“Optusdata”, the anonymous hacker who in late 2022 made away with the personal data of more than 10 million Optus customers before backing down from a $1.5 million ransom threat, was described as “unprofessional” and “stupid” by their hacker peers on the dark web.
The Optus mass data breach occurred through an unprotected and publicly exposed end point, meaning anyone who discovered it could connect to it without submitting a username or password. The attack was far from sophisticated, according to O’Reilly and other experts.
“For attackers, especially those utilising low-cost, high-reward strategies, the investment is minimal compared to the potential pay-off, which can range from financial gain to significant data breaches – or even reputational damage to the targeted organisation,” O’Reilly says.
According to the Australian Signals Directorate, an intelligence agency, more than 127,000 hacks against Australian servers were recorded between the 2022 and 2023 financial years. This marked an increase of more than 300 per cent over the prior year – and O’Reilly says that matches what he’s seeing on the ground.
In the shadows
O’Reilly spends much of his time monitoring the dark web, which ransomware groups use to leak data and boast about their bounties. He regularly reports his findings to the Australian Signals Directorate.
Loading
The dark web is a shadowy part of the internet accessible only through special software, allowing users to remain anonymous. It is commonly used for illegal activities such as buying and selling drugs and weapons, as well as stolen credentials.
The group suspected to be behind the 2022 Medibank data breach, Russian cybercriminal gang REVil, posted customer names, birthdates and Medicare details under “good” and “naughty” lists on its dark web site named Happy Blog. The leaked data included patients who had undergone treatment for drug addictions and terminated non-viable pregnancies.
“I recommend to sell Medibank stocks,” the group said in the post, along with a quote from Confucius: “A man who committed a mistake and doesn’t correct it is committing another mistake.”
A person claiming to be the Medibank hacker told this masthead in broken English via email during the incident that they would have not leaked the stolen data had the company paid up. Medibank publicly ruled out paying the hackers the $US9.7 million ($14.5 million) they demanded, and the federal government had also advised against payment.
Medibank is facing a class action, as well as potential fines from the information commissioner over the 2022 cyberattack.Credit: Steven Siewert
The government is currently weighing a total ban of ransomware payments, though company directors say the payments may be justified to avoid catastrophic outcomes.
“We do business in our way, and we never targeted any particular people for that – only companies,” the purported hacker said via email.
“We ask a similar price, as on blackmarket for that detailed data about Medi customers. And where Medi refuses to pay – we should earn some money, to cover our efforts. Talking that way, Medibank in fact forces us, to sphread [sic] customers data.”
With attacks surging, the federal government is under increasing pressure to help organisations defend themselves. Cybersecurity Minister Clare O’Neil described financially motivated hackers and extortionists as “public enemy No.1” when she launched the government’s new cyber strategy late last year.
O’Neil said Australia faced the most challenging circumstances since the Second World War, and that cybersecurity would be integral to how the events of the coming decade played out.
‘A good start’
The federal government’s “six shield” strategy includes $291 million in support for small and medium-sized businesses, including the creation of a cyber health-check program offering free and tailored cybersecurity assessments to business owners. It has a stated goal of making Australia the world’s safest cyber nation by 2030.
Many cybersecurity professionals aren’t convinced that’s possible but acknowledge it’s a goal worth pursuing.
“What Claire O’Neil and the current government have been doing is a good start, but it’s been attempted before, and we need to ensure it survives future political changes. Cybersecurity is no longer a nice to have; it’s a fundamental component of everything we do,” O’Reilly says.
Cyber Security Minister Clare O’Neil.Credit: Alex Ellinghausen
He says Australia needs to find a way to ensure cybersecurity strategies are consistent across jurisdictions and are not beholden to the government of the day.
“One thing we can learn from our so-called ‘adversaries’, the people hacking us, is that consistency is key.”
In late 2022, in response to the Optus and Medibank breaches, the parliament passed legislation that can result in businesses being fined $50 million for repeated or serious data breaches.
Tony Burnside, head of Asia Pacific at cybersecurity giant Netskope, says we should be encouraged that Australia has a hands-on and proactive government when it comes to cybersecurity.
“The new cybersecurity strategy, which I think we can say has been well received overall, focuses on the right issues that need to be addressed now, and will act as a good framework for new legislation that will help Australian organisations and individuals be more secure,” he says.
“Our global alliances, especially in the context of AUKUS, also equip us with solid offensive and defensive state cybersecurity capabilities.
“Some organisations and parts of the populations are still fairly vulnerable compared to other countries, though… We weren’t exactly a primary target for cybercriminals until recently, and this has created some complacency and a feeling that major cyberattacks wouldn’t occur here.
“In the past 18 months there has been a wake-up call.”
Bolstering the defences
Netskope’s most-recent threat report found the majority of cyber threats targeting Australian organisations were criminally motivated, with only 12 per cent of attacks having a geopolitical motivation. Both the Medibank and Optus hackers demanded millions in ransom payments.
At Medibank’s shareholder meeting in November, chairman Mike Wilkins emphasised that the private health insurer had ramped up its security.
“The board has been overseeing a group-wide program of work that aims to continue uplifting and embedding the technology, processes and security culture within Medibank to support our customer promise of being a trusted health partner,” he said.
Port operator DP World, another recent hacking victim, is improving its security as well.
“We undertook a thorough review of our security controls with the assistance of third-party cyber expertise,” a spokesman says.
“In order to reduce the likelihood of similar incidents occurring, we are working through a cyber remediation plan to implement additional controls, limit access to external applications to certain addresses and countries only, implement additional end-point and network detection and response capabilities.”
CBA chief Matt Comyn said the bank was “conscious of and spend a lot of time, effort and resources on issues such as cybersecurity given the risks presented by such threats nationally and globally”.
“We’ve already seen a number of examples of how damaging a breach of cybersecurity can be and that is a warning to us all to take the necessary and vitally important steps to protect ourselves from these increasing attacks,” Comyn said.
But some of Australia’s biggest companies such as IAG, the insurance group behind brands like NRMA Insurance, CGU, SGIO, are not waiting for hackers to come knocking.
Loading
“We take cyber and data risk very seriously and we continue to invest heavily in this area,” says IAG’s chief risk officer, Peter Taylor.
“We are also an active participant in broader industry and government initiatives to enhance cyber resilience more generally.”
Cybersecurity provider CyberCX is working with St Vincent’s Health to remediate and respond to its recent cyberattack. It’s still unclear whether any sensitive health data was stolen in that attack, which people close to the investigation say was likely financially motivated. The company is also working with the Australian Open to safeguard the coming tournament.
All organisations at risk
The Medibank and St Vincent’s Health data breaches were facilitated through compromised staff accounts, according to investigators. Hackers typically compromise accounts through social engineering or phishing attacks – emails that seem legitimate and encourage users to enter their login information.
All Australian organisations are at risk, according to CyberCX’s financial services and insurance industry director, Shameela Gonzalez.
“More than green text on a black screen, executives are anxious about the 2am phone call, or the contact from a customer instead of catching it themselves,” Gonzalez says.
“It’s the combined challenge of scrambling to understand what has happened, re-securing systems without inflicting more damage, and communicating effectively in a matter of hours … It’s a tough ask, even before you consider that someone out there is working just as hard to do you harm.
“Simply buying more tools and more technology isn’t the answer here.”
Gonzalez agrees with O’Reilly in that one clear answer when it comes to cybersecurity is a cultural one.
Shameela Gonzalez at the offices of CyberCX in Sydney.
“Organisations that weather and thrive following a cyber incident have a strong culture of resilience, have invested in securing their networks and systems to do what they can to prevent a breach, and have prepared as best they can for an attack in this ‘when’, not ‘if’ environment.”
Another answer may be for businesses to simply collect less data on their consumers. In November, the government flagged a review of mandatory data legislation, passed in 2015, which requires telecommunication companies to hold customer information including names, call records and other data for two years.
Ashwin Ram, cybersecurity evangelist at Check Point Software, says an organisation in Australia is being attacked on averaged nearly 700 times a week over the past six months.
Loading
He says it’s a mistake, however, to read the recent headlines about the St Vincent’s Health and Court Services Victoria hacks and assume that they are the work of a criminal mastermind. “There’s nothing sophisticated about these cyberattacks,” Ram says.
“These recent ones appear to be financially motivated, and cybercriminals are extorting as much as possible from their victims. Many attacks begin with some form of social engineering, such as the one against Court Services Victoria, where email was the delivery mechanism for initial access.
“The most common attack vectors include phishing, cloud misconfiguration, software vulnerabilities, and compromised credentials, as was the case in the St Vincent’s Health breach. ”
For Ram, it’s not the regularity of the attacks that is most worrying. It’s that cybercriminals also now have access to generative AI tools, allowing them to create highly effective phishing campaigns that are nearly impossible to detect.
Attacks to intensify
Ram and other cyber experts are predicting a further surge in cyberattacks over the next year given the rise in AI tools such as ChatGPT.
“Over the next year, cybercriminals will increasingly leverage generative AI to develop new tools for cyberattacks,” he says. “This trend will also lower the barrier to entry, enabling less technically proficient individuals to engage in malicious activities, as advanced skills are no longer a prerequisite for creating attack tools.”
Ram is also predicting a rise in “hackers-for-hire” – a new breed of mercenaries of the digital age.
Last year, the pro-Russia hacker group, Killnet, announced plans to create a private military hacking organisation, Black Skills.
A screenshot of a website vandalism by pro-Russian hacking group Killnet.
Black Skills aims to be the cyber equivalent of the infamous Wagner Private Military Company, and will reportedly offer courses in four languages: Russian, English, Spanish and Hindi.
“The establishment of Black Skills will likely intensify the focus and sophistication of cyberattacks against governments,” Ram says.
“The latest spate of high-profile cybersecurity attacks are concerning. But we also think the string of attacks on not-for-profits in early 2023, which did not receive nearly as much coverage, told another story. A sizable amount of cybersecurity attacks in Australia are not reported by the media or to authorities.
“It would be wrong for Australians to assume these high-profile attacks mean cybersecurity incidents are a recent phenomenon mostly occurring to notable businesses.
“They are well embedded, widespread and not going away.”
The Business Briefing newsletter delivers major stories, exclusive coverage and expert opinion. Sign up to get it every weekday morning.
>>> Read full article>>>
Copyright for syndicated content belongs to the linked Source : WAToday – https://www.watoday.com.au/technology/low-cost-high-reward-the-hackers-holding-australia-to-ransom-20240105-p5evcg.html?ref=rss&utm_medium=rss&utm_source=rss_technology
