Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label ACSC. Show all posts

Cyber-Attackers Claim to Have Accessed Customer Data at Medibank Australia

 


According to Medibank, which covers one in six Australians, an unidentified person notified the company that some 200 gigabytes of data had been stolen. This included medical diagnoses and medical treatments, as part of a theft that began a week earlier when the company disclosed a theft of 200 gigabytes of data.

As far as the number of its 4 million customers who may have been affected, the company did not provide information. However, it warned that the number is likely to rise as the issue unfolds. It was announced by the Australian Federal Police that they had opened an investigation into the breach, but that they had no further comments to make.

An Australian newspaper report has warned that the data of at least 10 million customers may have been stolen. This adds a heightened layer of intrigue to a wave of cyberattacks on the country's largest companies since No. 2 Telco Optus, owned by Singapore Telecommunications Ltd, revealed a month ago that the data of ten million customers may have been stolen. 

The majority of public commentary has so far focused on the possibility that hackers could gain access to bank accounts if they steal data or used identity theft to gain access to personal information. An article in the Sydney Morning Herald stated that it received a message from a person claiming to be the Medibank hacker threatening to publish medical records for high-profile individuals without receiving any payment until the hacker has been paid for his or her work.

Currently, the Melbourne-based security company is working with several cyber-security firms and has also contacted the Australian Cyber Security Centre (ACSC), which is the government's lead agency for cyber security.

"This is a situation where we have very sensitive information regarding healthcare and that information, if made public by itself, could cause severe harm to Australians, and that is why we at the Australian Broadcasting Corporation are so actively involved with this," said Cybersecurity Minister Clare O'Neill in an exclusive interview with the ABC.

As cyber security experts pointed out, it was unclear whether the three disclosures on data breaches were related to a single incident. This is because these attacks were diverse. However, the perceived publicity generated by the Optus attack may have drawn public attention to the hacker networks created by this company.

"When there is the highly visible breach, such as what happened to Optus in Australia, then hackers take notice of it and think they are planning to try to see what I can get away with down there," said the executive editor Jeremy Kirk for Information Security Media Group, one of the leading cybersecurity specialist magazines out there.

Interestingly, more than 2.2 million shoppers get their bargains on a bargain website that is used by Optus rival Telstra Corp Ltd. which on Tuesday disclosed an issue with employee data breaches, while Woolworths Group Ltd on Thursday said an unidentified party gained unauthorized access to the customer database of that site.

It has been well documented that high-profile data breaches demonstrate how crucial it is to use multi-factor authentication at every level of a company's network - i.e. when the person uses an authentication code sent to a separate device to log in - to prevent data breaches, according to Sanjay Jha, chief scientist at the University of New South Wales Institute for Cybersecurity.

Jha told Reuters over the phone that, although they have implemented such controls for end users, they should have even tougher controls for internal servers, since server security is a major concern.

"Continuous authentication is necessary for people not to log in and leave after logging in and leave forever, allowing attackers to access your computer and compromise it." Jha continued.

Founder and chief intelligence officer of F5, Dan Woods, a former FBI cyberterrorism investigator, commented that Australia had "undoubtedly endured its most difficult few weeks from a cybercrime perspective, but on the positive side, it's been a wake-up call for the country, one that it may have needed." 

Oxfam Australia 1.7 Million users Compromise with the Data Breach

 

Recently, a hacking threat group has supposedly infected the data of 1.7 billion users, which is being investigated by Oxfam Australia – a humanitarian and non-profit organization that witnessed data breach and blatant violation of privacy. 

Oxfam Australia is a secular association which is focused on development and assistance, it is an autonomous organization that operates within the broader framework of Oxfam Umbrella to eradicate poverty across Australia, Asia, Africa, and the Middle East.

The company said in a statement on Thursday 4th of February, that they were informed about the data breach at the end of last week and that they immediately instigated an investigation to uncover the motives, origins, and damage incurred. 

Oxfam Australia is investigating a possible violation of privacy after a threat actor claimed to sell their database on a hacker website. The dark web database sample contains email addresses, names, physical addresses, telephone numbers, and donation sums, which seems to be all legit data to customers. One of the records includes legal donor data from threat actor pooled sample data. Although it is still unknown whether any data has been compromised, it was revealed earlier this week that a threat actor was trying to sell a charity database. Forensic experts were asked to help determine whether data were accessed and whether their supporters were affected. Oxfam Australia said they are currently undertaking investigations into the breach and have reported the infringements to the Australian Cyber Security Centre (ACSC) and Office of the Australian Information Commissioner (OAIC). 

"Late last week, Oxfam Australia was alerted to a suspected data incident. Oxfam immediately launched an investigation and engaged market-leading experts to assist in identifying whether data may have been accessed and any impact on its supporters." 

Chief Executive Lyn Morgain said, “Oxfam Australia had reported the matter to the Australian Cyber Security Centre (ACSC) and the Office of the Australian Information Commissioner (OAIC) while continuing to investigate the suspected incident.” 

In order to warn them of the alleged violation, Oxfam contacted supporters and stakeholders. Although no official confirmation was issued for the cyber-attack, an information violation has probably occurred based on the threat actor details. 

In these regards, all contributors and registered users on the Oxfam Australia platform need to update their passwords. They also need to change it if they use the same password on other pages. Threat actors may also use the data suspected to conduct targeted phishing attacks in that database. Both donors can watch for phishing attacks from Oxfam and submit additional personal details. 

Morgain added that “We are committed to communicating quickly to our supporters once the facts have been established, and we will provide updates as we learn more.”

Australian Cyber Security Centre Hit by Cyber Security Attack

 

The Australian Cyber Security Centre is on high alert for the vulnerability lately. The Australian corporate regulator has been the latest high-profile survivor of a hacking attack on the same program that used to target both the New Zealand Reserve Bank and the Allens law firm. On Monday (25th January) evening, a 'cyber safety incident involving a server used by ASIC' was said to have been hit by the Australian Securities and Investments Commission. 

It all started when the Australia Securities Regulator reported that a server that was used to move files, including credit license applications, recently had a data security violation, where possibly some information has been viewed. The ASIC (Australian Securities and Investments Commission) said it became aware of the case on 15 January, but the credit license form(s) or attachments did not seem to have been downloaded, however. 

Furthermore, the ASIC stated that “This incident is related to Accellion software used by ASIC to transfer files and attachments. It involved unauthorized access to a server which contained documents associated with recent Australian credit license applications.” Moreover, the regulator also said that “While the investigation is ongoing, it appears that there is some risk that some limited information may have been viewed by the threat actor. At this time ASIC has not seen evidence that any Australian credit license application forms or any attachments were opened or downloaded.” Accellion's file transfer program framework is a two-decade-old product but was revised last year after it heard about system vulnerabilities. The same incident occurred with the file-sharing software provided by Accellion based in California. The same software was also used by the New Zealand Central Bank, which suffered a cyber attack earlier this month. 

The server was disabled and there was no abuse of any other tech infrastructure, added the ASIC, “No other ASIC technology infrastructure has been impacted or breached. ASIC is working with Accellion and has notified the relevant agencies as well as impacted parties to respond to and manage the incident.” 

“ASIC’s IT team and cybersecurity advisers engaged by ASIC are undertaking a detailed forensic investigation and working to bring systems back online safely,” says the regulator.