Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label Australia. Show all posts
Scammer
Australia Cyber Attacks fake payment cards fake websites Malicious Link MyGov App Online Payment Fraud Payment Fraud Scammer

Scammers Use Fake Centrelink Promises to Target Australians Online

 

Australians have been cautioned about a recent wave of scam websites falsely advertising significant Centrelink payments. These sites promise financial boosts, sometimes hundreds or thousands of dollars, to low-income residents and seniors, exploiting people facing financial challenges. Fraudsters create convincing websites that mimic government agencies like Centrelink, Service Australia, and myGov, claiming these funds are aimed at helping Australians manage the rising cost of living. To create legitimacy, scammers have designed sites that appear to offer eligibility checks, which are actually tactics to gather personal details. 

These scams largely stem from international sources, including countries like India, and often display website URLs ending in “.in” instead of “.gov.au,” an indicator of their inauthenticity. If Australians are lured into these sites, they might be asked to enter personal information, leading to risks of identity theft, unauthorized access to accounts, or financial loss. Scammers also contact victims through text messages, emails, and even direct calls, adding urgency by claiming that immediate action is required to avoid consequences such as account closures or legal threats. The National Anti-Scam Centre has warned users not to trust unsolicited links or messages, as legitimate government organizations do not send out emails or texts asking for login credentials. 

To safeguard against these scams, Australians should only rely on official government websites such as servicesaustralia.gov.au and my.gov.au, as these sites have secure government domains that are easily recognizable. If users are unsure about a message or website, they should verify through official contact channels or report the suspected scam to authorities. Fake Centrelink promises have targeted people’s vulnerabilities by exploiting the challenging economic conditions many Australians currently face. As such, the National Anti-Scam Centre and Services Australia have been actively educating citizens on how to spot fake offers. Scams typically feature enticing language, such as “life-changing benefits,” or make claims about “one-off payments” to attract attention. 

Although these offers may sound appealing, it’s essential to remember that if a promise sounds too good to be true, it likely is. Identifying and reporting such scams can help prevent others from falling victim to these frauds. Authorities urge everyone to double-check website URLs, avoid clicking on suspicious links, and never disclose personal information to unverified sources. The Australian government has intensified efforts to address these scams, working to identify, block, and take down fraudulent sites where possible. While scammers’ techniques evolve, Australians can protect themselves by staying informed, cautious, and vigilant.
Read more »
Public Wifi
Australia Cyber Attacks data security Hacker attack Internet Safety Network Attacks Network Security Public Wifi

Avoid Evil Twin Attacks: Hackers Target Public Wi-Fi in Airports and Coffee Shops

 

Travelers have long been warned about the dangers of public Wi-Fi, especially in places like airports, where lax security makes them a hacker’s playground. A recent arrest in Australia has drawn attention to the resurgence of “evil twin” attacks, where cybercriminals set up fake Wi-Fi networks to steal login credentials. This type of cybercrime, known as a “Man in the Middle” attack, allows hackers to create a seemingly legitimate Wi-Fi network that unsuspecting users connect to, unknowingly handing over personal information. 

The Australian case involved a man who set up fake Wi-Fi networks at airports and on domestic flights to steal credentials. Hackers like him can easily disguise their operations with small devices, hidden in plain sight, that mimic legitimate networks. Travelers, eager for free Wi-Fi, often overlook warning signs and quickly connect without verifying the network’s authenticity. Once connected, they enter their credentials on fake login pages designed to collect sensitive information. The ease of executing these attacks, combined with users’ familiarity with free Wi-Fi, makes evil twin attacks increasingly common. 

Hackers don’t need high-tech equipment or skills—just motivation and a basic understanding of how to set up a convincing rogue network. Once personal details are collected, they can be used for further exploitation, like accessing social media or bank accounts. To protect against evil twin attacks, experts recommend using mobile hotspots instead of public Wi-Fi. By creating your own hotspot, you control the network and can set a secure password. A VPN is another helpful tool, as it encrypts data, making it unreadable even if intercepted. For travelers unable to avoid public Wi-Fi, it’s essential to be cautious, verify network names, and avoid entering sensitive information on unfamiliar networks. 

The Australian case highlights how few cybercriminals are caught, despite the frequent occurrence of evil twin attacks. Airlines and airports are not always equipped to handle such threats, so it falls on travelers to take responsibility for their own cybersecurity. In this case, the attacker managed to steal dozens of credentials before being apprehended, a rarity in the world of cybercrime.  

With public Wi-Fi so widely available and used, it’s critical for travelers to remain vigilant. Hackers only need a small percentage of users to fall for their trap to succeed. Next time you find yourself at an airport, think twice before connecting to free Wi-Fi—it might just be safer to bring your own network.
Read more »
Small Businesses
Australia Australian Businesses Customer Data Cyber Security awareness Data Breach Data Leak small business security Small Businesses

Small Trade Businesses Urged to Strengthen Security After Total Tools Data Breach

 

Small trade businesses are on high alert following a significant data breach at Total Tools, a major Australian hardware retailer, which exposed sensitive information of over 38,000 customers. This breach compromised customer names, credit card details, email addresses, passwords, mobile numbers, and shipping addresses, making small trade businesses potential targets for secondary cyberattacks. 

The CEO of the Council of Small Business Organisations Australia (COSBOA), Luke Achterstraat, emphasized the importance of heightened vigilance for businesses, especially those in the construction and trades sector, as they face increased risks of cyber threats. Achterstraat urged all businesses with online hardware accounts to monitor for any unusual activity in the coming days and weeks. He stressed the importance of protecting sensitive data, finances, and client information from potential scams and fraud. COSBOA recommends businesses to immediately review their security protocols, change all passwords linked to Total Tools accounts, and enable two-factor authentication where possible to minimize the risk of unauthorized access. 

To further support small businesses, COSBOA is promoting the Cyber Wardens program, a free eLearning initiative funded by the Federal Government. This program is designed to help small businesses and their employees fortify their digital defenses against cyber threats, equipping them with the knowledge to identify and prevent cyberattacks. COSBOA has partnered with industry bodies such as the Master Builders Association, the National Timber and Hardware Association, and the Master Grocers Association to ensure that small businesses across Australia have access to the necessary resources to safeguard against cybercrime. 

With cyberattacks on the rise, especially in sectors like construction and trades, small businesses must stay informed and prepared. Hackers often exploit vulnerabilities in these industries due to the valuable data they handle, such as payment information, client details, and supplier contracts. Therefore, investing time in employee training and implementing cybersecurity best practices can significantly reduce the risk of future breaches. The recent data leak at Total Tools serves as a critical reminder that even trusted suppliers can fall victim to cyberattacks, putting customers and affiliated businesses at risk. As more companies move toward digital solutions, the importance of cybersecurity can’t be overstated. COSBOA’s efforts, through the Cyber Wardens program, aim to create a more secure environment for Australia’s 2.5 million small businesses, ensuring they are well-equipped to tackle the ever-evolving cyber threats. 

In addition to joining cybersecurity programs, businesses should regularly update software, employ strong, unique passwords, and back up essential data to reduce the impact of potential breaches. By taking these proactive steps, small trade businesses can enhance their digital security, ensuring they remain resilient against future cyber threats.
Read more »
Threat Landscape
Australia Cyber Security Energy sector IT Management Threat Landscape

Cyber Security: A Rising Threat to Australia’s Renewable Energy Campaign

 

Australia is striving to become a more energy-efficient nation. The Australian Renewable Energy Agency recently announced a $100 million effort to research and develop solar energy technologies. Further investments in energy storage, pumped hydro, and low-carbon systems may be equally substantial. 

However, the nation must also address an underlying issue: the integration of solid IT and software foundations into the OT systems that power the grids. Without these, Australia may struggle to fully meet its renewable energy goals.

Combination of IT and OT

OT refers to software and hardware that identifies or creates changes in the enterprise by directly monitoring and controlling physical devices, processes, and events. IT refers to the use of systems, particularly computers and telecommunications, to store, retrieve, and transmit information. 

Traditionally, these two types of technology have been kept segregated and controlled separately. However, the combination of OT and IT is critical for the modernisation of energy networks. According to IBM, the integration must be effective in four areas: 

Smart meters: It detects energy usage in real time at the consumer's end, delivering comprehensive consumption patterns to both the consumer and the energy provider. 

Sensors and automation devices: These are used across the grid to monitor voltage, current, and load capacity, among other metrics. They can automatically alter parameters to avoid overloads and long-term, large-scale outages.

Communication networks: As the backbone of any smart grid, communication networks enable data transmission between diverse components such as sensors, automated devices, and control centres. Transmission systems can be wired or wireless, and can use a variety of protocols and communication technologies, including Wi-Fi, Z-Wave, Zigbee, and 4G/5G. 

Software and analytics: Smart grids generate vast volumes of data. Utility companies use complex software and analytics technologies to handle, analyse, and interpret this data. This software, and the data it gives, can assist providers in predicting demand patterns, identifying potential concerns, and optimising the distribution network. 

Cyber threats 

Australia is at serious risk of facing cyber threats via OT technology, which will have an impact on the country's renewable energy aspirations. With 82% of organisations suffering cyber attacks via OT systems, there is an increasing risk being brought into Australia's electricity grid as it digitalises.

The country is also becoming more reliant on a highly decentralised energy approach, which increases the attack surface significantly. Rooftop solar, for example, consists of solar panels installed on individual homes and businesses that are then connected to the grid via IoT devices, software, and digital technologies. This has contributed to 40% of Australia's energy being supplied by renewable sources. 

Need to increase investment 

For Australia to sustainably harness renewable energy, it must lay solid IT foundations. The Australian Energy Sector Cyber Security Framework is a positive regulatory step that builds on successful frameworks like the U.S. Department of Energy's Electricity Subsector Cybersecurity Capability Maturing Model and aligns it with Australian-specific control references like the ACSC Essential 8. 

However, the IT channel, which includes IT professionals and service providers, as well as IT experts, must bring the skills and expertise required to manage and protect integrated energy systems. This includes knowing the particular issues of OT environments as well as how to effectively implement IT solutions. This strategy can help Australia achieve a renewable energy transition that is both successful and secure against an increasing number of cyber threats.
Read more »
MediSecure
Australia cyber attack Data financial strain Hacking Healthcare MediSecure

Massive Cyber Attack Hits MediSecure, Impacting Millions of Australians

 



In a shocking revelation, MediSecure, an eprescription provider, has confirmed that approximately 12.9 million Australians have been affected by a cyberattack that occurred in April. This incident has surpassed previous notable breaches, including the Optus and Medibank data breaches in 2022, in terms of the number of individuals impacted.

The administrators of MediSecure, FTI Consulting, disclosed that the compromised data includes individuals' healthcare identifiers. However, due to the complexity and sheer volume of the data involved, identifying the specific individuals whose data was stolen is financially unfeasible for the company. This inability to pinpoint affected individuals prevents MediSecure from notifying them about the breach.

Data Complexity and Financial Constraints

The compromised server contained 6.5 terabytes of data, equivalent to billions of pages of text. This data was stored in a mix of semi-structured and unstructured formats, making it extremely difficult to analyse without incurring substantial costs. The encrypted nature of the server further complicates efforts to determine the exact information accessed by the malicious actors. MediSecure's financial limitations have left the company unable to afford the extensive resources needed to sift through the massive amount of data.

Notification Delays and Administrative Actions

Despite the hack occurring in April, MediSecure did not make the incident public until May. The delayed notification has raised concerns about the company's crisis management and communication strategies. Subsequently, the company entered administration in June, and its subsidiary, Operations MDS, went into liquidation. This subsidiary was identified as the main trading entity of the corporate group, highlighting the severe impact of the cyberattack on the company's operational capabilities.

Impact on Healthcare Services

MediSecure had provided a crucial service that allowed healthcare professionals, such as general practitioners, to send electronic prescriptions to patients. However, this service has not been used for new electronic prescriptions since November 15, following a decision by the federal Health Department to designate eRx as the sole e-script provider. This shift has left many healthcare providers scrambling to adapt to the new system, further complicating the ecosystem for electronic healthcare services in Australia.

The MediSecure cyberattack highlights the growing threat of data breaches and the challenges companies face in managing and mitigating such incidents. With 12.9 million Australians potentially affected and the company unable to notify them, the breach underscores the need for robust cybersecurity measures and the financial resilience to respond effectively to such crises. This incident serves as a stark reminder of the vulnerabilities that exist in the digital age and the critical importance of safeguarding sensitive information.


Read more »
User Safety
Australia Cyber Fraud Data Leak Data Privacy Flight Scam User Safety

Australian Man Arrested for Evil Twin Wi-Fi Attacks on Domestic Flights

 

Police in Australia have arrested and charged a man with nine cybercrime crimes for allegedly setting up fictitious public Wi-Fi networks using a portable wireless access point to steal data from unsuspecting users. 

The man designed "evil twin" Wi-Fi networks at airports, during flights, and other places related to his "previous employment" that would deceive people into registering into the fake network using their email address or social media accounts. Police stated the login data was then transferred to the man's devices. 

Dozens of credentials were reportedly obtained. This information might have enabled the perpetrator to get access to victims' accounts and possibly steal further sensitive information such as banking login details or other personal information. Employees of the airline noticed one of the strange in-flight Wi-Fi networks. The anonymous Australian airline then reported the Wi-Fi's presence to authorities, who investigated the situation in April and arrested the suspect in May. 

According to the Australian Broadcasting Corporation, the man, Michael Clapsis, appeared before Perth Magistrates Court and was subsequently released on "strict" bail with limited internet access. He also had to submit his passport. Clapsis' LinkedIn profile, which has since been deleted, hints that he may have previously worked for a shipping company. 

He has been charged with three counts of unauthorised impairment of electronic communication, three counts of possession or control of data with the intent to commit a serious offence, one count of unauthorised access or modification of restricted data, one count of dishonestly obtaining or dealing in personal financial information, and one count of possessing identification information with the intent to commit an offence. Clapsis is set to appear in court again in August. 

Evil twin attacks can use a variety of tactics to steal victims' data. However, they typically entail providing free Wi-Fi networks that appear genuine but actually contain "login pages" designed to steal your data. Genuine Wi-Fi networks should never ask you to login using your social media credentials or provide a password for any of your accounts. It is also recommended to use a VPN and avoid connecting to public Wi-Fi networks when a more secure option is available.
Read more »
IT Infrastructure
Australia Australian Businesses Cyberattack cybercriminals Data Breach Fortinet Hacker attack Hackers IT Infrastructure

The Growing Threat of Data Breaches to Australian Businesses

 

Data breaches are now a significant threat to Australian businesses, posing the risk of "irreversible brand damage." A cybersecurity expert from Fortinet, a global leader in the field, has raised alarms about cybercriminals increasingly targeting the nation’s critical infrastructure. Cybercriminals are continually finding new ways to infiltrate Australia’s infrastructure, making businesses highly vulnerable to attacks. 

The Australian federal government has identified 11 critical sectors under the Security of Critical Infrastructure Act, which was amended in 2018 to enforce stricter regulations. Businesses in these sectors are required to complete annual reporting to notify the federal government of any attempts to access their networks. Michael Murphy, Fortinet’s Head of Operational Technology and Critical Infrastructure, recently discussed the severity of cyber threats on Sky News Business Weekend. During the 2022-2023 financial year, 188 cybersecurity incidents were reported across critical sectors, highlighting ongoing risks to national networks like water and energy supplies. 

Additionally, the Australian Bureau of Statistics found that 34 percent of businesses experienced resource losses managing cybersecurity attacks in the 2021-2022 financial year, and 22 percent of Australian businesses faced a cybersecurity attack during that period—more than double the previous year’s figure. Even small businesses are now vulnerable to cybercrime. Murphy pointed out that among entities with mandatory reporting, 188 incidents were reported, with 142 incidents reported by entities outside of critical infrastructure, demonstrating the widespread nature of the threat. He explained that hackers are motivated by various factors beyond financial gain, including the desire for control. 

The consequences of cyber attacks can be severe, disrupting systems and causing significant downtime, which leads to revenue loss and irreversible brand damage. Critical infrastructure sectors face unique challenges compared to the IT enterprise. Quick restoration of systems is often not an option, and recovery can take considerable time. This extended downtime not only affects revenue but also damages the reputation and trustworthiness of the affected organizations. Murphy noted that many incidents are driven by motives such as financial profiteering, socio-political influence, or simply the desire of hackers and syndicates to boost their credibility. 

As cyber threats evolve, it is crucial for businesses, especially those in critical infrastructure sectors, to strengthen their cybersecurity measures. While annual reporting and adherence to federal regulations are essential, proactive strategies and advanced security technologies are necessary to mitigate risks effectively.
Read more »
Privacy and Security
Australia Data Breach Data Leak Domestic Violence Privacy and Security

Data of Domestic Violence Victims Leaked in ZircoDATA Hack

 

Monash Health, a Victorian public health agency, has announced that it had been impacted by the recent ZircoDATA hack. 

Earlier this year in February, ZircoDATA, which provides safe document storage, data management, and digital conversion of 9,000 clients across Australia, reported a system vulnerability. The Victoria-based company also manages some of Monash Health's archived historical documents. 

Monash Health stated on May 3 that the hack revealed some of its historic data on domestic violence sufferers. 

"Investigation analysis indicates that the Monash Health information involved in the ZircoDATA data breach relates to a selection of archived data from the family violence and sexual assault support units at Monash Medical Centre, the Queen Victoria Hospital, and Southern Health, limited to the period from 1970 to 1993," noted Eugine Yafele, Monash Health chief executive, in a statement.

The National Office of Cyber Security has been informed of this incident. Monash Health said that the cyber attack had not compromised or damaged its systems. 

"Monash Health is deeply sorry that the external breach has occurred, and we continue to work with ZircoDATA in the investigation," Yafele added. 

The larger trend

The ransomware group Black Basta has taken credit for breaking into ZircoDATA on the dark web, claiming to have stolen nearly 395 gigabytes of data, including confidential agreements, financial papers, and personal data. The first ransom deadline was March 1st. 

ZircoDATA has received support from Lieutenant General Michelle McGuinness, the National Cyber Security Coordinator, in notifying its impacted customers. She added that other branches of the government have also been affected.

"The majority of these entities are still in the process of working with ZircoDATA to identify impacted data and any victims and are yet to begin notifying impacted individuals. There are clear processes for ZircoDATA and the affected government entities to work through," McGuinness noted. 

Before the new year, St Vincent's Health, one of the country's largest not-for-profit health and aged care organisations, disclosed a data breach by unidentified hackers, though no sensitive information was stolen.
Read more »
Outabox
Australia cyber attack Cyber Attacks Facial Recognition System Outabox

Facial Recognition System Breach Sparks Privacy Concerns in Australia

A significant privacy breach has shaken up the club scene in Australia, as a facial recognition system deployed across multiple nightlife venues became the target of a cyberattack. Outabox, the Australian firm responsible for the technology, is facing intense scrutiny in the aftermath of the breach, sparking widespread concerns regarding personal data security in the era of advanced surveillance. Reports indicate that sensitive personal information, including facial images and biometric data, has been exposed, raising alarms among patrons and authorities. 

As regulators rush to assess the situation and ensure accountability, doubts arise about the effectiveness of existing safeguards against such breaches. Outabox has promised full cooperation with investigations but is under increasing pressure to address the breach's repercussions promptly and decisively. Initially introduced as a safety measure to monitor visitors' temperatures during the COVID-19 pandemic, Outabox's facial recognition kiosks evolved to include identifying individuals in self-exclusion programs for gambling, showcasing the company's innovative use of technology. 

However, recent developments have revealed a troubling scenario with the emergence of a website called "Have I Been Outaboxed." Claiming to be created by former Outabox employees based in the Philippines, the site alleges mishandling of over a million records, including facial biometrics, driver's licenses, and various personal identifiers. This revelation highlights serious concerns regarding Outabox's security and privacy practices, emphasizing the need for robust data protection measures and transparent communication with both employees and the public. 

Allegations on the "Have I Been Outaboxed" website suggest that the leaked data includes a trove of personal information such as facial recognition biometrics, driver's licenses, club memberships, addresses, and more. The severity of this breach is underscored by claims that extensive membership data from IGT, a major supplier of gaming machines, was also compromised, although IGT representatives have denied this assertion. 

This breach has triggered a robust reaction from privacy advocates and regulators, who are deeply concerned about the significant implications of exposing such extensive personal data. Beyond the immediate impact on affected individuals, the incident serves as a stark reminder of the ethical considerations surrounding the deployment of surveillance technologies. It underscores the delicate balance between security imperatives and the protection of individual privacy rights.
Read more »
SOCI
Australia Cloud Security Cyber Security Medibank Optus Attack SOCI

Australia Takes Stride In Cybersecurity Measures



In the aftermath of several high-profile cyber attacks targeting key entities like Optus and Medibank, Australia is doubling down on its efforts to bolster cybersecurity across the nation. The Australian government has unveiled a comprehensive plan to overhaul cybersecurity laws and regulations, aiming to strengthen the country's resilience against evolving cyber threats.

A recent consultation paper released by government officials outlines a series of proposed reforms designed to position Australia as a global leader in cybersecurity by 2030. These proposals include amendments to existing cybercrime laws and revisions to the Security of Critical Infrastructure (SOCI) Act 2018, with a focus on enhancing threat prevention, information sharing, and cyber incident response capabilities.

The vulnerabilities exposed during the cyberattacks, attributed to basic errors and inadequate cyber hygiene, have highlighted the urgent need for improved cybersecurity practices. As part of the government's strategy, collaboration with the private sector is emphasised to foster a new era of public-private partnership in enhancing Australia's cybersecurity and resilience.

Key reforms proposed in the consultation paper include mandating secure-by-design standards for Internet of Things (IoT) devices, instituting a ransomware reporting requirement, and establishing a national Cyber Incident Review Board. Additionally, revisions to the SOCI Act 2018 aim to provide clearer guidance for critical industries and streamline information-sharing mechanisms to facilitate more effective responses to cyber threats.

Australia's expansive geography presents unique challenges in safeguarding critical infrastructure, particularly in industries such as mining and maritime, which rely on dispersed and remote facilities. The transition to digital technologies has exposed legacy equipment to cyber threats, necessitating measures to mitigate risks effectively.

Addressing the cybersecurity skills gap is also a priority, with the government planning to adopt international standards and provide prescriptive guidance to enforce change through mandates. However, some experts have pointed out the absence of controls around software supply chains as a notable gap in the proposed policy.

Recognising our responsibility in enhancing cybersecurity, both the government and the private sector are making significant investments in information security and risk management. Gartner forecasts a substantial increase in spending on cloud security and other protective measures driven by heightened awareness and regulatory requirements.

With concerted efforts from stakeholders and a commitment to implementing robust cybersecurity measures, Australia aims to strengthen its resilience against cyber threats and secure its digital future.


Read more »
Supply Chain
Australia Christmas Goods Cyber Attacks Shipping Company Supply Chain

Cyberattack Could Lead to a Shortage of Christmas Goods in Australia

 

A cyberattack over the weekend partially closed four major Australian ports, raising concerns about cascading effects. 

Forty percent of the freight that enters the country is handled by DP World Australia, which discovered a security breach on Friday and immediately turned off its internet connection. 

This meant that throughout the weekend, the company's port operations in Sydney, Melbourne, Brisbane, and Fremantle were shut down. 

The company could not estimate how long it would take to recuperate from the cyberattack, but experts believe it could take weeks, prompting price hikes and rising inflationary pressure. 

According to AMP chief economist Shane Oliver, a lengthy disruption in the operations of UAE-owned DP World could have a ripple effect on the overall economy and help trigger another interest rate hike. 

He stated that the attack on DP World, as well as its inability to move goods in or out of its ports, constituted a supply shock, and that a prolonged closure could push up commodity prices, forcing the Reserve Bank to consider another interest rate hike at its December meeting.

“It goes to the nature of the supply shock here, and this could have an impact on the prices, and inflation rate, of goods, which has been coming down. If this stops that, or it pushes up prices, then the Reserve Bank could be looking at it at their December meeting,” Oliver noted. 

However, senior Westpac economist Justin Smirk stated that the Reserve Bank is beginning to consider disruptive incidents such as cyberattacks on supply chain infrastructure. 

The founder of the data breach tracker Have I Been Pwned and cybersecurity researcher Troy Hunt warned that disruptions to Australian consumers could last for weeks and have an impact on Christmas delivery. 

Hunt told this masthead, "If you look back to COVID, look at the sheer number of things that got disrupted just because bits and pieces couldn't get delivered." "It depends on the actions taken here as well; have the internal systems of [DP World] been destroyed?" 

He cited preliminary research from cybersecurity veteran Kevin Beaumont, who discovered that DP World was most likely the victim of a ransomware attack enabled by a vulnerability in Citrix NetScaler software. 

According to Hunt, ransomware groups are now far more professional than they used to be, with websites listing every victim and a countdown timer indicating how much longer they had to pay. 

“There’s … a financial motive for this sort of stuff,” Hunt noted. “Of course, we’ve seen this in Australia recently with the Medibank situation, we’re seeing this more and more. If you have a spin through some of the dark web ransomware websites, it’s just stunning the number of organisations that are listed on there.”
Read more »
Vulnerability
Australia Breach Customer Cyber Attacks Data Energy Experts Investigation Ransomware Report Security Software threat UK Vulnerability

Cyberattack Strikes Australian Energy Software Company Energy One

 

Energy One, an Australian company specializing in software solutions and services for the energy industry, has fallen victim to a cyber assault.

In an announcement made on Monday, the company revealed that the breach was identified on August 18 and had repercussions for certain internal systems both in Australia and the United Kingdom.

“As part of its work to ensure customer security, Energy One has disabled some links between its corporate and customer-facing systems,” Energy One said.

Energy One is actively engaged in an inquiry to ascertain the extent of the impact on customer-related systems and personal data. The organization is also committed to tracing the initial point of intrusion employed by the attacker.

Though detailed specifics about the attack are presently undisclosed, the company's official statement strongly suggests the possibility of a deliberate ransomware attack.

To facilitate the investigation, cybersecurity specialists have been enlisted, and competent authorities in both Australia and the UK have been informed about the incident.

According to a recent report by Searchlight Cyber, a British threat intelligence firm, malevolent actors have been peddling opportunities for initial access into energy sector enterprises globally, with prices ranging from $20 to $2,500.

Perpetrators of cybercrime can exploit various avenues, including Remote Desktop Protocol (RDP) access, compromised login credentials, and vulnerabilities in devices like Fortinet products.
Read more »
PwC
Australia CIop MOVEit Attack CLOP Clop Ransomware Cyber Security PwC

PwC Caught in the Crossfire: Australian Fallout from Major Cyber Breach Deepens

 


There has been a severe scandal going on at the accounting firm PwC over the past few weeks involving a tax scam and the company was dealt another blow as Russian hackers have just managed to steal sensitive information. 

It has come to the attention of PwC that a notable cyber breach has so far affected 267 Australian companies, and would also have a significant impact on many more corporations from other countries. In a recent attack on popular file-sharing software, cybercriminals with Russian connections broke into the system, which resulted in new high-profile attacks on the system. 

During the last week of May, clop, a cybercrime group, made its first attempt to break into the MOVEit file-sharing service. The company had begun the theft of data from various institutions, including agencies of the US federal government, Shell, the BBC, and many others. As more and more companies reveal that they have been targeted by the data breach, which has affected rival consultancy EY as well, this breach is expected to grow much larger by the day. 

The cybercrime group reportedly obtained client data after hacking third-party software called MOVEit, which PwC used to transfer confidential information. 

The hackers, who have executed two other global attacks in the last three years, have told companies to pay a ransom or have their files released online. “Pay attention to avoid extraordinary measures that may negatively impact your company,” Clop’s website reads. On Monday, PwC Australia confirmed it had used the software for a “limited number” of its clients, adding to its woes stemming from the Collins tax scandal. 

PwC said its initial investigations showed that the company’s internal IT network had not been compromised. The cyberattack on MOVEit had a limited impact on PwC. 

The firm had determined its own IT network had not been compromised, saying the breach was likely to have a "limited impact." PwC has reached out to the businesses whose files were affected and is discussing the next steps. The spokesman added that data security remained a "key priority" for the firm and that it was continuing to put "the right resources and safeguards in place" to protect its network and data.

Although the company appears to have escaped significant harm, the revelation comes at a poor time as it battles to regain governments' trust following the leaking of confidential tax information. 

Former PwC partner Peter Collins allegedly distributed documents describing the government's tax plans to other staff at the firm. This led to his registration termination with the Tax Practitioners Board. It also caused a slew of governments and their agencies to terminate agreements with the company. 

Clop demanded large ransoms for data return, but senior US officials have reportedly said no such demands have been made to federal agencies. It remains to be seen if the group will seek money from either of the Australian firms caught up in the breach. Progress, the company that created and maintains MOVEit software, patched the vulnerability within 48 hours. It also said it was aiding affected clients and had drafted in some of the world's best cybersecurity firms to assist with its response. 

In the face of a cybersecurity crisis that has hit Australia, PwC finds itself at the forefront, bracing for the expanding fallout. This incident serves as a stark reminder of the urgent need for robust cybersecurity measures and collaboration between organizations and government agencies. 

As the nation grapples with the aftermath, it becomes crucial for stakeholders to fortify their cybersecurity strategies, invest in advanced technologies, and enhance incident response capabilities. Australia must come together to address the immediate challenges and lay the groundwork for a more resilient and secure digital future.
Read more »
User Privacy
Australia Charity Organisation Data Breach Data Leak Human rights User Privacy

Amnesty International Takes a While to Disclose the Data Breach From December

 

Amnesty International Australia notified supporters via email last Friday that their data might be at risk owing to "anomalous activity" discovered in its IT infrastructure. 

The email was sent extremely late in the day or week, but it was also sent very far after the behaviour was discovered. The email, which Gizmodo Australia saw, claims that the activity was discovered towards the end of last year. 

“As soon as we became aware of this activity on 3 December 2022, we engaged leading external cyber security and forensic IT advisors to determine if any unauthorised access to our IT environment had occurred,” Amnesty International Australia stated.

“We acted quickly to ensure the AIA IT environment was secure and contained, put additional security measures in place and commenced an extensive investigation.” 

Amnesty International said that while it took the organisation some time to notify its supporters of a security breach, the investigation is now complete and has revealed that an unauthorised third party temporarily got access to its IT system. 

“In the course of this investigation, we identified that some low-risk information relating to individuals who made donations in 2019 was accessed, but of low risk of misuse,” the organisation added. 

Although "low risk" information was not defined, it is clear from the security advice that it offered that the data is most likely name, email address, and phone number. Despite being satisfied that the information obtained through the breach won't be used inappropriately, Amnesty International Australia advised its supporters to "carefully scrutinise all emails," "don't answer calls from unknown or private numbers," and "never click on links in SMS messages or social media messages you are not expecting to receive." 

The breach only affected the local arm of the charity, according to Amnesty International Australia, and did not affect any other branches. The statement further stated that although the scope of the "information accessed in the cyber event" did not match the requirements or level for notification under the Notifiable Data Breaches Scheme, Amnesty International Australia had decided to notify its supporters" in the interest of transparency".
Read more »
TPG
Australia Cyber Threats Data Breach Data threats TPG

Email Hack Hits 15,000 Business Customers of TPG

The second largest Australian telecommunications company TPG fell victim to a high-profile cyber attack. TPG is Australia’s No. 2 Internet service provider which serves 7.2 million accounts in the nation. TPG Telecom was previously known as Vodafone Hutchison Australia, however, it was renamed after its merger with TPG. 

The company released its documents on Wednesday in which it shared that the e-mails of up to 15,000 of its corporate customers had been breached. The company identified this attack during a forensic review. 

“TPG Telecom’s external cyber security advisers, Mandiant, advised that they found evidence of unauthorized access to a Hosted Exchange service which hosts email accounts for up to 15,000 iiNet and Westnet business customers,” the wireless carrier reported. 

The company also revealed that the group of threat actors was looking for cryptocurrency and other financial information. However, the company further did not describe whether customers’ data has been accessed during the attack or not. 

“We apologize unreservedly to the affected iiNet and Westnet Hosted Exchange business customers. We continue to investigate the incident and any potential impact on customers and are advising customers to take necessary precautions,” TPG Company's report read.  

As per the data, before this attack around 8 other Australian companies witnessed hacks since the month of October. These incidents are prompting public outrage in Australia. 

Following the reports, the government said last week that the government is working hard to develop a new cyber-security strategy to fight against cyber threats. Furthermore, the government is also considering banning the payment of ransom to threat actors. 

After the public announcement, the company further added that we had implemented measures against the vulnerabilities in the system to stop unauthorized access. Also, the company has started contacting all its customers on the exchange service affected by the incident. 

“The matter remains under investigation and we will be communicating with directly affected customers as more information becomes available,” the company added. 
Read more »
Scumbags
AFP Australia Cyber Attacks CyberCrime Hackers Medibank Russia Scumbags

Medibank's Hackers will be Hacked in Australia

 


Threat actors behind the Medibank hack that compromised nearly 10 million customers' private information are being hunted by the Australian government, cyber security minister Clare O'Neil said. 
A hack on Medibank's computer, which was attributed to Russian cybercriminals, was announced by the Australian Federal Police on Friday afternoon. 

AFP identified Russian criminals as the culprits without contacting Russian officials before the public announcement, as the embassy in Australia has expressed disappointment that the AFP has identified Russian-based criminals as the culprits without contacting Russian officials. 

In the statement released by the Consulate on Friday evening, the consulate mentioned that it encouraged the AFP to promptly contact the respective Russian law enforcement agencies to seek assistance. 

Combating cybercrime that adversely affects the lives of citizens and damages businesses is a complex task that demands a cooperative, non-political and responsible approach from all members of the international community. 

It was announced on Saturday that the Australian Federal Police (AFP) and the Australian Signals Directorate (ASD) have signed an agreement on the creation of a comprehensive policing model which will take into account both the Optus and Medicare data breaches and effectively deal with the criminals behind them. 

"Around 100 officers from these two organizations will be a part of this joint standing operation, and many of these officers will be physically co-located with the Australian Signals Directorate," she said.

As Ms. O'Neil pointed out, officers report to work every day of the week. The goal is to deal with these gangs and thugs in the most effective manner possible. 

Ms. Saunders explained, With this partnership, the Australian Government has formalized a standing body which will be responsible for the day-to-day pursuit and prosecution of the con men responsible for these malicious crimes against innocent people and who will, day in and day out, hunt them down. 

A group of the smartest and most determined people in Australia will be collaborating to track down the hackers. 

A New Permanent Policing Model 

In a statement, Attorney General Mark Dreyfus described the situation as "extremely distressing."

In response to the attack, the government released a statement stating that it would do everything it could to limit the impact of this horrible crime. It would also provide support and comfort to the families and friends of those who are affected. 

Dreyfus said in his remarks that the updated partnership between the AFP and the ASD aimed at fighting cyber criminals will be a permanent and formal agreement. 

The AFP, he explained, works full-time on this issue, and they are working with international partners, such as the FBI, which has done great work on this problem, with the assistance of their international partners, including the United Nations. 

As part of the investigation, AFP Commissioner Reece Kershaw on Friday said officers were also working with Interpol to track down the perpetrators of the crime. 

"We know who you are," he said. In the area of bringing overseas offenders back to Australia to face the justice system, it has been noted that the AFP has been doing a good job on the scoreboard. 

A Review of Australia's Diplomatic Relations With Russia is Currently Taking Place

There will be no slowdown in the work of the national security agencies because diplomatic channels with Russia will remain open concerning extradition, according to Mr. Dreyfus. 

According to the president of the Russian Federation, Russia should do all that it can to protect its citizens from engaging in these kinds of crimes, while within its borders. 

In a statement, Mr. Dreyfus said that his government is taking a close look at the options available to it. This is because it wants to maintain Russia's diplomatic profile in Australia. 

In regards to our diplomatic channels, we would like to maintain them as long as they are appropriate for our national interests. However, diplomatic profiles must always be consistent with that. 

A spokesman for the opposition's cyber security wing, James Paterson, said that the disclosure could have broad implications for Australia's Magnitsky regime. Those who violate the law are subject to this.

With the passage of the regime with bipartisan support, which was passed with the support of the Republican and Democratic Parties, it becomes possible to impose targeted financial sanctions and travel bans in response to serious corruption and significant cyberattacks. 

At a press conference earlier today, Prime Minister Albanese told reporters he was dismayed and disgusted by the actions of those who committed this crime. He authorized AFP officials to release the details as a matter of public interest. 

In the recent past, hackers have released more information about some of the medical records of their customers on the dark web, including information about abortions and alcoholism. 

A ransomware attack was carried out by a criminal group targeting Medibank's data, which resulted in close to 500,000 health claims, along with personal information, being stolen. 

There are several mental health and other support services available through Medibank's Resources Page, which is available to affected customers.
Read more »
User Privacy
Abortion Data Leak Australia Data Breach Data Leak Health Insurer User Privacy

Abortion Data of Medibank Patient’s Leaked on the Dark Web

 

Threat actors who siphoned customer data from Australia's largest health insurer Medibank last month have released sensitive details of patients' medical diagnoses and procedures, including abortions, onto the dark web. 

The ransomware group also disclosed they allegedly demanded a $US1 ($1.60) per customer ransom from the health insurer but Medibank refused to pay ransom for the data, a decision supported by the Australian government. 

"Added one more file abortions.csv ...," read a post on the blog. "Society asks us about ransom, it's a 10 million USD (A$15.5 million). We can make a discount 9.7m (A$15 million) 1$ (A$1.60) =1 customer." 

The file reportedly contained a spreadsheet with 303 customers' details alongside billing codes related to pregnancy terminations, including non-viable pregnancy, miscarriage, and ectopic pregnancy. 

Day after the data leak, minister for cyber security Clare O'Neil described the leak of the patients’ data as "morally reprehensible". 

"I want to say, particularly to the women whose private health information has been compromised overnight, as the minister for cybersecurity but more importantly, as a woman, this should not have happened, and I know this is a really difficult time," she said. I want you to know that as a parliament and as a government, we stand with you. You are entitled to keep your health information private and what has occurred here is morally reprehensible and it is criminal." 

Meanwhile, David Koczkaro, CEO at Medibank requested the public to not seek out the files, which contain the names of policyholders rather than patients. 

"These are real people behind this data and the misuse of their data is deplorable and may discourage them from seeking medical care," he said. Koczkaro also apologized for what he called the "malicious weaponization" of personal data. 

Additionally, the Australian government has defended the insurer's decision to not pay the ransom. Both have warned that more releases of customer information are expected. Prime Minister Anthony Albanese has said that he is also a Medibank customer. 

The Medibank hack follows a string of unrelated cyber assaults against Australian organizations in recent weeks and months, as customer data have come under siege from hackers. 

Earlier this year in September, Australia's second-largest telecommunications firm Optus was also targeted for extortion, after the private information of nearly 10 million customers was siphoned in what the firm called a cyber-attack. The attackers also targeted supermarket chain Woolworths, and Australian Federal Police classified documents, which exposed agents working to stop international drug cartels.
Read more »
real estate agency
Australia Data Breach Data Theft Harcourts real estate agency

Harcourts Real Estate Agency Suffered a Data Breached


Australian real estate agency Harcourts confirmed that it has suffered a data breach last month at its Melbourne city office which potentially exposed the credential of tenants, landlords, and tradespeople. 

The agency wrote to its customers that its rental property database has been trespassed by an unknown third party without authorization.

Furthermore, on Thursday Harcourts said that the breach took place when the account of a representative at service provider Stafflink, which provides the franchisee administrative support, was attacked, and accessed by a third party.

"We understand the unauthorized access occurred because the representative of Stafflink was using their own device for work purposes rather than a company-issued (and more secure) device," it said in a statement.

The agency learned about the attack on October 24 in an email sent to customers has confirmed. According to the email circulated online, it said that for tenants the credentials potentially breached included their names, email addresses, addresses, phone numbers, photo identification, and signatures. 

For landlords and trades, bank details as well as their names, addresses, phone numbers, email addresses, and signatures have been compromised. 

The attack came to notice after weeks when the security experts and tenancy advocates raised concerns about the potential for data breaches in the industry.

Following the attack, the chief executive Adrian Knowles said dealing with the incident was the company’s top priority. Further, he added that an investigation is going on and we are hoping we will solve the matter soon.

“We understand people will be deeply concerned and upset about this data breach. I would like to offer our sincere apologies to everyone who has been inconvenienced as a result…,” Knowles said. “…We are working together with the franchisee to ensure that all impacted individuals are advised of the incident. In addition, we are in the process of establishing complimentary credit monitoring and access to the IDCARE support service for impacted individuals.” 
Read more »
MedBank
aus Australia Cyber Attacks Cyberattacks Defense ForceNet MedBank

Australian Department of Defense Hit by Cyberattack


Department of Defense Suspects Cyberattack

The Department of Defence is afraid that the personal information of personnel, like DoB, may have been breached after a communications platform used by the military suffered a ransomware attack. 

Hackers attacked the ForceNet service, which is operated by an external information and communications technology (ICT) provider. 

The organisation in the beginning told the Defense Department no data of former or current personnel was breached.

Defense says personal info not stolen 

However, the Department of Defense believes that personal details like the date of enlisting and DoB may have been stolen, despite initial hints being contrary to what the external provider is saying. 

In a message notification to the staff, the defence chief and secretary said the issue is being taken "very seriously."

There has been a series of cyberattacks in recent times, from health insurance companies to telecommunications.

Cyberattacks on rise in recent time

Medibank earlier this week confirmed a criminal organization behind a cyber attack on its company had access to the data of around 4 million customers, some of these consist of health claims. 

In September, Optus said a cyberattack had leaked the data of around 10 Million Australian users, with a considerable amount of information stolen from around 2.8 million people.

Minister for Defense Personnel Matt Keogh ForceNet kept upto 40,000 records, saying "I think all Australians, and rightly the Australian government, is quite concerned about this sort of cyber activity that's occurring, people seeking through nefarious means to get access to others' personal data."

ForceNet involved, however IT department safe

In the email to the staff, the Defense Department was confident that the hack of ForceNet was not targeted at the IT systems of the department. 

It said "we are taking this matter very seriously and working with the provider to determine the extent of the attack and if the data of current and former APS [Australian public service] staff and ADF personnel has been impacted. If you had a ForceNet account in 2018, we urge you to be vigilant but not alarmed."

Earlier talks with the service provider hint that there is no substantial proof that data of former and current ADF Personnel and APS staff personnel have been breached. 

It said, "we are nevertheless examining the contents of the 2018 ForceNet dataset and what personal information it contains."




Read more »
User Privacy
Australia Data Breach Data hack Healthcare Industry User Privacy

Why Australian Healthcare Industry is Becoming a Lucrative target for Cyber Criminals

 

Data breaches are rising across Australia’s healthcare industry faster than many others. Hackers are lured by healthcare’s large attack surface, which includes sensitive and time-critical information. 

According to the latest research from Darktrace, cyber-attacks targeting the health and social care sector in Australia doubled in 2021 compared with data from 2020, and the industry is still the most attacked in Australia in 2022. 

Over the past month, Australians learned the scale of two major health data breaches, with some patients' private data — including bank details and test results — published on the dark web. 

Last week on Thursday, pathology firm Australian Clinical Labs (ACL) disclosed its subsidiary Medlab, which carries out COVID-19 testing and other services, suffered a data breach eight months ago in February and since then it had discovered the data of 223,000 individuals were stolen. 

The same week, Medibank Private also revealed had accessed the data of at least 4 million customers, including their health claims. 

Why hackers are targeting healthcare?


The goal behind the Optus breach in September was crystal clear as it was a human error. The hack exposed the data of nearly 10 million Australians, including driver’s licenses and passport numbers. 

But the data stolen in the Medibank and Medlab hacks is more private and includes test results and diagnostic details. 

According to Peter Lewis, director of the Centre for Responsible Technology, whose data was siphoned in both the telco and Medibank Private breaches, health sector criminals are launching attacks to blackmail people, damage the firms’ reputations, or sell on the vast pools of data to other hackers. 

"There is the sense that they may try and blackmail people," he says. There is sensitive information out there, but I don’t know if that’s the game. The second is to do damage to the organization that they’ve hacked so it is potential for more damaging to Medibank than it is to any individual. But thirdly, it is true that they’ve captured that entire base of health information; maybe they’ll ... try to find ways to make value out of big pools of data."

I think a breach in the intimacy of health information could also open some people up to blackmail or make them less open with healthcare professionals. It is a smart move by hackers but whether it's going to be a sustained shift or only a shift which we've seen with these most recent cases is unclear, says Dr Rob Hosking, Chairman of the Royal Australian College of General Practitioners' technology committee.

"Nobody wants their personal, private information exposed to the public and that’s one of the risks we run with using the benefits of the internet for other things, for remote access, for transfer of information about people’s health and doing things in a much timelier fashion,” Dr. Hosking stated. “The worrying thing here is that it [health breaches] creates mistrust if people are fearful of divulging information to their practitioners; that means they may not get the care that they deserve."

Small steps 

Healthcare providers need to have an incident response plan following the discovery of a data breach. Educating staff on the common attack vectors, such as malware, viruses, email attachments, web pages, pop-ups, instant messages, and text messages, and how to discern unusual activity is essential. 

According to Dr. Robertson-Dunn, health data is expensive and difficult to manage, and sometimes it can be hard to differentiate between what should be kept, and what can be deleted. We need to re-evaluate what has to be held onto. 

"The government and organizations need to get more serious about the security of the data that they keep," he stated. They need to question if they need all of it, if it all needs to be online. If you change GP should the old GP keep your records? There’s probably an argument that maybe they should, but it is a risk. Curating health data is not easy because how do you know what you might need in the future?"
Read more »
Subscribe to: Posts (Atom)