Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Australian Government. Show all posts

Australian SMBs Faces Challenges in Cyber Security


The internet has turned into a challenge for small to midsize businesses based in Australia. In addition to the difficulty of implementing innovative technology quickly and with limited resources because of the rate of invention, they also face the same cyberthreats that affect other organizations. Then, as 60% of SMBs close following a breach, companies that are breached are likely to fail later.

This has raised concerns of the regulators. 

According to a recent report by ASIC, ‘medium to large’ business firms are recently been reporting severe cyber security capabilities in comparison to other organizations, including supply chain risk management, data security, and consequence management.

In response to the aforementioned threats, the Australian government has announced an AU $20 million package to boost small businesses. An optional cyber "health check" program is being established as part of this to assist small business owners in assessing the maturity of their cyber security. A Small Business Cyber Resilience Service, which will offer a one-on-one service to assist small firms in recovering from a cyber assault, will also receive $11 million of the package. 

This initiative will focus on areas where SMBs are the most vulnerable. However, small firms will also need to take it upon themselves to place a lot greater emphasis on resilience than they have been doing in the face of growing cyber threats. 

The Risk in Numbers 

The ASIC research analysis found that small businesses are only slightly more effective than half of their medium and big counterparts in several areas, such as identifying threats and overcoming them.

The significant percentages of small businesses are as follows:

  • Do not follow or benchmark against any cyber security standard (34%).
  • Do not perform risk assessments of third parties and vendors (44%).
  • Have no or limited capability in using multi-factor authentication (33%)./ Do not patch applications (41%).
  • Do not perform vulnerability scans (45%). Do not have backups in place (30%).

The Cost to Small Business

The Annual Cyber Threat Report 2022-23 published by the Australian Signals Directorate reveals that the average cost of cybercrime has increased by 14% over the past year. Small firms paid $46,000, medium-sized organizations paid $97,200, and bigger enterprises paid $71,600.

Of course, that is a financial burden for any business, but it seems to be especially harmful for SMBs. Approximately 60% of small firms that experience a breach ultimately go out of business as a direct result of it.

These organizations face a real existential threat from cyber security. Even those who manage to escape the breach's direct costs still have to deal with the harm to their reputation, which can cost them partners and customers as well as short-term cash flow. In the best-case scenario, a cyberattack "just" prevents the small business from expanding and growing.

What can Small Businesses do? 

After identifying the restrictions on resources available to small businesses, the ASD and Australian Cyber Security Centre have designed the Essential Eight, a set of best practices for security and small enterprises. These are as follows:

  • Creating, implementing and managing a whitelist of approved applications. 
  • Implementing a process to regularly update and patch systems, software and applications.
  • Disabling macros in Microsoft Office applications unless specifically required, and training employees not to deploy macros in unsolicited email attachments or documents. 
  • Securing the configuration of web browsers to prevent harmful content, hence hardening user applications. Keeping browser extensions up to date and only using those that are required.
  • Restricting administrative privileges to those who need them. 
  • Configuring operating system patching through automatic updates.
  • Using strong, unique passwords and enabling multi-factor authentication. 
  • Isolating backups from the network and performing daily backups of important data.  

Australia's Cyber Strategy: No Ransomware Payment Ban

Australia has recently unveiled its new Cyber Security Strategy for 2023-2030, and amidst the comprehensive plan, one notable aspect stands out – the absence of a ban on ransomware payments. In a world grappling with increasing cyber threats, this decision has sparked discussions about the efficacy of such a strategy and its potential implications.

The strategy, detailed by the Australian government, outlines a sweeping resilience plan aimed at bolstering the nation's defenses against cyber threats. However, the decision not to ban ransomware payments raises eyebrows and prompts a closer examination of the government's rationale.

According to reports, the Australian government aims to adopt a pragmatic approach to ransomware, acknowledging the complex nature of these attacks. Instead of an outright ban, the strategy focuses on improving cybersecurity, enhancing incident response capabilities, and fostering collaboration between government agencies, businesses, and the wider community.

Critics argue that allowing ransom payments may incentivize cybercriminals, fueling a vicious cycle of attacks. The concern is that paying ransoms may encourage hackers to continue their activities, targeting organizations with the expectation of financial gain. In contrast, proponents of the strategy contend that banning payments may leave victims with limited options, especially in cases where critical data is at stake.

Australia's decision aligns with a growing trend in some parts of the world where governments are grappling with finding a balance between protecting national security and providing victims with avenues for recovery. The approach reflects an understanding that rigid and one-size-fits-all policies may not be effective in the ever-evolving landscape of cyber threats.

The new Cyber Security Strategy also emphasizes the importance of international cooperation to combat cyber threats. Australia aims to actively engage with international partners to share threat intelligence, collaborate on investigations, and collectively strengthen global cybersecurity.

Australia's experiment with a more nuanced approach to ransomware payments is being watched by the whole world, and the results will probably have an impact on how other countries formulate their cybersecurity laws. The continuous fight against cyber dangers will depend on finding the ideal balance between deterring illegal activity and helping victims.

In contrast to other nations that have taken more restrictive measures, Australia has decided not to outlaw ransomware payments in its new Cyber Security Strategy. In light of the always-changing cybersecurity landscapes, it underscores the significance of a comprehensive, cooperative, and flexible approach and demonstrates a practical recognition of the difficulties presented by cyber attacks. The future course of international cybersecurity regulations will surely be influenced by this strategy's success.

Australia's OAIC Confirms Substantial Increase in Data Breaches

According to the Office of the Australian Information Commissioner's (OAIC) most recent report on notifiable data breaches, there was a 26% rise in breaches in the second half of 2022, including many significant breaches that affected millions of Australians.

The OAIC reports that cyber security incidents led to 33 out of the 40 breaches affecting more than 5,000 Australians. In the first half of 2022, there were just 24 significant breaches.

Massive data breaches at Optus and Medibank in the second half of 2022 exposed the personal data of about 9.8 million and 9.7 million people, respectively.

Large-scale breaches naturally garnered a lot of attention, although only 62% of reported breaches had an impact on more than 100 persons.

In total, malicious or criminal attacks accounted for 70% of data breaches. Human error, which most frequently manifests itself in the form of sending emails to the wrong recipient, closely followed by unintended release or publication, and failing to use BCC when sending emails came in third place, accounting for another 25% of data breaches.

In the December quarter of 2022, Australia's gross domestic product increased by just 0.5%, a dramatic fall from the December quarter of 2021 when lockdowns in Sydney and Melbourne were lifted. Despite migrant arrivals increasing by 171% to 395,000 from 146,000 in 2021–22, the GDP per capita—or the economic output for each individual—remained unchanged.

The Commonwealth government responded, in part, by toughening the penalties under the Privacy Act and giving the Australian Information Commissioner more authority to enforce it. It also started a review of the Act. One of the suggestions is to eliminate the Privacy Act's small business exemption, which presently excludes the majority of companies with annual sales of up to A$3 million, but only after an impact review and other criteria have been completed.









Australian Medibank Alert Customers After Private Data Leak

The major health insurer in Australia, Medibank Private Ltd (MPL.AX), revealed on Wednesday that the hacker may leak additional stolen data if the company continues to refuse to pay the demanded ransom. 

Prime Minister Anthony Albanese acknowledged that he is one of the millions of Australian Medibank customers who may have been impacted by the most recent cyberattack, but he supported the insurer's refusal to pay a ransom.

"For some, this is incredibly difficult. It will worry me that part of this information has been made public as I am also a Medibank Private customer," said Albanese.

According to Medibank, additional Australian customers' private medical information will likely be posted on the dark web as the perpetrators of the most recent cyberattack try to put more pressure on the insurance.

A sample of customer information, which included names, addresses, dates of birth, phone numbers, and email addresses, was discovered to have been placed online on the dark web this morning. In other instances, the passport numbers of foreign students who had registered with Medibank Group's partner company ahm were also made public.

If a hacker gained access to the prime minister's personal or medical information, it is not immediately evident. According to Medibank, information on 9.7 million of both current and former clients was exposed.

Federal Cyber Security Minister Clare O'Neil stated in a statement on Wednesday that Medibank's decision to forego paying a ransom is in line with the government's recommendation. Customers that were affected were encouraged to be extremely vigilant against extortion attempts. On Wednesday, Medibank Chief Executive David Koczkar called the occurrence 'a criminal crime.'

Since September, there has been an increase in cyberattacks in Australia, with at least eight businesses reporting intrusions, including the telecom company Optus, which is owned by Singapore Telecommunications (STEL.SI).

 Optus Data Leak, Victims Lost $40k via Alleged Identity Theft

The owner of an Elsternwick eatery, whose information was made public when Optus was breached in September, had taken out close to $10,000 of his ANZ bank account.

Over $60,000 was fraudulently applied for in credit card, internet shopping, and personal loan applications. Two weeks ago, Jim Marinis became aware of a problem. He quickly learned that numerous additional cash withdrawals had been made at ANZ locations all throughout Melbourne in his name. 

After sensitive data was made available online as a result of the hack, the Australian Federal Police initiated Operation Guardian in September to protect Optus customers who were at a high risk of identity theft.

Marinis, who shares a home with his wife Mary-Jane Daffy and two daughters, has now lost approximately $40,000 due to teller withdrawals and claims things are just getting worse despite the fact that the applications for the voucher, credit card, and loan were initially granted before being canceled.

A Sydney youngster was accused in relation to an SMS hoax that demanded money from dozens of Optus customers whose data was leaked, and he appeared in court last week.

Meanwhile, a spokeswoman for Optus responded to a question about Marinis' situation by stating: "No customer payment details, including any direct debit or credit card information, nor passwords, including My Optus app logins, have been stolen in the cyberattack on Optus consumers."

Although Marinis was annoyed that a teller allegedly permitted cash withdrawals after he informed the bank of the suspected identity theft, he appreciated the efforts of ANZ's fraud team.

After the organization promised to pay for roughly 1 million new licenses for Optus customers in order to prevent them from identity theft, Marinis was also disappointed that VicRoads had not yet updated his license. 


Australian Government Plans Privacy Overhaul after Attacks on Multiple Organizations

 

Two weeks after the Medibank hack, the Australian government has decided to introduce legislative reforms on cybersecurity regulation that would increase penalties for companies that fail to guard customers’ personal data. 

Australia’s largest health insurer said on Wednesday a hacker accessed the data of all its 4 million customers which included personal information like names, dates of birth, addresses, and gender identities, as well as Medicare numbers and health claims. 

The malicious actor claimed to have extracted nearly 200GB of files and has provided 1,000 records to the insurer to prove they have the data claimed. The hacker also threatened to leak the diagnoses and treatments of high-profile customers if the insurer fails to pay the ransom. 

According to the Health insurer, its priority was to discover the specific data stolen in relation to each customer and to share that information with those customers. 

The company had previously said the breach was thought to be limited to its subsidiary AHM and foreign students. 

“Our investigation has now established that this criminal has accessed all our private health insurance customers' personal data and significant amounts of their health claims data,” Medibank chief executive David Koczkar stated. This is a terrible crime – this is a crime designed to cause maximum harm to the most vulnerable members of our community.” 

Legislative reform 

Cyberattacks on Optus, Medibank, and MyDeal have forced the Australian government to introduce legislative reforms on cybersecurity regulation. Last month on September 21, the hackers stole the personal data of almost 10 million current and former customers of Optus, the country’s second-biggest telecom. 

Two weeks later, the hackers targeted MyDeal, an online retail intermediary that lost the data of 2.2 million customers. 

“As the Optus, Medibank, and MyDeal cyberattacks have recently highlighted, data breaches have the potential to cause serious financial and emotional harm to Australians, and this is unacceptable. Governments, businesses, and other organizations have an obligation to protect Australians’ personal data, not to treat it as a commercial asset,” Attorney-General Mark Dreyfus stated during the introduction of amendments to the Privacy Act to Parliament. 

The government is keeping a close eye on firms that collect more customer data than necessary to make money from it in ways unrelated to the services for which the information was provided. The penalties for serious breaches of the Privacy Act would increase from 2.2 million Australian dollars ($1.4 million) now to AU$50 million ($32 million) under the proposed amendments, Dreyfus added.

Upgraded Security Deal Among Japan and Australia Against Chinese Cybercrimes

 


On Saturday, a new defense cooperation pact was signed between Japan and Australia to recognize the deteriorating security situation in the region as a consequence of China's growing assertiveness.

Fumio Kishida, the prime minister of Japan, praised the advancement of relations between the two countries after meeting with his Australian colleague Anthony Albanese in Perth, Western Australia. The two nations are committed to conducting cooperative military games and exchanging more sensitive intelligence.

It expands upon a reciprocal access pact that Kishida signed with Scott Morrison, Australia's prime minister at the time, in January, which lifts restrictions on conducting joint military drills in either nation.

It is the first time Japan has reached such a deal with a nation other than the US. Japan's Self-Defense Forces will train and participate in operations with the Australian defense in northern Australia for the first time as per the agreement, as revealed on Saturday.

According to Albanese, "this major proclamation sends a powerful signal to the area of our strategic alignment" in relation to that deal. In an "increasingly hostile strategic environment," according to Kishida, a new structure for collaboration in operations, intelligence, information, and logistical support was devised.

Since the Australian leader's administration was elected in May, Kishida has met with Albanese four times. This visit is for an annual bilateral summit. Two days after the election, they first met in Tokyo at the Quadrilateral Security Dialogue meeting, also known as the Quad, which also included U.S. Vice President Joe Biden and Indian Prime Minister Narendra Modi.

It was emblematic of the close economic links between the two countries that the meeting was decided to be held in Perth, the state capital of Western Australia, which supplies much of Japan's liquid natural gas and the wheat used to make udon noodles.

According to a website maintained by the Australian government, Australia has some of the world's top five resources for vital minerals such as antimony, cobalt, lithium, manganese ore, niobium, tungsten, and vanadium.

Australia is the world's top producer of lithium, rutile, zircon, and rare earth elements, as well as the second-largest producer overall.

Since 2007, when Australia and Japan signed their first military statement, China's defense expenditure has more than doubled. Japanese jets were called into action 22 times in 2006 to stop Chinese military aircraft from entering Japanese airspace. 722 times in response to Chinese aircraft last year, Japanese warplanes had to scramble.



 Australia Imposes Corporate Fines on Cybercriminals 

 

Following two significant cybersecurity breaches that exposed millions of people to illegal activity, Australia on Saturday recommended stiffer sanctions for businesses that don't protect customer data. 

The maximum punishment for recurrent offenses will be raised from the current $1.4 million to $32 million under amendments that will be presented to the Australian Parliament, according to a report from Reuters. In addition, if a company's revenue for a given period surpassed AU$50 million ($32 million), it might be fined the equivalent of 30% of that turnover.

Big firms might be liable for penalties of up to hundreds of millions of dollars, as per Attorney General Mark Dreyfus. It's designed to elicit thought in businesses. It's intended to act as a deterrent to urge businesses to safeguard Australians' data.

Tuesday marks the first day of parliament since the mid-September recess. Unknown hackers have stolen the personal information of 9.8 million users of Optus, Australia's second-largest wireless telecommunications provider since Parliament last met. Data theft has increased the danger of identity theft and fraud for more than one-third of Australia's population.

Unknown cybercriminals claimed to have stolen 200 terabytes of customer data, including medical diagnosis and treatments and demanded ransom from Medibank, Australia's largest health insurer, this week. There are 3.7 million clients of Medibank. According to the business, the hackers have established that they possess at least 100 people's personal information.

The government worries that businesses are holding on to excessive amounts of customer data for far too long in the hopes of making money out of it in addition to failing to safeguard personal information.

In the final 4 weeks that Parliament shall meet this year, Dreyfus expects that the suggested revisions will pass into law. Any new fines won't apply retroactively and won't have an impact on Optus or Medibank.





Government in Australia issues Clop Ransomware warning to Healthcare Organizations

 

The Australian Cyber Security Center has issued a security alert for the health sector to check their barriers and defenses against potential ransomware attacks especially the Clop Ransomware that uses SDBBot Remote Access Tool (RAT).
The ACSC (Australian Cyber Security Center) wrote that they, "observed increased targeting activity against the Australian Health sector by actors using the SDBBot Remote Access Tool (RAT)." 

 The SDBBot RAT is almost exclusively used by the TA505 group, their attack technique follows phishing and spam email campaigns to infect malware but from 2019, they started using SDBBot payload as a remote way to access systems. 

 ACSC further mentioned, "SDBBot is comprised of 3 components. An installer that establishes persistence, a loader that downloads additional components, and the RAT itself. "Once installed, malicious actors will use SDBBot to move laterally within a network and exfiltrate data. SDBBot is [also] a known precursor of the Clop ransomware"

 As the Australian Government says, SDBBot is also known as a precursor of the Clop Ransomware, which in recent months have become one of the most lethal ransomware, researchers also call it "big-game hunting ransomware" or "human-operated ransomware." 

 The Clop ransomware group keep their eye on the big picture, they first choose to widen their access to a maximum number of systems, till then they hold back their playload, and only when they have reached the maximum or the whole network will they manually deploy the ransomware. This way, the organization has no way to stop the infection midway and the payout is huge in a hundred thousand dollars and if the victim fails to pay the ransom, all their data is leaked on the malware's "leak website". 

Other countries like the UK and the US also predict a potential attack by Ryuke or Trickbot and issues a similar warning some weeks back. Australian Cyber Security Centre (ACSC) also warned Australian companies in October about Emotet malware, which is used contemporaneity with Trickbot. "Upon infection of a machine, Emotet is known to spread within a network by brute-forcing user credentials and writing to shared drives. Emotet often downloads secondary malware onto infected machines to achieve this, most frequently Trickbot," the ACSC wrote. With the new alert, companies need to be very diligent in their protection and testing mechanism in order to prevent themselves from an attack.