Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label BCC Attack. Show all posts

Australia's OAIC Confirms Substantial Increase in Data Breaches

According to the Office of the Australian Information Commissioner's (OAIC) most recent report on notifiable data breaches, there was a 26% rise in breaches in the second half of 2022, including many significant breaches that affected millions of Australians.

The OAIC reports that cyber security incidents led to 33 out of the 40 breaches affecting more than 5,000 Australians. In the first half of 2022, there were just 24 significant breaches.

Massive data breaches at Optus and Medibank in the second half of 2022 exposed the personal data of about 9.8 million and 9.7 million people, respectively.

Large-scale breaches naturally garnered a lot of attention, although only 62% of reported breaches had an impact on more than 100 persons.

In total, malicious or criminal attacks accounted for 70% of data breaches. Human error, which most frequently manifests itself in the form of sending emails to the wrong recipient, closely followed by unintended release or publication, and failing to use BCC when sending emails came in third place, accounting for another 25% of data breaches.

In the December quarter of 2022, Australia's gross domestic product increased by just 0.5%, a dramatic fall from the December quarter of 2021 when lockdowns in Sydney and Melbourne were lifted. Despite migrant arrivals increasing by 171% to 395,000 from 146,000 in 2021–22, the GDP per capita—or the economic output for each individual—remained unchanged.

The Commonwealth government responded, in part, by toughening the penalties under the Privacy Act and giving the Australian Information Commissioner more authority to enforce it. It also started a review of the Act. One of the suggestions is to eliminate the Privacy Act's small business exemption, which presently excludes the majority of companies with annual sales of up to A$3 million, but only after an impact review and other criteria have been completed.









Banca di Credito Cooperativo Bank Suffers a Major Cyber Attack

 

A suspected cyber-attack by hackers has paralyzed the operations of the 188 branches of the Banca di Credito Cooperativo (Bcc) in Rome, one of the largest Italian cooperative credit banks. Yesterday morning, during the daily security checks, the institute’s experts discovered a security loophole, which reduced the possibility of carrying out normal operations at the institute’s counters.

Threat actors targeted the internal network 

According to an unofficial source, a component of the IT infrastructure of the Bcc showed traces of activity not attributable to normal operation in some servers and internal workstations. To allow controls and secure the network, security experts isolated this piece of infrastructure. But this caution reduced the operations at the branches for 24 hours: the portals continued to work, but customers who showed up for withdrawals, deposits, and more struggled to be identified and supported at the branches.

Execution of the backup plan 

The institute would be examining the incident with its IT security experts, to be able to say in the next few hours whether it was a telematic attack or a simple technical malfunction. However, the bank announces that as of today, operations at the branches have been fully restored, by virtue of the activation of the emergency plan, which provides for analogue integration to digital deficiencies that could last for the whole week. Meanwhile, the DarkSide ransomware gang has taken responsibility for the attack.

In the afternoon the Bcc of Rome released a note, according to which “the technical malfunctions did not affect the information system in the strict sense, and the home banking systems, payment cards, and ATM services are all fully operational today”. 

The institute also points out that “today the agencies are regularly open to the public and the technical problems that affected their operations are in the final resolution phase, which will be gradually restored from Monday 3 May” for those who go to the branch. While, for what seems a paradox since it is a cyber-attack, “home banking services can be regularly used from PCs or smartphones and through them it is possible to carry out all information and dispositive operations”.