. There is sensitive information out there, but I don’t know if that’s the game. The second is to do damage to the organization that they’ve hacked so it is potential for more damaging to Medibank than it is to any individual. But thirdly, it is true that they’ve captured that entire base of health information; maybe they’ll ... try to find ways to make value out of big pools of data."

I think a breach in the intimacy of health information could also open some people up to blackmail or make them less open with healthcare professionals. It is a smart move by hackers but whether it's going to be a sustained shift or only a shift which we've seen with these most recent cases is unclear, says Dr Rob Hosking, Chairman of the Royal Australian College of General Practitioners' technology committee.

"Nobody wants their personal, private information exposed to the public and that’s one of the risks we run with using the benefits of the internet for other things, for remote access, for transfer of information about people’s health and doing things in a much timelier fashion,” Dr. Hosking stated. “The worrying thing here is that it [health breaches] creates mistrust if people are fearful of divulging information to their practitioners; that means they may not get the care that they deserve."

Small steps 

Healthcare providers need to have an incident response plan following the discovery of a data breach. Educating staff on the common attack vectors, such as malware, viruses, email attachments, web pages, pop-ups, instant messages, and text messages, and how to discern unusual activity is essential. 

According to Dr. Robertson-Dunn, health data is expensive and difficult to manage, and sometimes it can be hard to differentiate between what should be kept, and what can be deleted. We need to re-evaluate what has to be held onto. 

"The government and organizations need to get more serious about the security of the data that they keep," he stated. They need to question if they need all of it, if it all needs to be online. If you change GP should the old GP keep your records? There’s probably an argument that maybe they should, but it is a risk. Curating health data is not easy because how do you know what you might need in the future?"
Read more »
User Security
Australia Data Breach Data Leak Data Thefy IABs ransomware attacks User Security

Initials Access Brokers are Playing Major Role in Data Breaches

 

As the cybercrime ecosystem continues to expand in Australia, the job of security professionals has also come under scrutiny. In the past month, alone seven major Australian enterprises including Optus, Medibank, and Woolworths have suffered data breaches. 

According to the latest Recorded Future intelligence report, the rise of initial access brokers (IABs) has led to increasing data breaches. IABs employ several multiple tools, techniques, and procedures (TTPs) to achieve initial access to the targeted network. 

IABs modus operandi 

IABs often launch the first stage of a ransomware attack and then sell this access to other hackers who deploy the ransomware to paralyze the victim’s computer system. 

IABs are primarily active on top-tier Russian-language platforms like Exploit, XSS, and RAMP, and typically operate using multiple languages and online pseudonyms to bypass detection. The advertising on underground forums includes a series of important details that hackers will need to select their next victim. These include victim country, annual revenue, industry, type of access, rights, data to be exfiltrated, devices on the local network, and pricing. 

While many ransomware affiliates are happy to negotiate publicly, with IABs advertising on these forums, others are thought to work directly and secretly with a pre-selected group of access brokers. Either way, the advantage of working alongside IABs is clearly to accelerate their campaigns. 

According to the latest research conducted by KELA, IABs sell initial access for $4600, and sales take between one and three days to finalize. Once access has been purchased, it takes up to a month for a ransomware attack to take place -- and potentially for the victim to be subsequently named on a leak site. The average price for access was around USD 2800 and the median price - USD 1350.

How to counter the threat 

Fortunately, there are multiple things businesses can do to mitigate the threat, not only of initial info-stealing attacks but also the ransomware that follows. 

Organizations should train employees to recognize and neutralize social engineering attacks. When it comes to ransomware, maintain offline backups of sensitive data, segment networks to contain an attack’s blast radius, and apply two-factor authentication everywhere. Continuous monitoring and robust threat intelligence will also provide a useful early warning system. 

Most importantly, the right defensive posture can help organizations to regain the initiative and put enough roadblocks in the way that their adversaries give up and move on to the next target.
Read more »
Digital Census
ABS Australia Census Day Cyber Security Digital Census

Australia Fended Off Nearly 1 billion Cyberassults on Census Day

 

Australia’s Bureau of Statistics (ABS) thwarted nearly one billion cyberattacks on its systems during the nation’s census in August 2021, statistician Dr. David Gruen stated during the Melbourne Business Analytics Conference last week. 

According to Dr. Gruen, after the 2016 distributed denial of service assaults that caused the first digital census to be taken offline by the ABS for 40 hours, every necessary precaution was taken to guard the census and its data. 

“In the event, everything ran smoothly even though there were slightly less than one billion cyber attacks on our Census digital system on Census day, 10 August 2021,” Gruen stated. 

Australia’s second-ever digital census was conducted from 28 July 2021 to 1 October 2021, and during that time the public-facing systems were under constant attack. 

ABS collaborated with the Australian Cyber Security Center (ACSC), PricewaterhouseCoopers (PwC), and Amazon Web Services (AWS) to simulate attack scenarios and enhance its defenses. The officials also worked with ethical hackers to discover security loopholes in its systems. 

“While it is hard to quantify what an attack is, in our case, these were connections that were obviously malicious which we blocked, either automatically or manually,” Gruen said. On census day alone we blocked 308,735 malicious connections, and on investigating these we blocked 130,000 IP addresses which were the source of this attack traffic.” 

The ABS said it would continue to prepare for malicious cyber-attacks and has taken multiple steps to guard the data under its possession, which includes testing its systems with information security registered assessors accredited by the Australian Cyber Security Centre. 

To bolster national cybersecurity defense, the Australian government has also passed a resolution to spend A$1.66 billion ($1.1 billion). Earlier this year in March, the government put forward a A$10 billion ($7.5 billion) security spending package dubbed “REDSPICE” (Resilience, Effects, Defense, Space, Intelligence, Cyber Enablers) to address the national cybersecurity issues. 

“There is an element here that cybercrime is growing really quickly around the world – there was an Interpol conference yesterday where the kind of police heads of forces from around the world got together and their message to the community was that cybercrime is now their main crime concern internationally,” cybersecurity Minister Clare O’Neil stated in response to the recent Medibank ransomware attack.
Read more »
Sensitive Information
ABC ACSC Australia Cyber Attacks Data Theft FBI Healthcare Medibank Melbourne Optus Attack Sensitive Information

Cyber-Attackers Claim to Have Accessed Customer Data at Medibank Australia

 


According to Medibank, which covers one in six Australians, an unidentified person notified the company that some 200 gigabytes of data had been stolen. This included medical diagnoses and medical treatments, as part of a theft that began a week earlier when the company disclosed a theft of 200 gigabytes of data.

As far as the number of its 4 million customers who may have been affected, the company did not provide information. However, it warned that the number is likely to rise as the issue unfolds. It was announced by the Australian Federal Police that they had opened an investigation into the breach, but that they had no further comments to make.

An Australian newspaper report has warned that the data of at least 10 million customers may have been stolen. This adds a heightened layer of intrigue to a wave of cyberattacks on the country's largest companies since No. 2 Telco Optus, owned by Singapore Telecommunications Ltd, revealed a month ago that the data of ten million customers may have been stolen. 

The majority of public commentary has so far focused on the possibility that hackers could gain access to bank accounts if they steal data or used identity theft to gain access to personal information. An article in the Sydney Morning Herald stated that it received a message from a person claiming to be the Medibank hacker threatening to publish medical records for high-profile individuals without receiving any payment until the hacker has been paid for his or her work.

Currently, the Melbourne-based security company is working with several cyber-security firms and has also contacted the Australian Cyber Security Centre (ACSC), which is the government's lead agency for cyber security.

"This is a situation where we have very sensitive information regarding healthcare and that information, if made public by itself, could cause severe harm to Australians, and that is why we at the Australian Broadcasting Corporation are so actively involved with this," said Cybersecurity Minister Clare O'Neill in an exclusive interview with the ABC.

As cyber security experts pointed out, it was unclear whether the three disclosures on data breaches were related to a single incident. This is because these attacks were diverse. However, the perceived publicity generated by the Optus attack may have drawn public attention to the hacker networks created by this company.

"When there is the highly visible breach, such as what happened to Optus in Australia, then hackers take notice of it and think they are planning to try to see what I can get away with down there," said the executive editor Jeremy Kirk for Information Security Media Group, one of the leading cybersecurity specialist magazines out there.

Interestingly, more than 2.2 million shoppers get their bargains on a bargain website that is used by Optus rival Telstra Corp Ltd. which on Tuesday disclosed an issue with employee data breaches, while Woolworths Group Ltd on Thursday said an unidentified party gained unauthorized access to the customer database of that site.

It has been well documented that high-profile data breaches demonstrate how crucial it is to use multi-factor authentication at every level of a company's network - i.e. when the person uses an authentication code sent to a separate device to log in - to prevent data breaches, according to Sanjay Jha, chief scientist at the University of New South Wales Institute for Cybersecurity.

Jha told Reuters over the phone that, although they have implemented such controls for end users, they should have even tougher controls for internal servers, since server security is a major concern.

"Continuous authentication is necessary for people not to log in and leave after logging in and leave forever, allowing attackers to access your computer and compromise it." Jha continued.

Founder and chief intelligence officer of F5, Dan Woods, a former FBI cyberterrorism investigator, commented that Australia had "undoubtedly endured its most difficult few weeks from a cybercrime perspective, but on the positive side, it's been a wake-up call for the country, one that it may have needed." 
Read more »
Optus Breach
Australia Data Breach Data Leaked online data risks Optus Breach

19-Year-Old Arrested for Using Leaked Optus Breach Data in SMS Scam

The Australian Federal Police (AFP) took a 19-year-old teen into its custody for allegedly attempting to leverage the data leaked following the Optus data breach late last month to extort victims. 

Officials said that the accused was running a text message blackmail scam, asking victims to transfer $2,000 to a bank account or they will risk getting their personal information misused for fraudulent activities. Credentials of almost 10 million customers were exposed in the Optus breach, including millions of passports, medicare numbers, and driver’s licenses. 

This attack raised questions as to why multiple organizations need to collect and store so much personal data of customers. Following the incident, the government of Australia is now considering developing a single digital identification service that businesses could use instead. However, the public is questioning this development. 

 “Within the audit’s remit is to consider how myGov can deliver seamless services that will frequently involve private enterprise service providers. This would prevent the need for citizens to provide sensitive data multiple times to multiple entities,” Shorten’s spokesperson said. 

As per the police, they have collected a sample database of 10,200 records that was posted briefly on a cybercrime forum accessible on the clearnet by an actor named "optusdata," before taking it down. 

The AFP further added that a search warrant at the home of the offender has been executed in which they have successfully seized a mobile phone used to send text messages to about 93 Optus customers.

"At this stage, it appears none of the individuals who received the text message transferred money to the account," the statement reads. 

The offender has been charged with using a telecommunication network with the intent to commit a serious offense and dealing with identification information. In both cases, the offender has to spend 10 and 7 years, respectively in imprisonment.
Read more »
Subscribe to: Posts (Atom)