Bumper Summer Edition

Firstly, a happy new year to you all. We hope you had a restful break. As you may have expected, our cyber adversaries did not take a summer holiday, so we have collated the key cyber media reports and industry news (for both December and January) in one place, so you don't have to.

Summary of the “months in retrospect”:

  1. Hot on the heels of the Cyber Security Strategy (released in November), the Government published the 2023 – 2030 Australian Cyber Security Strategy: Legislative Reforms, Consultation Paper. Submissions close on 1 March, so best to get cracking if you want to make a submission.
  2. There have been some interesting developments in the sanctions space. Various governments (including our own) have specifically identified and sanctioned one of the alleged perpetrators of the Medibank cyber incident. It's great to see progress on this front, but we suspect it will have limited impact on the cybercrime threat landscape. Sanctioning one individual in this vast criminal ecosystem is unlikely to have a significant practical impact, but it does demonstrate an intention to use the sanction regime against individuals. We include some specific commentary below.
  3. International law enforcement has made some headway over the break, taking down the BlackCat dark web leak site. The response from BlackCat was no surprise (simply commencing a new dark web leak site, which was again “taken down”). The game of “BlackCat and mouse” continues…
  4. There have been a flurry of recent reports published by various cyber experts, including the Global Cybersecurity Outlook from the World Economic Forum. Always worth a read. Also, various commentators have set out their predictions for 2024. There is a pessimistic theme that runs through them all. Always risky, but we set out our predictions for 2024 below.
  5. Cyber incidents continue. We saw some sobering impacts on St Vincent's Health, Court Services Victoria, Nissan and others. We set out various articles about these below.
  6. ASIC's submission to the Inquiry into the capability of law enforcement to respond to cybercrime provides interesting reading. Some key points:
    • “ASIC is, and will continue to, assess information it receives about cyber incidents to determine whether enforcement action is appropriate where there are egregious failures”.
    • “ASIC recently led the coordinated response to a cyber incident on a regulated entity. The incident was the result of an attack through a key third party service provider… At the time, ASIC had substantial concerns that the third-party service provider may pose a systemic risk to Australia's financial services sector”.
    • “This incident highlighted the shortcomings in available mechanisms to support information sharing that enables appropriate consequence management by ASIC”.

Our predictions for 2024:

  1. Cyber related crime is likely to continue and evolve, from business email compromise, ransomware, data theft and extortion, impersonations, scams, phishing / smishing (including “quishing” through QR codes), credential stuffing, “man-in-the middle” attacks etc etc.
  2. Extortion attempts will continue. Though geopolitics (and the ransomware-as-a-service model) have created an element of unpredictability, we expect to see a continuation of ransomware / data extortion attacks. We may also see a number of our clients manage aborted or failed attempts to extort (with second and third lines of defence kicking-in). The Government has elected not to ban extortion payments for now, so this key plank of the extortion business model remains intact.
  3. While health, financial services and retail are likely to remain key focus areas, we also see increased risk for our essential services / critical infrastructure. We are yet to see an attack that has a prolonged impact on the operational integrity of critical assets. This is perhaps one of our biggest risks, more serious in many respects than a cyber incident affecting data alone.
  4. AI is the big unknown at the moment. It is moving quickly and operates on both sides of the ledger (ie corporates can also use AI tools to fight cybercrime). We wait to see how AI may change the threat landscape. Watch this space.
  5. We expect increased progress around law enforcement, including some success disrupting criminal networks. The sanctions and the BlackCat dark web leak site takedown indicate that law enforcement is making progress. We are optimistic that this progress (and these disruptions) will continue.
  6. Supply chains will continue to be one of the biggest risks for our major corporates. We also put in this bracket those intermediary firms (think MOVEit, GoAnywhere etc) who pose data risks across a large number of corporates. Also, software vendors remain a potential soft underbelly in the third-party ecosystem.
  7. Legislative reform is coming. The Australian Cyber Security Strategy is already moving ahead with some key reform consultations. Things like “secure by design” standards, ransomware reporting, limited use obligations for the ACSC and the National Cyber Security Coordinator, the establishment of a Cyber Incident Review Board. Also, SOCI Act reforms, particularly around data storage systems etc, will dominate the legislative landscape. These will certainly beat any privacy reforms to the floor of Parliament.
  8. Class actions…in the US, the class action “market” is thriving. Australia has just under 10% of the population of the US, but has a similarly thriving class action market. We think we will continue to see an upward trend of cyber class actions. As to class action mitigation, recent cases are clear examples of long tail litigation risk and class action risk mitigation is likely to become a key board level issue.
  9. Regulators are likely to play a more active role and we expect to see more enforcement action. It appears that the OAIC is becoming more active having commenced civil penalty proceedings against Australian Clinical Labs. While ASIC has rattled the cage in recent times, it is unclear how much focus they will put on cyber. In any event, a number of regulators (including the CISC) have indicated they are now moving to an enforcement phase.

News from HSF

Sanctions Tracker

HSF has provided a summary of Australia's new financial and travel sanctions commencing under the Autonomous Sanctions Amendment (Magnitsky-style and Other Thematic Sanctions) Regulations 2021. The autonomous cyber sanctions frameworks impose financial sanctions on Aleksandr Ermakov, the Russian national allegedly responsible for the cyber attack on Medibank Private. The new sanctions make it a criminal offence, punishable by up to 10 years' imprisonment and heavy fines, to provide assets to Ermakov, or to use or deal with his assets, including through cryptocurrency wallets or ransomware payments.

To read HSF's Sanctions Tracker, please visit: Sanctions Tracker

Cyber Strategy Webinar

Earlier in December, Cameron Whittfield hosted Dr Derek Bopping (ASD), Anne Templeman-Jones (Director of CBA, NSW Treasury Corporation and Cyber Security Cooperative Research Centre) and Alex Tilley (Secureworks) in an industry webinar to discuss the Australian Cyber Security Strategy 2023-2030. Over 700 participants registered for the session, which discussed a range of topics including the new six cyber shields and general observations in relation to the Strategy.

To watch the webinar, please visit: Cyber Security Strategy 2023-2030 Industry Briefing

HSF Cyber Podcast

HSF is set to kick-off our new Cyber Podcast series in late February. Our first guest is  Hamish Hansford, Deputy Secretary of Cyber and Infrastructure Security Group and acting National Cyber Security Coordinator. Hamish leads Australia's efforts to bring together cyber security and critical infrastructure policy, cyber response and coordination functions, and identity security and protection. Be sure to watch this space to stay up-to-date with our latest podcast discussions in 2024.

Australian Financial Review Cyber Summit 2024

HSF will once again sponsor the Australian Financial Review Cyber Summit in 2024. The Summit is one of the leading cyber conferences, looking closely at the needs of the business community. This year's Summit will offer insights and analysis on Australia's cyber posture in light of new regulations and the Cyber Security Strategy.

To read about last year's Summit, please visit: AFR Cyber Summit 2023

Cyber Risk Survey 2024

We're getting ready to launch our second cyber risk survey. Last year we published our inaugural  Cyber Risk Report, which provided insights from over 100 General Counsels on processes, capabilities and preparedness of Australian businesses in the event of a cyber attack. In 2024, we will once again be surveying legal leaders and looking more closely at the Australian government's Cyber Security Strategy and how organisations are managing and reducing their data footprint. The Survey is due to be released in March / April.

Regulatory and industry insights

2023-2030 Australian Cyber Security Strategy: Legislative Reforms – Consultation Paper

Department of Home Affairs – 18 December 2023

The Department of Home Affairs has released a Consultation Paper to gather perspectives on new legislative initiatives and proposed amendments to the Security of Critical Infrastructure Act 2018  (Cth) (‘SOCI Act'). The key proposed legislative endeavours include ransomware reporting obligations, establishing a cyber incident review board, standards for internet of things (IoT) devices, and use limitations on information provided to the Australian Signals Directorate (ASD) and the National Cyber Security Coordinator. Potential updates to the SOCI Act include extensions to cover data storage systems and business critical data and the introduction of consequence management powers. Submissions will close on Friday 1 March at 5:00pm AEDT. See also CSO article (20 December)

Cyber sanctions in response to Medibank Private cyber attack

Minister for Foreign Affairs – 23 January 2024

This press release confirms the identity of the hacker allegedly responsible for the Medibank cyber attack, Russian national Aleksandr Ermakov. The Government imposed the first cyber-related sanction under the Autonomous Sanctions Act 2011 against Ermakov. The sanction makes it a criminal offence, punishable by up to 10 years' imprisonment and fines, to provide assets to Ermakov, or to use or deal with his assets. See also ASD media statement (23 January),  Australian Cyber Security Magazine article (23 January) and Cyber Daily article (23 January).

UK and allies sanctions Russian cyber hacker

GOV UK – 23 January 2024

This article details that the UK and US have also sanctioned the Russian hacker allegedly responsible for the 2022 Medibank attack, with the aim of cracking down on international cybercrime. These sanctions involve asset freezes and travel bans, following the same approach used by the Australian Government under the  Autonomous Sanctions Act 2011.

China Releases Draft Measures for Cybersecurity Incident Reporting

HSF – 20 December 2023

This article examines the recent release of a consultation draft by the Cyberspace Administration of China (CAC). The consultation draft focuses on the Administrative Measures on the Reporting of Cybersecurity Incidents together with the Guidelines on Grading of Cybersecurity Incidents and the Reporting Form of Cybersecurity Incident Information. The CAC has proposed new rules that seek to mandate that internet service providers must report major cyber incidents within an hour of a potential attack being detected. According to the new guidelines, any cyber security incident that is “large, major, or particularly major” must be reported, and if the cause cannot be identified within an hour, providers are given an additional 24 hours to investigate.

Labor plan would give Home Affairs Minister powers over critical infrastructure during cyber attacks

The Guardian – 20 December 2023

This article reports on the release of a Federal Government consultation paper focused on new cybersecurity legislation and alterations to the Security of Critical Infrastructure Act 2018  (‘SOCI Act').   Changes to the SOCI Act would allow the Minister for Home Affairs to order critical infrastructure entities to take or cease certain actions during a significant cybersecurity situation. See also 2023 – 2030 Australian Cyber Security Strategy: Legislative Reforms, Consultation Paper (10 December).

Russian-led hacking group disrupted as Australian businesses regain access to critical data

Australian Federal Police – 20 December 2023

This press release discusses the AFP's involvement in shutting down dark web extortion websites controlled by the infamous BlackCat ransomware group. The AFP provided significant intelligence and data to the international investigation led by the FBI, with support from other European intelligence agencies. BlackCat is responsible for global financial losses running into the hundreds of millions of dollars including from ransom payments, destruction and theft of proprietary data, and costs associated with incident response. Australian businesses that fell victim to BlackCat attacks will receive a decryption tool to restore their systems. See also Justice Department statement (19 December) and Australian Cyber Security Magazine (20 December 2023).

Optus launches ScamWise service to track scammers

Cyber Daily – 31 January 2024

This article outlines Optus' new ScamWise tool that allows users to report malicious texts via the My Optus app. Reported messages are then analysed by the company's internal “scam team”, with those confirmed as inauthentic communications being blocked from circulating further over the network.

#StopRansomware: Play ransomware

Australian Signals Directorate – 19 December 2023

This article details the ACSC's joint cybersecurity advisory release with the US Cybersecurity and Infrastructure Security Agency and FBI on the Play ransomware gang. The Play group has been active since June 2022 and has compromised over 300 businesses in their attacks. The joint release outlines the techniques, tactics and procedures of the ransomware group who commonly employ a double extortion method. See also Australian Cyber Security Magazine article (20 December) and Cyber Daily article (19 December).

SMBs at highest risk, warns top cyber sentinel

Sydney Morning Herald – 15 December 2023

This article reports that Australian small to medium businesses are at greater risk of cyber attacks, largely due to a lack of internal resources to adequately manage cybersecurity, coupled with little expectation of an attack.

Australian Involved in $25 million Crypto Scam, Faces 20 Years Jail

Australian Cyber Security Magazine – 14 December 2023

This article confirms that an Australian is facing charges in the US after they allegedly operated a scam that saw US $25 million invested into various trading programs on the promise of high yields. The US Department of Justice alleges that AI automated trading bots were used to trade victims' investments in cryptocurrency markets. Charges facing the Australian include conspiracy to commit wire fraud, wire fraud, conspiracy to obstruct justice, conspiracy to commit money laundering, and money laundering.

How automation is buying time for SA Power Networks' fight against cyber crime

ITNews – 13 December 2023

This article details how South Australian energy distributor, SA Power Networks, has been using process automation for increased defence against cybercrime and focusing on developing its own in-house capabilities. SA Power Network's aim is to increase time efficiency in response to cybercrime and decrease their reliance on external providers.

Industry super fund sanctioned over ‘significant cybersecurity deficiencies'

AFR – 8 December 2023

This article reports that the industry super fund NGS Super has been ordered to hire external advisers to review its cybersecurity framework after APRA found “significant deficiencies in its cyber controls”. NGS Super was breached in March which resulted in substantial amounts of customer data being lost, with the fund criticised for taking 10 days to disclose the attack.

‘Far from perfect' face matching laws pass Parliament

Innovation Aus – 7 December 2023

This article discusses how Australian companies will be able to use the Federal Government's face matching systems to verify a person's identity after legislation was passed in Parliament. The Identity Verification Services (IVS) Bill establishes a legislative framework for the operation of existing identity verification services including the Face Verification Service that compares facial images against a database of State and Territory identification documents.

Australia-Papua New Guinea Bilateral Security Agreement

Department of Foreign Affairs and Trade – 7 December 2023

This release outlines key elements of Australia and Papua New Guinea's bilateral security agreement that will cover areas of defence, policing, border and maritime security, and cybersecurity. Under the agreement, the Australian and Papua New Guinean governments have agreed to share information on cybersecurity issues and promised to consult with each other in cases of cybersecurity-related developments.

CBA, Vodafone team up in SMS scam initiative

ITNews – 6 December 2023

This article reports that CBA and Vodafone have adopted a new intelligence-sharing initiative to combat the rising frequency of scam text messages. The program is currently in pilot stage allowing CBA to proactively block fraudulent transactions, while Vodafone is using the initiative to actively disrupt scammers. The announcement comes as Scamwatch reported that the total amount lost to text scams in 2023 alone was over $24 billion.

New Cyber Security Alliance

Australian Cyber Security Magazine – 5 December 2023

This article unpacks Australia's new Cyber Security Alliance focused on improving our nation's cyber resilience and capability. Led by Cisco, the Australian Cyber Collaboration Centre and several universities, the Alliance was formed to coincide with the Government's 2023-2030 Australian Cyber Security Strategy.

Cyber research and reports

Creating a Cybersecurity Report for Senior Management in 2024

UpGuard – 22 January 2024

UpGuard has laid out guidance for cybersecurity reporting of senior management while also discussing the impediments facing key stakeholders in preparing an effective report. CIOs and CISOs often struggle in compiling a clear and thorough cybersecurity report for their boards. Consequently, risk management programs routinely fall short in receiving the necessary funding required to achieve a competent and competitive cybersecurity posture. UpGuard considers that the three key focus areas of incident reporting should be:

  1. understanding the reporting expectations of senior management;
  2. clearly articulating the efforts made in addressing supply chain attack risks; and
  3. speaking in terms of financial impact.

Fixing the Gap in Australia's Cybersecurity Legislation

Australian Cyber Security Magazine – 18 January 2024

This article was prepared by Leon Poggioli, ANZ Regional Director at Claroty, and breaks down the intersection between smart home devices which are controlled by electricity distributors for power grid stability. The clearest example of this is seen in SA Power Networks' use of process automation to increase cyber defence, which requires new home solar panel installations to connect to SA Power Networks to allow for the remote disconnection of home solar systems in cases where grid supply outstrips demand.

Global Cybersecurity Outlook 2024

World Economic Forum – 11 January 2024

The World Economic Forum has published its annual Global Cybersecurity Outlook insight report for 2024. The report focuses on several key areas including the emerging trend of cyber inequity between countries and organisations, evolving technological transition, current cyber-skills shortage, and importance of building a better cyber ecosystem. Key takeaways from the insight report include:

  • The number of organisations that maintain minimum viable cyber resilience is down 30%. Large organisations have demonstrated gains in cyber resilience, while SMEs have shown a significant decline.
  • 41% of the organisations that suffered a material incident in the past 12 months say it was caused by a third party.
  • 54% of organisations have an insufficient understanding of cyber vulnerabilities in their supply chain.
  • 60% of executives agree that cyber and privacy regulations effectively reduce risk in their organisation's ecosystem – up 21% since 2022.

Cybersecurity trends: IBM's predictions for 2024

Security Intelligence – 9 January 2024

IBM has fielded opinions and insights from several industry-leading experts to forecast trends and predictions for the 2024 cyber threat landscape. Generative AI appears to be the greatest emerging threat to enterprises in protecting their internal systems and data, while ransomware attacks are expected to undergo considerable transformation to sidestep changes in how companies respond to unauthorised infiltration. Key predictions include:

  • GenAI will make “customer acquisition” much easier for cyber criminals by helping filter through, correlate and categorise huge data sets in minutes, and assembling them in a programmatic way for cyber criminals to create profiles and target entities.
  • Enterprises will see an influx of “doppelganger users” who will exhibit abnormal behaviour, which should signal to companies that they have potentially been compromised.
  • Ransomware is heading for a makeover as more countries pledge not to pay ransom demands, with increasingly fewer enterprises succumbing to the pressure of encrypted systems, and instead diverting those funds to rebuilding their systems.
  • A new approach to security's “identity crisis” with organisations moving to embrace an “identity fabric” approach which integrates and enhances existing identity solutions rather than replacing them.

2023 Threat Landscape Year in Review: If Everything Is Critical, Nothing Is

Cyber Owl – 8 January 2024

This article provides useful guidance into how to build a business case for cybersecurity, and ways in which to identify benchmarking information to help inform the most important business needs and priorities. Actions such as developing or joining a knowledge-sharing network or ensuring business vendors are working harder in areas of weakness lead to improved cybersecurity resiliency and maturity.

2023 Threat Landscape Year in Review: If Everything Is Critical, Nothing Is

Qualys – 4 January 2024

The Qualys Threat Research Unit released a comprehensive blog series which reviews key takeaways and trends across the threat landscape in 2023. Qualys explores the most common ways threat adversaries exploit vulnerabilities and render attacks, with the Threat Research Unit detecting more than 2.3 billion anonymised vulnerabilities. Key insights from the research findings include:

  • Over 26,000 vulnerabilities were disclosed in 2023, surpassing the total number of vulnerabilities disclosed in 2022 by over 1,500.
  • The mean time to exploit vulnerabilities in 2023 was 44 days, yet 25% of high-risk vulnerabilities were exploited on the day of publication.
  • Over 50% of high-risk vulnerabilities were exploited by threat actors and ransomware groups.
  • The Clop ransomware gang was the most prolific cybercriminal group of 2023, known largely for their exploitation of zero-day vulnerabilities. Clop was responsible for the MOVEit hack which has affected over 2,600 different businesses to date, while also compromising the information of more than 85 million individuals.

Ransomware operators are increasingly using remote encryption in their attacks

Cyber Daily – 21 December 2023

This article unpacks findings made by Sophos researchers, identifying that most prolific threat actors have altered their tactics to now employ remote encryption. Both BlackCat and LockBit were named as cybergangs who have used this method which allows threat actors to remotely encrypt files across a network via a single unprotected endpoint.

The Continued Threat to Personal Data: Key Factors Behind the 2023 Increase

Apple – 15 December 2023 

Apple and Professor Stuart E. Madnick have released a joint research study that focuses on the mounting threat posed to personal data. The report cites that two key factors have contributed to the increased threat to personal data; ransomware attacks are more numerous and dangerous than ever, and attacks that exploit vendors are increasing. Other notable findings include:

  • Over 2.6 billion personal records were breached in 20221 and 2022.
  • Organisations based in the UK, the US, Australia and Canada were targeted most frequently by cybercriminals in 2023.
  • 98% of organisations have a relationship with a vendor that experienced a data breach within the last two years.
  • In the first eight months of 2023 alone, over 360 million people were victims of corporate and institutional data breaches.

Australian patient data increasingly at risk due to cyber attacks

Cyber Daily – 13 December 2023

This article outlines how Australian hospitals are more vulnerable to digital fraud due to a lack of email security as compared to other industries. According to Proofpoint, hospitals are in danger of falling victim to phishing and spoofing attacks given the highly sensitive patient data they store. This report came less than a week before St Vincent's Health Australia was infiltrated by hackers who leveraged compromised accounts.

Aussie workers most likely to violate company data policies

Cyber Daily – 13 December 2023

This article discusses claims by cybersecurity experts who argue that Australian staff and employees are violating internal data policies more than any other country in the world. 20% of security executives showed concern about Australian workers and their lack of respect for data policies, as compared to the global average of 11%.

Recent cyber incidents and developments

No health information or personal data stolen in St Vincent's hack

Sydney Morning Herald – 25 January 2024

This article confirms that no health or personal information was stolen in the St Vincent's Health cybersecurity incident on 19 December 2023. St Vincent's initially provided in a statement that they uncovered evidence that cyber criminals had removed some data from their network. See also  St Vincent's statement (21 December),  AFR article (29 December) and  Cyber Daily article (22 December).

Thousands of Australians hacked in ‘credential stuffing' credit card scam

Sydney Morning Herald – 17 January 2024

This article reports that 15,000 customers of Dan Murphy's, Guzman y Gomez, Event Cinemas, Binge and TVSN were affected in a credential stuffing attack. The threat actor is believed to have purchased stolen login details and made fraudulent transactions with stored payment details. See also  Cyber Daily article (17 December).

Full list of government agencies affected by HWL Ebsworth hack revealed

Lawyers Weekly – 14 January 2024

This article reports that the Federal Government released a full list of 62 government agencies impacted by the HWL Ebsworth ransomware hack. Several high-profile organisations were also impacted, including the big four banks and government agencies such as the Department of the Prime Minister and the Defence Portfolio.

‘Unsettling': hackers break into Victorian court recordings database

The Guardian – 2 January 2024

This article details that Victoria's court system was hit by a cyber attack after hackers accessed several weeks of recorded hearings. Initial reports suggest that Court Services Victoria's (CSV) audio-visual technology network was compromised as early as 1 November despite CSV being made aware of the attack on 21 December 2023. CSV confirmed that no other court systems or records, including employee or financial data, were accessed in the incident. The attack is believed to have been conducted by the Qilin ransomware gang, a Russia-based hacking group. The CSV  recently announced that the recordings accessed by the attacker date far earlier than initially believed, going back as far as 2016. See also  CSV Cyber Incident statement (18 January) and  Cyber Daily article (4 January).

Eagers Auto says outsiders accessed data from IT servers

AFR – 2 January 2024

This article explores the IT breach of Eagers Automotive, Australia's largest car dealership group, following a cybersecurity incident that saw unauthorised access to data from servers in the company's IT systems. Eagers confirmed that it has begun notifying a small number of individuals who may face serious risk of data misuse, with the company requesting an ASX trading halt on 27 December. The LockBit 3.0 ransomware group has claimed responsibility for the attack, listing Eagers as a victim on its leak site. See also  Cyber Daily article (4 January) and  Teiss article (3 January).

Yakult Australia targeted in cyber attack, employee files published on dark web

ABC News – 28 December 2023

This article reports that Yakult Australia was hit by a cyber attack that resulted in company records and sensitive employee documents being published on the dark web. It has been confirmed that Yakult fell victim to a ransomware attack after the  Malaysia-based DragonForce hacker group claimed responsibility for the incident. According to a sample of data leaked by DragonForce, stolen company records date back to 2001 and include pre-employment medical assessments and certificates, salaries and details of performance reviews.

Largest data leak of all time affects LinkedIn, Adobe and more, 26b records exposed

Cyber Daily – 23 January 2024

This article reports on the largest data leak in history, with 26 billion records exposed from major companies such as Twitter, Adobe and LinkedIn. Researchers who found the data on an unsecured webpage now claim this breach could prompt an avalanche of cybercrime, with credential stuffing attacks posing a significant threat. See also  Daily Mail article (23 January) and  Sky News article (23 January).

Akira Ransomware Gang Claims The Theft Of Sensitive Data From Nissan Australia

Security Affairs – 22 December 2023

This article confirms that the Akira ransomware gang has obtained 100GB of data from Nissan Australia and New Zealand after claiming responsibility for a cyber incident earlier in December. The stolen data included project information, clients' and partners' information, and NDAs, with the exfiltrated information being uploaded to Akira's data leak site after Nissan refused to pay the ransom demand. Nissan warned customers of potential scam activity and confirmed that they notified the ACSC and the New Zealand National Cyber Security Centre. An investigation was immediately commenced into the extent of the incident and whether any personal information was accessed. See also Nissan update (21 December),  Cyber Daily article (7 December) and  IT Wire article (7 December).

Brisbane man sentenced to more than two years for buying stolen data

AFP – 21 December 2023

This statement provides that a Brisbane man has been released on a five-year good behaviour bond and two-year probation sentence after being discovered in possession of almost 1,000 “bots” purchased on the dark web, each containing login credentials and cookies belonging to online banking services, social media sites and more. The man pleaded guilty to six charges, including four counts of unauthorised access to restricted data and two counts of possessing data with an intent to commit a computer offence. See also  Cyber Daily article (22 December).

Justice Department Disrupts Prolific ALPHV/Blackcat Ransomware Variant

Tech Crunch – 20 December 2023

This statement examines the fall-out from ALPHV's (BlackCat's) leak site being taken down by the FBI. The FBI managed to infiltrate the BlackCat ransomware group's internal network in order to determine how the group operated. The FBI also identified the group's private decryption keys which can be used by businesses to restore encrypted systems without paying ALPHV a ransom. See also  Tech Crunch article (20 December) and  Cyber Daily article (20 December).

Sydney man charged with sending 17 million scam texts

Sydney Morning Herald – 13 December 2023

This article details how the NSW Cybercrime Squad arrested a Sydney man in connection with a scam text operation that sent millions of SMS messages impersonating companies such as Australia Post and Linkt, with the alleged perpetrator being responsible for sending more than 17 million scam texts. See also  Cyber Daily article (18 December).

Bathroom products manufacturer Decina caught out by alleged data breach

Cyber Daily – 12 December 2023

This article outlines that the  Malaysian DragonForce hacking group has posted an extensive tranche of data on a clear web hacking forum that it claims belongs to Australian products manufacturer Decina. The alleged data leak contains over 600 lines of folders and documents, while the individual files appear to include internal financial documents.

Hacker claims to leak customer inquiries from Granvue Homes

Cyber Daily – 8 December 2023

This article discusses how Victoria-based building company Granvue Homes has allegedly been hacked after a threat actor posted 31,000 lines of data on its hacking forum. The data uploaded to the leak site is extensive and includes names, login attempts on the website alongside the IP addresses the login was made from, and email addresses belonging to Granvue employees.

Worldwide Dog Breeding Association exposes pet owners' data in 25GB leak

Teiss – 6 December 2023

This article discusses a major security breach that exposed sensitive personal information belonging to pet owners, vets, and testing labs affiliated with the Worldwide Australian Labradoodle Association (WALA). It is alleged that over 56,000 documents totalling 25 gigabytes were leaked in the incident which was caused by a misconfiguration in a cloud server.

Ransomware Attack on Australian Shipbuilder Working for US Navy

Australian Cyber Security Magazine – 5 December 2023

This article provides that the US subsidiary of Australian shipbuilding company Austal USA suffered a ransomware attack. The attack was conducted by the  Hunters International ransomware group who has warned that they will post 43 sample files of exfiltrated information to their leak site amounting to 87.2 megabytes of data. The data allegedly includes personally identifiable information and government data, though Hunter International has indicated they have not encrypted any of Austal USA's data.

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.