Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Medibank. Show all posts

Australia Takes Stride In Cybersecurity Measures



In the aftermath of several high-profile cyber attacks targeting key entities like Optus and Medibank, Australia is doubling down on its efforts to bolster cybersecurity across the nation. The Australian government has unveiled a comprehensive plan to overhaul cybersecurity laws and regulations, aiming to strengthen the country's resilience against evolving cyber threats.

A recent consultation paper released by government officials outlines a series of proposed reforms designed to position Australia as a global leader in cybersecurity by 2030. These proposals include amendments to existing cybercrime laws and revisions to the Security of Critical Infrastructure (SOCI) Act 2018, with a focus on enhancing threat prevention, information sharing, and cyber incident response capabilities.

The vulnerabilities exposed during the cyberattacks, attributed to basic errors and inadequate cyber hygiene, have highlighted the urgent need for improved cybersecurity practices. As part of the government's strategy, collaboration with the private sector is emphasised to foster a new era of public-private partnership in enhancing Australia's cybersecurity and resilience.

Key reforms proposed in the consultation paper include mandating secure-by-design standards for Internet of Things (IoT) devices, instituting a ransomware reporting requirement, and establishing a national Cyber Incident Review Board. Additionally, revisions to the SOCI Act 2018 aim to provide clearer guidance for critical industries and streamline information-sharing mechanisms to facilitate more effective responses to cyber threats.

Australia's expansive geography presents unique challenges in safeguarding critical infrastructure, particularly in industries such as mining and maritime, which rely on dispersed and remote facilities. The transition to digital technologies has exposed legacy equipment to cyber threats, necessitating measures to mitigate risks effectively.

Addressing the cybersecurity skills gap is also a priority, with the government planning to adopt international standards and provide prescriptive guidance to enforce change through mandates. However, some experts have pointed out the absence of controls around software supply chains as a notable gap in the proposed policy.

Recognising our responsibility in enhancing cybersecurity, both the government and the private sector are making significant investments in information security and risk management. Gartner forecasts a substantial increase in spending on cloud security and other protective measures driven by heightened awareness and regulatory requirements.

With concerted efforts from stakeholders and a commitment to implementing robust cybersecurity measures, Australia aims to strengthen its resilience against cyber threats and secure its digital future.


Lender Latitude Customer Records Were Hacked in a Cyberattack

 


Cyber-attacks on a finance company belonging to Latitude Financial that could have compromised the privacy of more than 300,000 people may have led to the breach of more than 300,000 people's data in New Zealand and Australia. 

With Genoapay, Gem Visa, and GO Mastercard, the company also provides 28° Global credit cards, Infinity Rewards credit cards, and Low Rate credit cards. It also provides personal loans and vehicle loans through Latitude. 

Meanwhile, two Latitude service providers had been compromised and some of their personal information had been stolen. According to an announcement published by the company on the Australian share market, this affected customers across Australia and New Zealand. 

A sophisticated cyberattack has resulted in the theft of more than 100,000 identification documents including customer information. This includes 225,000 records relating to the customers of consumer lender Latitude Financial. 

It was disclosed in a statement to the market on Thursday that the majority of identification documents used by the lender were copies of motorist licenses, which are issued by companies such as JB Hi-Fi and Harvey Norman who offer personal loans and credit to their customers. 

During the last few days, the company detected unusual activity on its systems, which it said led to the investigation. 

Even though Latitude took immediate action, the attacker was able to obtain access to the login credentials of Latitude employees before it was possible to isolate the incident, the company explained. 

It appears that the attacker obtained personal information from two other providers of services by using employee login credentials provided by employees of the third company. 

A series of hacks have occurred on Australian companies over the past few months, including hacks on Optus and Medibank, among others. This is the latest in this series of attacks. 

The all too common case of massive data breaches that exposed the personal details of their customers has led to legal action being taken, or at least being considered, by several law firms against the telcos and health insurers. 

According to a recent study by Professor Alex Frino of the University of Wollongong, many Australian listed companies weren't alerting their shareholders to serious cyber-attacks when they were facing serious cyber-attacks.   

During the ten years covered by the study, 11 of the 36 cyber-attacks that were reported by the media against listed companies remained unreported to the market initially, according to the study released last month. 

Since the mandatory data breach notification scheme was implemented in late 2014, it has received 853 notifications as the scheme has been in place for four years. Many cases are never publicly announced. 

There have been suspensions of Latitude's share trading sessions as the lender attempts to contain the incident as much as possible. 

According to Latitude, the company is taking immediate action to notify the affected customers and apologizes to those customers. 

In response to this attack, Latitude continues to respond and is doing everything it can to contain it and prevent further data theft from taking place, including isolating and blocking access to some of the systems and data that are directly used by customers and internal employees.

A former CEO of Australia Post, Ahmed Fahour leads Latitude. In August, he will be retiring from the company as he will be stepping down at the end of the year. 

As a result of the alleged promotion of no-deposit and interest-free payments for goods in the lender's advertisements, Harvey Norman and the corporate regulator are currently facing a lawsuit from the corporate regulator.

As a result of the ads allegedly failing to disclose that Latitude credit cards were required for purchases and that fees would apply, the Australian Securities and Investment Commission believes them to be misleading. As part of its cooperation with the regulator, Latitude announced in a statement.   

Australia's OAIC Confirms Substantial Increase in Data Breaches

According to the Office of the Australian Information Commissioner's (OAIC) most recent report on notifiable data breaches, there was a 26% rise in breaches in the second half of 2022, including many significant breaches that affected millions of Australians.

The OAIC reports that cyber security incidents led to 33 out of the 40 breaches affecting more than 5,000 Australians. In the first half of 2022, there were just 24 significant breaches.

Massive data breaches at Optus and Medibank in the second half of 2022 exposed the personal data of about 9.8 million and 9.7 million people, respectively.

Large-scale breaches naturally garnered a lot of attention, although only 62% of reported breaches had an impact on more than 100 persons.

In total, malicious or criminal attacks accounted for 70% of data breaches. Human error, which most frequently manifests itself in the form of sending emails to the wrong recipient, closely followed by unintended release or publication, and failing to use BCC when sending emails came in third place, accounting for another 25% of data breaches.

In the December quarter of 2022, Australia's gross domestic product increased by just 0.5%, a dramatic fall from the December quarter of 2021 when lockdowns in Sydney and Melbourne were lifted. Despite migrant arrivals increasing by 171% to 395,000 from 146,000 in 2021–22, the GDP per capita—or the economic output for each individual—remained unchanged.

The Commonwealth government responded, in part, by toughening the penalties under the Privacy Act and giving the Australian Information Commissioner more authority to enforce it. It also started a review of the Act. One of the suggestions is to eliminate the Privacy Act's small business exemption, which presently excludes the majority of companies with annual sales of up to A$3 million, but only after an impact review and other criteria have been completed.









Rise of Cyber Insurance Due to Hackers



The new technologies used by hackers to invade victims’ systems are becoming a concern for organizations and companies. Many organizations are providing cyber insurance to protect the data of users and businesses. 

Australian companies are investing more than $800 million in cyber insurance in the next two years. This is a part of their strategy to create the protection of the companies and safeguard them from malicious attackers. The government has also put up higher penalties in case of breaching data.

The malware attacks on Optus and Medibank caused great harm to their financial building. Macquarie Research proved that there has been an increase in investment by companies to safeguard themselves against such attacks. 

The analyst of the investment bank evaluated that the premium cyber insurance had doubled since 2020 to $840 million this year in Australia. They also added in the report that this number will rise to $815 million by 2024. 

Cyber insurance is comparatively an unpopular market, and it is still a smaller market than other insurances. However, a rise in cyber insurance demand has been noticed by analysts which is complemented by an increasing need for cyber protection. 

In one of the reports, the analysts explained that attacks on Medibank and Optus will increase the number of cyber insurances. Currently, 68% of the ASX 200 companies have already bought cyber protection. 

It is expected that there could be further significant price increases across all industries over the next 12-24 months in response to the proposed backdating of higher fines in Australia. 

Analysts believe that the majority of costs incurred by companies as a result of a cyberattack are legal and consulting expenses to rebuild their technology. This is besides fines and ransoms when a company is attacked. The research found that, despite previous warnings for boards to pay more attention to cyber risks, rating agencies still did not pay enough attention to the same when assessing companies' environmental, social, and governance (ESG) risks. 

In other words, "Data is the new coal - once the greatest asset on the balance sheet, it is now the greatest contingent liability on that balance sheet," said a recent study. 

Additionally, there has been a breach of data at a shopping website owned by Woolworths over the last month. This is in addition to the hacks of Optus and Medibank. In the past week, there has been an attack on the Smith Family. 

Insurers may be able to absorb the losses incurred as a consequence of the Optus and Medibank attacks without the need to increase premiums, according to Ben Robinson, placement manager at insurance broker Honan. Despite these incidents, the head of the insurer said companies should pursue cyber risk management to deal with the challenges of the digital age. 

According to Robinson, who practices cybersecurity risk management as part of his firm's corporate consulting services, compliance requirements are getting tighter as they try to reduce vulnerabilities. His clients range in size from $250 million to about $3 billion in market capitalization. 

Moreover, Macquarie's research indicated that insurers were "dramatically" altering their risk appetite, with some insurers declining to quote for companies that were not equipped with the correct controls, and others declining to offer them quotes in the first place. 

The analysts also pointed out that smaller organizations could have difficulty getting adequate cyber protection by relying on local insurers. This is because only half of those on the local market offer cyber products to small and medium businesses, as their survey indicates. 

A small amount of cover is provided by ASX-listed insurers in the cyber insurance market, though Macquarie’s analysts believe that Insurance Australia Group and QBE will be looking at ways of gaining a small amount of market share shortly. 

According to a spokesperson for QBE, "cyber insurance constitutes a small fraction of the company's global business, and it has traditionally not been a focus for the company. However, as a priority, meeting the needs of our customers is crucial, and we need to make sure that our products are designed to address these needs." 

IAG offers small and medium-sized businesses cyber insurance through its brands CGU and NRMA, which are available through its Insurance division. It has, however, been reported that demand for the company's products has not significantly increased as a consequence of the attacks on Optus and Medibank.

Deutsche Bank Denied Despite Data Sold on Telegram

The hacking gang that breached Medibank's systems may also be the hackers who are providing access info to Deutsche Bank's systems on the darknet. As a result, there has been a significant attack on Deutsche Bank. 

Malicious actors (0x dump) are allegedly selling internet access to the network of the large international investment bank Deutsche Bank after claiming to have hacked it. The bank's internal networks appeared to be available for sale on Telegram by an initial access broker, but Deutsche Bank has denied that its systems have been compromised (IAB). 


Data Breach Incident

Hackers said, "We are offering further network access of a specific bank, We have DA (direct access), the domain contains about 21 k workstations set primarily with Windows."

The notice was placed next to an image of the Frankfurt headquarters of Deutsche Bank with the Deutsche Bank emblem overlaid on it. 

One of several experts to disclose the revelation made by the initial access broker on Telegram was the security researcher Dominic Alvieri. 

The IAB asserts access to some 21000 Windows-based machines on the bank's network. It further states that a Symantec EDR solution with 16 terabytes of data was used to defend the hacked devices.

Access to 7.5 Bitcoin from the Deutsche Bank, valued at about $156,274, is being made available by the IAB. 

According to ransomware researcher Dominic Alvieri, Ox dump is the same broker who provided access to Medibank's systems, the Australian health insurance company that had 9.7 million client and employee details stolen last month.

Personal information exposed in the data breach includes names, addresses, dates of birth, phone numbers, email addresses, Medicare numbers for clients, and occasionally passport numbers for our overseas students. It also includes some information about health benefits.

According to Lawrence Abrams of Bleeping Computer, it is not the same hackers who took the data from Medibank, rather, it is a suspected initial access broker. However, it might be the same individual who provided the ransomware gang with access to the network.

Medibank's Hackers will be Hacked in Australia

 


Threat actors behind the Medibank hack that compromised nearly 10 million customers' private information are being hunted by the Australian government, cyber security minister Clare O'Neil said. 
A hack on Medibank's computer, which was attributed to Russian cybercriminals, was announced by the Australian Federal Police on Friday afternoon. 

AFP identified Russian criminals as the culprits without contacting Russian officials before the public announcement, as the embassy in Australia has expressed disappointment that the AFP has identified Russian-based criminals as the culprits without contacting Russian officials. 

In the statement released by the Consulate on Friday evening, the consulate mentioned that it encouraged the AFP to promptly contact the respective Russian law enforcement agencies to seek assistance. 

Combating cybercrime that adversely affects the lives of citizens and damages businesses is a complex task that demands a cooperative, non-political and responsible approach from all members of the international community. 

It was announced on Saturday that the Australian Federal Police (AFP) and the Australian Signals Directorate (ASD) have signed an agreement on the creation of a comprehensive policing model which will take into account both the Optus and Medicare data breaches and effectively deal with the criminals behind them. 

"Around 100 officers from these two organizations will be a part of this joint standing operation, and many of these officers will be physically co-located with the Australian Signals Directorate," she said.

As Ms. O'Neil pointed out, officers report to work every day of the week. The goal is to deal with these gangs and thugs in the most effective manner possible. 

Ms. Saunders explained, With this partnership, the Australian Government has formalized a standing body which will be responsible for the day-to-day pursuit and prosecution of the con men responsible for these malicious crimes against innocent people and who will, day in and day out, hunt them down. 

A group of the smartest and most determined people in Australia will be collaborating to track down the hackers. 

A New Permanent Policing Model 

In a statement, Attorney General Mark Dreyfus described the situation as "extremely distressing."

In response to the attack, the government released a statement stating that it would do everything it could to limit the impact of this horrible crime. It would also provide support and comfort to the families and friends of those who are affected. 

Dreyfus said in his remarks that the updated partnership between the AFP and the ASD aimed at fighting cyber criminals will be a permanent and formal agreement. 

The AFP, he explained, works full-time on this issue, and they are working with international partners, such as the FBI, which has done great work on this problem, with the assistance of their international partners, including the United Nations. 

As part of the investigation, AFP Commissioner Reece Kershaw on Friday said officers were also working with Interpol to track down the perpetrators of the crime. 

"We know who you are," he said. In the area of bringing overseas offenders back to Australia to face the justice system, it has been noted that the AFP has been doing a good job on the scoreboard. 

A Review of Australia's Diplomatic Relations With Russia is Currently Taking Place

There will be no slowdown in the work of the national security agencies because diplomatic channels with Russia will remain open concerning extradition, according to Mr. Dreyfus. 

According to the president of the Russian Federation, Russia should do all that it can to protect its citizens from engaging in these kinds of crimes, while within its borders. 

In a statement, Mr. Dreyfus said that his government is taking a close look at the options available to it. This is because it wants to maintain Russia's diplomatic profile in Australia. 

In regards to our diplomatic channels, we would like to maintain them as long as they are appropriate for our national interests. However, diplomatic profiles must always be consistent with that. 

A spokesman for the opposition's cyber security wing, James Paterson, said that the disclosure could have broad implications for Australia's Magnitsky regime. Those who violate the law are subject to this.

With the passage of the regime with bipartisan support, which was passed with the support of the Republican and Democratic Parties, it becomes possible to impose targeted financial sanctions and travel bans in response to serious corruption and significant cyberattacks. 

At a press conference earlier today, Prime Minister Albanese told reporters he was dismayed and disgusted by the actions of those who committed this crime. He authorized AFP officials to release the details as a matter of public interest. 

In the recent past, hackers have released more information about some of the medical records of their customers on the dark web, including information about abortions and alcoholism. 

A ransomware attack was carried out by a criminal group targeting Medibank's data, which resulted in close to 500,000 health claims, along with personal information, being stolen. 

There are several mental health and other support services available through Medibank's Resources Page, which is available to affected customers.

Medibank Data Breach: Hackers Threaten to Release Data Within 24 Hours


Australian health insurance company, Medibank announces that it would not be fulfilling the ransom demands of the threat group or individual involved in the mid-October data breach. The insurance company confirmed this less than a day after the breach. The threat actor, claiming to have possession of the data is now threatening the company to release it within 24 hours if the ransom demand is not made. 

A day before this announcement, on November 7, Medibank confirmed that its 9.7 million current and former customers had their basic personal data accessed by hackers. The victims include 5.1 million Medibank customers, 2.8 AHM and 1.8 million international customers. 

The accessed data involved victims’ names, date of birth, addresses, phone numbers and email addresses. 

Medibank adds that along with the personal information, the hackers had access to the health claims data for 16,000 of its customers, 300,000 AHM customers and 20,000 international customers.

For the first time, Medibank confirmed they believed that the data was not just accessed but could have been taken by the criminal or criminals involved. The health insurer yesterday said it would not pay any ransom to the hackers. Medibank made a public statement, refusing to be paying the ransom demand. 

In the message, the supposed hacker quotes Confuscious, implying Medibank is making a "mistake" by not paying the ransom. The malicious actor then said that they would release the data within the next 24 hours, and advised readers to "sell Medibank stock". 

Around midnight, the threat actor or group posted a ransom demand to its dark web blog, “data will be public [sic] in 24 hours.” “P.S. I recommend to sell Medibank [sic] stocks,” the post further read. 

By the close of trade on Tuesday, the insurance company’s shares went down by 21 percent from AU$3.51 to AU$2.78 in the last three weeks, following the announcement of the data breach. 

Medibank called the threat to release the data “distressing developments.” 

Following the data breach, David Koczkar, CEO of Medibank, apologized to those affected, saying that "We unreservedly apologize to our customers. We take seriously our responsibility to safeguard our customers and support them. The weaponization of their private information is malicious, and it is an attack on the most vulnerable members of our community."  

After the threat surfaced, Medibank contacted its customers, warning them of possible scam and direct phishing attacks. The company also urged all those who were victims of cybercrime or had been contacted by someone claiming to have their data to report it to the Australian Cyber Security Centre. 

Moreover, Medibank continues to work with the Australian Government, along with the Australian Cyber Security Centre and the Australian Federal Police to investigate the cyberattack and prevent the leak and selling of its customer's stolen data.  

Data Breach: Victoria Launches Investigation, Attack Impacts Families Across Australia


Government launches investigation for data breach

The Victorian government has launched an investigation into a possible data breach that could have impacted thousands of families across the state. 

Investigators are working to find out if a cyberattack on a tech company used by the Victorian government has hit people. 

PNORS Technology Group, which works with various state departments like the Department of Education and Training, was attacked by threat actors recently. 

Who is impacted?

The attack might have leaked medical records and answers for The School Entrant Health Questionnaire (SEHQ), which is filled out by every family in the state. Premier Daniel Andrews said it is not clear whether any personal information has been leaked. 

"It's not determined yet, it's not definitive, but there's the potential for a breach," he said to the media on Saturday. 

"They're working through that around the clock, and they're doing that job well. As soon as we have confirmation of anyone's records being compromised, then we will make a statement, and we'll work with any of those people."

The Department of Premier and Cabinet in a joint effort with PNORS Technology Group is meaning the extent of the information breach and to prevent similar attacks in the future.

What next?

The Victorian government's Cyber Incident Response Service has been informed and is taking needed action. Protecting Victorian systems and data is its top priority, it says. 

The cyberattack comes after a recent high-profile compromise of Optus and Medibank, where threat actors stole data from millions of Australians. 

What is the veteran card pledge?

Also last Sunday, the state government announced a $37 million election pledge for the Victorian Veteran Card as a help for veterans during the cost of living crisis. 

Over 90,000 veterans across Australia are entitled to a $100 discount on the registration of one vehicle, plus free public transport on Remembrance Day and Anzac Day. Veteran Minister Shaun Leane said the state government would raise assistance for veterans if it wins the November 26 election. 

He said: "Veterans' contributions don't end when they leave the defense force. Only Labor will support them to retrain and reskill because they still have so much to give to our community."

The statement comes following Mr. Andrews' address to the questions regarding his role in awarding two grants worth $3.4 Million to the Health Services Union in 2018. 

The statement read: 

"Regardless of any smear, innuendo, or media reporting based on anonymous sources, the only IBAC matters I will comment on are those that are the subject of a final report, as is appropriate and has always been my practice. Questions about what IBAC is or is not doing are a matter for the independent agency. I act appropriately at all times and in all things. That is the oath I swore, and I take it very seriously."

Cyber-Attackers Claim to Have Accessed Customer Data at Medibank Australia

 


According to Medibank, which covers one in six Australians, an unidentified person notified the company that some 200 gigabytes of data had been stolen. This included medical diagnoses and medical treatments, as part of a theft that began a week earlier when the company disclosed a theft of 200 gigabytes of data.

As far as the number of its 4 million customers who may have been affected, the company did not provide information. However, it warned that the number is likely to rise as the issue unfolds. It was announced by the Australian Federal Police that they had opened an investigation into the breach, but that they had no further comments to make.

An Australian newspaper report has warned that the data of at least 10 million customers may have been stolen. This adds a heightened layer of intrigue to a wave of cyberattacks on the country's largest companies since No. 2 Telco Optus, owned by Singapore Telecommunications Ltd, revealed a month ago that the data of ten million customers may have been stolen. 

The majority of public commentary has so far focused on the possibility that hackers could gain access to bank accounts if they steal data or used identity theft to gain access to personal information. An article in the Sydney Morning Herald stated that it received a message from a person claiming to be the Medibank hacker threatening to publish medical records for high-profile individuals without receiving any payment until the hacker has been paid for his or her work.

Currently, the Melbourne-based security company is working with several cyber-security firms and has also contacted the Australian Cyber Security Centre (ACSC), which is the government's lead agency for cyber security.

"This is a situation where we have very sensitive information regarding healthcare and that information, if made public by itself, could cause severe harm to Australians, and that is why we at the Australian Broadcasting Corporation are so actively involved with this," said Cybersecurity Minister Clare O'Neill in an exclusive interview with the ABC.

As cyber security experts pointed out, it was unclear whether the three disclosures on data breaches were related to a single incident. This is because these attacks were diverse. However, the perceived publicity generated by the Optus attack may have drawn public attention to the hacker networks created by this company.

"When there is the highly visible breach, such as what happened to Optus in Australia, then hackers take notice of it and think they are planning to try to see what I can get away with down there," said the executive editor Jeremy Kirk for Information Security Media Group, one of the leading cybersecurity specialist magazines out there.

Interestingly, more than 2.2 million shoppers get their bargains on a bargain website that is used by Optus rival Telstra Corp Ltd. which on Tuesday disclosed an issue with employee data breaches, while Woolworths Group Ltd on Thursday said an unidentified party gained unauthorized access to the customer database of that site.

It has been well documented that high-profile data breaches demonstrate how crucial it is to use multi-factor authentication at every level of a company's network - i.e. when the person uses an authentication code sent to a separate device to log in - to prevent data breaches, according to Sanjay Jha, chief scientist at the University of New South Wales Institute for Cybersecurity.

Jha told Reuters over the phone that, although they have implemented such controls for end users, they should have even tougher controls for internal servers, since server security is a major concern.

"Continuous authentication is necessary for people not to log in and leave after logging in and leave forever, allowing attackers to access your computer and compromise it." Jha continued.

Founder and chief intelligence officer of F5, Dan Woods, a former FBI cyberterrorism investigator, commented that Australia had "undoubtedly endured its most difficult few weeks from a cybercrime perspective, but on the positive side, it's been a wake-up call for the country, one that it may have needed."