Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Optus Breach. Show all posts

The Risks of Stockpiling Personal Data


Data is priceless, but gathering it in one place can be risky, for it suddenly becomes a resource that is tremendously valued and something that bad players, cyber criminals, or threat actors are eager to get a hold of. Particularly when businesses are storing data, more than they actually need. 

This is one of the phenomena that security agencies were aware of for a long time and has now become a critical priority for regulators and policymakers. 

In regards to this, Paul Warren-Tape, Head of Operations for ID verification leader OCR Labs Pty Ltd. says, “Looking at the Optus attack, this was a big concern because fraudsters were using stolen PII (personally identifiable information) to try and commit identity crime […] We need to understand why a telco stores copies of people’s identity documents in the first place, as to provide ongoing services they only need to know a person’s name, address and their contact details.” Warren-Take further notes that the Medibank breach is also “deeply concerning.”

“The concerns relate to organizations not having a clear understanding of their complete data footprint, including: what do they hold, should they even be holding that information, where is it held and who else is holding it, is it all secure?” 

According to Warren-Take, every organization, specifically the ones at the top of the markets, is starting to consider what is the bare minimum of the data they should retain after confirming a person’s identity.  “They’ve obviously got regulatory requirements to verify the identity of their customers. And I think they’re subsequently holding on to copies of identity documents to demonstrate they’ve performed an identity check for audit and regulatory compliance purposes.” 

“And another reason is because prior to the raft of breaches information has been perceived as wealth, not risk,” he further told. “But holding that information opens them up to be honeypots for certain attacks, and health insurance companies may not be as well versed about cyber risks as, say, the banks are.” 

Moreover, Warren-Tape notes that banks in Australia have a higher security posture, are more experienced and cyber-aware but cannot rest on their laurels, as the threat landscape is continually evolving.  

Hospitals Cautioned Against Cybercrime, Following Medibank and Optus Wake-Up-Calls


Hospital facilities in Australia have been cautioned that they are likely to be forced to pay ransoms to threat actors in order to protect patients, as the threat to cyber security grows in the wake of "wake-up call" attacks. 

In the aftermath of massive hacks that affected millions of Medibank and Optus customers, the alarming alert is at the top of the list of predictions made by cyber security experts as we are approaching year 2023. 

According to the cybersecurity firm, Palo Alto Networks, it is high time that the hospitals, government agencies and businesses start considering whether they would be paying ransom and how much they would pay. 

It’s Just the Beginning

Mohiuddin Ahmed, a senior computing and security lecturer at Edith Cowan University, asserts the sentiments. He did not only predict the increasing threats over the upcoming year, but also an increase in attacks on Australia's vital infrastructure, with "highly digitized" hospital systems among the prospective targets. 

He warns saying, it is “just the beginning” for cyber attempts and attacks. 

The recent breaches on Medibank and Optus would prompt criminals to wonder if Australia has other vulnerabilities. 

"We use lots of internet-connected healthcare devices and if those devices are hacked and remotely compromised by these cyber criminals, we'll be left in a situation where we have to pay ransom, otherwise people's lives will be at stake," Dr. Ahmed says. 

"Imagine that for senior citizens using pacemakers or any other embedded or implanted devices […] Who knows, if we do not pay attention, if we do not follow cyber hygiene, things [may] go catastrophic,” he adds. 

According to Dr. Ahmed, International threat actors are apparently targeting Australia, partly due to its affluence and partly since the COVID pandemic has increased the cost of living. 

Cybercrime: a Battlefield

Cyber security researcher Mamoun Alazab on the other hand equates cybercrime to a battlefield, saying it is a matter of time when - not if – Australia will witness data leaks, eventually affecting more people than in the Medibank and Optus data breach cases. 

The associate professor of information technology at Charles Darwin University anticipates that the government will now be better organized in terms of cyber warfare, since it has become a part of national security. 

While Cyber Security Minister Clare O’Neil announced last month of a 100-strong standing cybercrime operation, that would be put to action by the federal police and Australian Signals Directorate. Dr. Alazab warns that publicly announcing the operation could entice criminals into attempting more cyberattacks. 

"We focus so much on [Australia's] offensive operation — we need to focus on the defensive operation […] We are encouraging other … criminal groups to get together to prove us wrong, to cause more embarrassment," Dr. Alazab said.  

Another Singlet Subsidiary Faces Cyber Attack, Weeks after Optus Data Breach

 

Weeks after the data breach at the Australian telcom giant, Optus, Singapore Telecommunication Ltd, Singlet recently confirmed that its unit, Dialog has faced a cyber-attack. The attack has reportedly affected 1,000 of the company’s current and former employees and about 20 clients. 
 
A similar case of a data breach at Optus, the Australian subsidiary of Singlet took place late this September. The data breach reportedly compromised the personal data of up to 10 million customers, including present and former employees. 
 
Days after the breach, the threat actors withdrew a ransom demand of $1 million from the telecom company, describing there were “too many eyes” on the hacked data. The hackers nonetheless went ahead and leaked customer records of more than 10,000 customers, in order to prove that they actually have access to the data. 
 
“On Saturday 10 September 2022, we detected unauthorized access on our servers, which were then shut down as a preventive measure. Within two business days, our servers were restored and fully operational. We contracted a leading cyber security specialist to work within our IT Team to undertake a deep forensic investigation and continuous monitoring of the Dark Web. Our ongoing investigation showed no evidence of unauthorized downloading of the data[…]On Friday 7 October 2022 we became aware that a very small sample of Dialog’s data, including some employees’ personal information, was published on the Dark Web.” states Dialog regarding the data breach. 
 
Dialog mentioned how its systems were completely independent of Optus and IT unit NCS while assuring that there was in fact no evidence of any link between the data breaches at Dialog and Optus.  
 
"With this being the third large breach impacting the company in the last few years, it sounds like it is time to review the company's cybersecurity program because something is clearly not working," states O'Toole. 
 
"Everyone knows employees are the number one target for criminals looking to steal and compromise an organization's data, so addressing this risk must be the priority," she added. 
 
As per the CEO, one of the prominent solutions to tackle the risk is by deploying encrypted network access and segmentation tools, which encrypt employee credentials and other information so they cannot be hacked or stolen. "This closes doors on attackers, and it will significantly improve Singtel's security defenses against data breaches in the future," she added.

19-Year-Old Arrested for Using Leaked Optus Breach Data in SMS Scam

The Australian Federal Police (AFP) took a 19-year-old teen into its custody for allegedly attempting to leverage the data leaked following the Optus data breach late last month to extort victims. 

Officials said that the accused was running a text message blackmail scam, asking victims to transfer $2,000 to a bank account or they will risk getting their personal information misused for fraudulent activities. Credentials of almost 10 million customers were exposed in the Optus breach, including millions of passports, medicare numbers, and driver’s licenses. 

This attack raised questions as to why multiple organizations need to collect and store so much personal data of customers. Following the incident, the government of Australia is now considering developing a single digital identification service that businesses could use instead. However, the public is questioning this development. 

 “Within the audit’s remit is to consider how myGov can deliver seamless services that will frequently involve private enterprise service providers. This would prevent the need for citizens to provide sensitive data multiple times to multiple entities,” Shorten’s spokesperson said. 

As per the police, they have collected a sample database of 10,200 records that was posted briefly on a cybercrime forum accessible on the clearnet by an actor named "optusdata," before taking it down. 

The AFP further added that a search warrant at the home of the offender has been executed in which they have successfully seized a mobile phone used to send text messages to about 93 Optus customers.

"At this stage, it appears none of the individuals who received the text message transferred money to the account," the statement reads. 

The offender has been charged with using a telecommunication network with the intent to commit a serious offense and dealing with identification information. In both cases, the offender has to spend 10 and 7 years, respectively in imprisonment.