Category: Australia

Australia Faces Surge in Cyber Attacks in 2024

Australia has once again made headlines for its growing cybersecurity concerns, with 2024 seeing an alarming escalation in cyber attacks. In fact, the country reached a new record in which every online user was targeted by cyber attacks on a per-second basis, marking a staggering 12-fold increase from the previous year. In 2023, it was reported that one in every five users had fallen victim to these attacks.

A recent survey by Surfshark, a company specializing in VPN and security services, highlighted the severity of the situation, suggesting that Australia could soon face a major data breach crisis unless users adopt essential cybersecurity practices. The increasing use of AI-driven attacks further exacerbates the risks, making it more difficult to defend against sophisticated cyber threats.

Lee Enterprises Hit by Ransomware Attack

In another major cybersecurity incident, Lee Enterprises, a prominent news publishing company, announced earlier this month that it had been targeted by a ransomware attack. Hackers attempted to lock down the company’s databases and demanded a ransom in exchange for restoring access.

The company is still investigating the full scope of the attack and has promised to share further details once the investigation is complete. Interestingly, Lee Enterprises was also targeted by Iranian hackers during the 2020 U.S. Presidential Election, raising concerns that this recent attack could be linked to similar international cyber actors. Given the timing, it is speculated that the attackers may have waited until after the 2024 U.S. elections to strike.

Massive Hacking Campaign Infected Millions of Devices

According to research from The Shadowserver Foundation, a large-scale hacking operation involving over 2.8 million infected devices has been wreaking havoc across global computer networks. These devices, spread across various countries, have been used to launch massive waves of fake web traffic, disrupting online services.

Brazil accounts for the majority of the infected devices, with smaller numbers of devices traced to countries such as Turkey, Russia, Argentina, Morocco, and Mexico. Experts believe the devices were compromised through brute-force attacks, likely due to weak passwords used by the device owners.

Russian Hacking Group Compromises Hewlett Packard Enterprises’ Email Servers

Hewlett Packard Enterprises (HPE) confirmed that it fell victim to a cyber attack believed to be orchestrated by a Russian hacking group. The breach, which targeted the company’s Office 365 environment, began in May 2023 and continued until December 2023, before being contained.

The stolen data includes sensitive personal information, such as social security numbers, driver’s licenses, and credit card details of HPE employees, along with miscellaneous other data.

HPE suspects that the Russian hackers gained access by exploiting vulnerabilities in their Microsoft Office servers. The breach highlights the growing threat of state-sponsored cybercrime and the need for organizations to bolster their cybersecurity defenses.

The post Cyber Attack news headlines currently trending on Google appeared first on Cybersecurity Insiders.

A cyber attack targeting the database of technology service provider ZicroDATA has reportedly resulted in the leak of sensitive information pertaining to Australian visa holders. The compromised data includes full names from visa applications, phone numbers, dates of birth, driving license details, passport numbers, and aspects of medical history.

As of now, there is no evidence indicating that this leaked information has been misused. However, the breach could have far-reaching consequences for various agencies, including law enforcement, national security, emergency management, immigration, and cybersecurity, as ZicroDATA provides services to these entities in addition to the Department of Home Affairs (DHA).

Such sensitive data can potentially lead to phishing attacks, identity theft, and other social engineering tactics.

The cyber attack on ZicroDATA occurred in January 2024, and by February, some of the stolen data was found for sale on the dark web. However, the company officially reported the data breach to the DHA only in June. They noted that all visa applicants who utilized the Free Translation Service (FTS) between 2017 and 2022 were affected, while the data of other visa applicants remained secure.

Meanwhile, Monash Health, which provides healthcare services, announced in May that it had become aware of the data breach. The breach involved archival data stored on the ZicroDATA platform, covering the period from 1969 to 1993.

Michelle McGuiness, coordinator of National Cyber Security, stated that the Australian government learned of the incident in May and has launched an investigation, with results expected to be made public by mid-next month. This will help clarify the number of customers impacted by the breach.

ZicroDATA specializes in Records and Information Management, offering services that include digitizing physical documents, data storage, language translation, and data destruction since 1995. In response to the breach, the company has treated this incident as a wake-up call and has implemented measures to enhance its cybersecurity infrastructure by August 2024.

The post Australia government looses visa holders sensitive details in cyber attack appeared first on Cybersecurity Insiders.

A cyber attack targeting the database of technology service provider ZicroDATA has reportedly resulted in the leak of sensitive information pertaining to Australian visa holders. The compromised data includes full names from visa applications, phone numbers, dates of birth, driving license details, passport numbers, and aspects of medical history.

As of now, there is no evidence indicating that this leaked information has been misused. However, the breach could have far-reaching consequences for various agencies, including law enforcement, national security, emergency management, immigration, and cybersecurity, as ZicroDATA provides services to these entities in addition to the Department of Home Affairs (DHA).

Such sensitive data can potentially lead to phishing attacks, identity theft, and other social engineering tactics.

The cyber attack on ZicroDATA occurred in January 2024, and by February, some of the stolen data was found for sale on the dark web. However, the company officially reported the data breach to the DHA only in June. They noted that all visa applicants who utilized the Free Translation Service (FTS) between 2017 and 2022 were affected, while the data of other visa applicants remained secure.

Meanwhile, Monash Health, which provides healthcare services, announced in May that it had become aware of the data breach. The breach involved archival data stored on the ZicroDATA platform, covering the period from 1969 to 1993.

Michelle McGuiness, coordinator of National Cyber Security, stated that the Australian government learned of the incident in May and has launched an investigation, with results expected to be made public by mid-next month. This will help clarify the number of customers impacted by the breach.

ZicroDATA specializes in Records and Information Management, offering services that include digitizing physical documents, data storage, language translation, and data destruction since 1995. In response to the breach, the company has treated this incident as a wake-up call and has implemented measures to enhance its cybersecurity infrastructure by August 2024.

The post Australia government looses visa holders sensitive details in cyber attack appeared first on Cybersecurity Insiders.

UK Cyber Team Competition: Nurturing the Next Generation of Cybersecurity Professionals

In an effort to inspire and engage young talent in the critical field of cybersecurity, the UK government has introduced the UK Cyber Team Competition, targeting individuals aged 18 to 25. This initiative is designed to assess and cultivate the skills necessary to navigate the complexities of modern cybersecurity challenges.

The primary goal of this competition is to evaluate participants’ problem-solving abilities in key areas such as digital forensics, cryptography, web exploitation, and network security. These domains are essential for safeguarding information systems and combating cyber threats, making this competition a vital stepping stone for aspiring cybersecurity professionals.

Winners of the competition will not only receive recognition for their achievements but will also be invited to participate in collaborative projects with UK Cyber Teams. This mentorship aims to enhance their skills further and prepare them for similar competitions on an international scale, fostering a sense of global engagement in the cybersecurity community.

Additionally, it’s noteworthy that the UK Cyber Team Competition runs concurrently with the Cyber-First Girls Competition, organized by the National Cyber Security Centre. This parallel event specifically targets young girls aged 11 to 17, aiming to empower and encourage them to explore careers in technology and cybersecurity. Together, these competitions represent a concerted effort to increase diversity and representation in the cybersecurity workforce, addressing the significant skills gap that currently exists in the industry.

By promoting these initiatives, the UK government is taking proactive steps to cultivate a new generation of skilled professionals who can contribute to national and global cybersecurity efforts.

Australia’s New Cybersecurity Law: Strengthening Defenses Against Ransomware

In a significant move to enhance national cybersecurity, the Australian Parliament has passed a new law that mandates companies affected by ransomware attacks to report incidents within 72 hours to the Australian Signals Directorate and the Department of Home Affairs. The Cyber Security Bill 2024 also introduces strict cybersecurity standards for manufacturers of Internet of Things (IoT) devices, aiming to bolster the security landscape for these increasingly ubiquitous products.

Historically, IoT device manufacturers have faced criticism for failing to provide adequate security measures. Many products have been characterized by fragmented and insufficient security protocols, leaving users vulnerable to cyber threats. The new legislation, which amends the Security of Critical Infrastructure Act 2018, addresses these shortcomings by establishing clear guidelines that manufacturers must follow.

Under the new law, companies producing devices such as smart doorbells, smartwatches, and other IoT technologies are required to implement baseline security measures. This includes providing regular security updates and ensuring that each device has a unique password. Such requirements are crucial in mitigating risks associated with the widespread practice of using identical passwords across multiple devices, which can lead to significant vulnerabilities.

By enforcing these standards, the Australian government aims to create a more secure environment for consumers while simultaneously holding manufacturers accountable for the security of their products. This proactive approach not only protects individual users but also strengthens the overall cybersecurity framework in Australia, contributing to a safer digital landscape.

The post Britain Cyber Team Competition and Australia New Cybersecurity Law appeared first on Cybersecurity Insiders.

Alert for Software Developers: North Korea’s Lazarus Group Targets with Malicious Emails

A recent study by ReversingLabs has revealed that North Korea’s Lazarus Group is actively targeting software developers through a sophisticated email campaign. This campaign, part of the larger VMConnect initiative, uses deceptive job interview invitations to deliver malware, backdoors, data stealers, and data-wiping threats. The attackers have been impersonating the Capital One company logo in LinkedIn messages to increase their credibility and success rate.

Shannon Sharpe’s Instagram Account Hacked

Shannon Sharpe, the Hall of Fame NFL player with a storied 14-season career, has fallen victim to a cyber attack resulting in the hack of his Instagram account. Sharpe, who has over 3 million followers, issued a statement explaining that explicit content shared from his account was the work of cybercriminals. He urged his followers to disregard the inappropriate video and thanked them for their patience during the ordeal.

Teenager Arrested for Hack of Transport for London

In early September, Transport for London (TfL) experienced a cyber attack that led the National Crime Agency (NCA) to investigate and arrest a 17-year-old from Walsall under the Computer Misuse Act. The hack caused temporary suspensions of some TfL travel app services and website sections. The teenager, currently out on bail, will face further legal proceedings in the coming weeks.

Fortinet Faces Unauthorized Network Access

Fortinet has reported unauthorized access to its corporate network by a third party, suspected to be a ransomware attack. The breach affected servers of its software partners, impacting a portion of its Asia Pacific clientele. The company is still gathering details and will provide further updates once the situation is fully assessed.

Iranian OilRig Group Targets Iraqi Government Websites

Iranian threat actor group OilRig has recently been identified targeting Iraqi government websites with malware. According to cybersecurity firm Check Point, the compromised sites included those of the Ministry of Foreign Affairs and the Prime Minister’s office. OilRig, also known by aliases such as GreenBug, Hazel Sandstorm, Crambus, APT34, and Cobalt Gypsy, continues to be a significant cyber threat.

Australia Steps Up to Defend Pacific Islands Forum from Chinese Hackers

In response to a cyber attack on the Pacific Islands Forum Secretariat in February, the Australian government has dispatched technical teams to Fiji. With local cybersecurity expertise insufficient to counter the sophisticated, state-sponsored attacks from China, Australia’s intervention aims to bolster the region’s defenses and mitigate ongoing cyber threats.

The post Trending Cybersecurity news headlines on Google for today appeared first on Cybersecurity Insiders.

In 2018, Australia passed the Assistance and Access Act, which—among other things—gave the government the power to force companies to break their own encryption.

The Assistance and Access Act includes key components that outline investigatory powers between government and industry. These components include:

  • Technical Assistance Requests (TARs): TARs are voluntary requests for assistance accessing encrypted data from law enforcement to teleco and technology companies. Companies are not legally obligated to comply with a TAR but law enforcement sends requests to solicit cooperation.
  • Technical Assistance Notices (TANs): TANS are compulsory notices (such as computer access warrants) that require companies to assist within their means with decrypting data or providing technical information that a law enforcement agency cannot access independently. Examples include certain source code, encryption, cryptography, and electronic hardware.
  • Technical Capability Notices (TCNs): TCNs are orders that require a company to build new capabilities that assist law enforcement agencies in accessing encrypted data. The Attorney-General must approve a TCN by confirming it is reasonable, proportionate, practical, and technically feasible.

It’s that final one that’s the real problem. The Australian government can force tech companies to build backdoors into their systems.

This is law, but near as anyone can tell the government has never used that third provision.

Now, the director of the Australian Security Intelligence Organisation (ASIO)—that’s basically their FBI or MI5—is threatening to do just that:

ASIO head, Mike Burgess, says he may soon use powers to compel tech companies to cooperate with warrants and unlock encrypted chats to aid in national security investigations.

[…]

But Mr Burgess says lawful access is all about targeted action against individuals under investigation.

“I understand there are people who really need it in some countries, but in this country, we’re subject to the rule of law, and if you’re doing nothing wrong, you’ve got privacy because no one’s looking at it,” Mr Burgess said.

“If there are suspicions, or we’ve got proof that we can justify you’re doing something wrong and you must be investigated, then actually we want lawful access to that data.”

Mr Burgess says tech companies could design apps in a way that allows law enforcement and security agencies access when they request it without comprising the integrity of encryption.

“I don’t accept that actually lawful access is a back door or systemic weakness, because that, in my mind, will be a bad design. I believe you can ­ these are clever people ­ design things that are secure, that give secure, lawful access,” he said.

We in the encryption space call that last one “nerd harder.” It, and the rest of his remarks, are the same tired talking points we’ve heard again and again.

It’s going to be an awfully big mess if Australia actually tries to make Apple, or Facebook’s WhatsApp, for that matter, break its own encryption for its “targeted actions” that put every other user at risk.

The Australian government has long advised ransomware victims against paying ransoms, arguing that doing so does not guarantee receiving a decryption key and only encourages further criminal activity. However, recognizing that ransom payments might be unavoidable in some situations, Canberra is preparing to introduce legislation requiring businesses to disclose any ransom payments made to criminals.

Under the new law, which will be implemented in a digital and systematic manner, affected businesses will be required to report their ransom payments to the government. This move aims to enhance transparency and allow authorities to monitor such transactions more effectively.

Recent months have seen a significant increase in ransomware attacks targeting large telecom companies, private healthcare providers, and financial institutions. To combat this trend and aid law enforcement in tracking ransom payments, the Albanese- led government will mandate that companies disclose any such payments starting in September this year.

Previously, there were efforts to ban cryptocurrency payments to criminals by 2022. However, due to the decentralized nature of cryptocurrencies and the lack of centralized governance, enforcing a ban on blockchain-based transactions has proven challenging. Despite attempts by security analysts and international law enforcement agencies like the FBI and Europol to track these transactions using blockchain analysis tools, the increasing sophistication of cybercrime has made monitoring difficult.

To address this, the Australian government has decided to make ransom payments public. This measure aims to inform other companies about ransomware activity and strengthen their defenses against such attacks. Additionally, it will help cyber teams track and potentially seize assets converted into fiat currency, thereby tracing criminal activities through financial channels.

The Australian government hopes this new approach will be effective in curbing cybercrime and improving overall cybersecurity.

The post Australia wants companies disclose ransomware payments appeared first on Cybersecurity Insiders.

Australia’s leading financial institutions are bracing for what could be the most significant cyber attack in the history of the banking sector, with warnings issued by the top four banks. Over the past three years, these institutions have faced relentless assaults, occurring every minute of every day. This barrage has left customers vulnerable to various scams, server disruptions, and the injection of malicious code when visiting certain websites.

The National Australia Banking Group (NABG) has described these attacks as asymmetric digital warfare targeting the country’s banking sector. According to cybersecurity consultant Troy Hunt, cybercriminals have cost Australian online users an estimated $3 billion annually, a figure projected to double in the near future.

“As these attacks escalate into a form of warfare, security experts find themselves reacting to mitigate risks,” Hunt commented.

Despite concerted efforts by banks to fortify their cyber defenses, criminals continue to innovate, evading established security measures. NAB has established a dedicated customer service support unit to gather intelligence on scams and frauds, operating round the clock and handling an average of 1200-1300 crime reports annually.

The Australian Banking Association concurs with NAB’s assessment, acknowledging that financial institutions across the country are engaged in a digital battle that is ultimately impacting customers’ financial security.

In December of last year, Microsoft highlighted a rising trend in AI-driven scams, with criminals exploiting tools such as ChatGPT to clone voices or orchestrate phishing attacks, further endangering Australian businesses and financial systems.

For context, the Big Four banks in Australia—Commonwealth Bank, Westpac, National Australia Bank, and Australia and New Zealand Banking Group (ANZ)—dominate the market in terms of share, customer base, and earnings.

The post Australia looses $3 billion every year to Cyber Crime appeared first on Cybersecurity Insiders.

In response to the surge in ransomware attacks over the last couple of years, the Australian government introduced legislation in 2022 prohibiting companies from making ransom payments.

Despite this prohibition, a recent survey conducted by Cohesity, a firm specializing in AI-backed data security and management services, revealed that almost 60% of respondents acknowledged opting to pay hackers’ ransom demands. Their rationale centered on the ease of data recovery and the substantial reduction in recovery time and downtime, reaching nearly 95%.

Surprisingly, the study found that 77% of the 300 participants admitted their organizations had fallen victim to file-encrypting malware, and the situation is anticipated to worsen in 2024.

Cybercriminals demonstrate no preference for the size or scope of targeted companies, as they target both large and small enterprises with the primary goal of maximizing financial gains.

Remarkably, only 4% of respondents stated that their organizations were incapable of recovering from a cyber incident within a three-day timeframe. The majority, however, conceded that their assets remained unrecoverable unless a ransom was paid to the perpetrators of the malware.

The implications of the study underscore the imperative for Chief Information Officers (CIOs) and Chief Technology Officers (CTOs) to be well-versed in the dos and don’ts during and after a cyber attack. Failure to comply with government-mandated rules may result in legal consequences.

While some security experts argue that paying a ransom is financially justifiable when considering recovery and downtime costs during a cyber incident, there remains a crucial caveat. The scenario arises when hackers, after receiving payment, claim to have deleted stolen data only to later threaten victims with a potential data spill in the future. This raises questions about the efficacy and reliability of ransom payments as a guaranteed solution.

The post Australian companies breach no ransomware payment policy appeared first on Cybersecurity Insiders.

Hackers are believed to have successfully accessed several weeks' worth of sensitive video and audio recordings of court hearings, including one made at a children's court where the identities of minors are supposed to be particularly critical to protect. Read more in my article on the Hot for Security blog.