Australia’s recent run of serious data breaches has left many commentators asking some very pressing questions. It seems as though there’s perhaps a lot more to it than meets the eye. Yes, one could describe the recent events as misfortunate, however, perhaps there is something more sinister at play.
In truth, none of these recent attacks have been the result of unavoidable exploits. In most cases, the cybercriminals in question have taken a rather simplistic approach, by leveraging: insecure API’s, compromised credentials, weaknesses in patching vulnerabilities and overly poor development practices.
Here’s a breakdown of some of the more notable recent breaches and incidents:
Optus:
The September attack on Optus was easily one of the most polarising attacks of the year. Over 10 million confidential customer records (a third of which had sensitive ID numbers) were stolen after Cyberattackers discovered an unauthenticated API. Optus is still yet to lay bare the full ins and outs of the attack, however they have stated that they believed it was the work of sophisticated attackers. One simply cannot ignore the strategic national importance of many of the records held in Optus’ possession, therefore it would not come as a surprise if this attack had slightly more nefarious intentions. It’s also worth noting that experts have been warning of the danger of misconfigured APIs for quite some time now.
Medibank:
Medibank was another of Australia’s reputable institutions who fell victim to cybercriminals earlier this year. As was the case with Optus, this attack certainly appears to have been conducted by a professional group of specialised ransomware criminals. In the aftermath of the exploit, Medibank announced that compromised credentials were the catalyst for the exploit. The entire attack can again be largely attributed to inadequate identity and access controls. As a result, health and claims data, along with basic biodata was stolen and compromised by the hackers.
Vinomofo:
Online wine retailer Vinimofo was one of many e-commerce businesses to be targeted this year, in yet another breach that was enabled due to poor development practices. Following the event, the Vinomofo team admitted to having used production customer data while running tests to upgrade their digital platform. This is a seriously poor development practice, that inevitably gave attackers ample opportunities to exploit Vinomofo’s customer’s confidential data. Of course, it was only a matter of time before 700,000 customer records turned up for sale on a Russian-language forum, thus suggesting that this was likely the work of semi-professional hackers.
Australian Institute of Company Directors:
The Australian Institute of Company Directors (AICD) recently fell victim to what was easily the most blatant phishing attack of all. In light of the rapid rise in cyberattacks targeting major Australian institutions and corporations, the AICD organised a cybersecurity conference to educate Australian business people on “cyber-security principles”.
The alarm was first sounded after thousands of would-be participants were left unable to log in to the scheduled live stream on Linkedin. As disgruntled virtual attendees began to express their frustrations in the conference’s Linkedin chat function, a fake Eventbrite link – which many unsuspecting users clicked on – was posted in the chat, asking for credit card details. The AICD immediately warned participants ‘not’ to click on any links, however, the damage was already done. The conference was canceled and the AICD was left with one massive hit to its reputation. At this point, it is still unknown whether any card details were handed over to the cybercriminals, however, the AICD promptly urged all those affected to contact their card issuers. Of course, this situation could’ve been a whole lot worse, and it again highlights the need to remain vigilant regardless of how safe your surroundings may feel. These new-age cybercriminals are brazen and often many steps ahead of most subpar security practices.
MyDeal:
Woolworths Group were also targeted via their online marketplace – MyDeal. The MyDeal exploit saw approximately 2 million records stolen, which again reappeared for sale on a forum. In the days and weeks following the attack, Woolworths Group acknowledged that compromised login credentials to its CRM system were responsible for the serious customer data breach.
AMEB:
And it wasn’t just big businesses who fell victim to these attacks. The Australian Music Examinations Board or AMEB as it is known, announced that its online shop, which runs Adobe’s e-commerce software, was attacked in early October. Based on preliminary analysis, it appears that AMEB did not act fast enough to patch an XSS flaw with a CVSS score of 10, which was released only a day before the infrastructure was attacked. This is yet again, another example of why it’s so essential that companies stay vigilant when it comes to their cybersecurity. Nefarious actors prey upon poorly handled flaws, and when their victims fail to prepare, there is very little that can be done once the attacks have played out. The AMEB attack could very well have been prevented with adequate and robust security measures and practices in place.
EnergyAustralia:
Australian Energy firms were another critical sector to be targeted. EnergyAustralia, an energy provider for more than 1.6 million Australians admitted that 323 residential and small business customers’ accounts were taken over on September 30, and the affected customers were notified by October 2. Account takeovers are becoming a significant problem for all online service providers as it often requires extensive resources to uncover and remove the perpetrators. The company performed a system-wide password reset in an attempt to flush out the fraudulent actors.
Entersoft’s security tips:
We strongly advise that all corporations dealing with critical and confidential customer data employ two-step verification on their accounts. Systems that are not protected by two-step verification will always lack the extra security mechanisms necessary to assure the safety of their consumer data and business-critical assets.
All of the aforementioned incidents appear to have occurred as a result of security weaknesses that enabled cybercriminals to exploit critical infrastructure, applications and systems. In all instances, the thieves attempted to convert the stolen data into personal monetary benefit via sales on online forums and marketplaces. These sorts of attacks are becoming increasingly common, and the last few months in Australia have only highlighted this issue further.
Now more than ever, it’s absolutely imperative that Australian firms remain dedicated to achieving optimal security for their respective business systems and infrastructure. Due to the increase in serious data-centric attacks on major national bodies, nation-state hackers may well attempt to take advantage of what appears to be a country in digital chaos.
We simply cannot sit by and let this happen.
Don’t let cybercriminals ruin your empire.
Secure your future. Get in touch with our security experts today.