October 2017 – Cyber Law Watch

Open for business, ransomware authors and perpetrators cashing in on emerging dark web marketplace economy

Oct 24 2017

The emergence of a booming dark web marketplace has facilitated the skyrocketing ransomware sales from US$249,287.05 in 2016 to US$6,237,248.90 as of September 2017, representing a growth rate of 2,502%. This rapid growth is in part due to not only the effectiveness of ransomware as a criminal enterprise but the increased availability to partake in such activities. According to a recent report by Carbon Black, The Ransomware Economy: How and Why the Dark Web Marketplace for Ransomware Is Growing at a Rates of More than 2,500% Per Year, there are 45,000 ransomware product lines at an average price of US$10.50 and includes various do-it yourself (DIY) kits.

Update everything: Discovery of Wi-Fi flaw in connected devices

Oct 19 2017

By Cameron Abbott, Rob Pulham and Olivia Coburn

A Belgian researcher has discovered a weakness in WPA-2, the security protocol used in the majority of routers and devices including computers, mobile phones and connected household appliances, to secure internet and wireless network connections.

The researcher, Mathy Vanhoef, has named the flaw KRACK, for Key Reinstallation Attack.

Any device that supports Wi-Fi is likely to be affected by KRACK, albeit devices will have different levels of vulnerability depending on their operating systems. Linux and Android are believed to be more susceptible than Windows and iOS, and devices running Android 6.0 are reportedly particularly vulnerable.

Just one of 734: Australian defence contractor hacked

Oct 16 2017

By Cameron Abbott and Olivia Coburn

A hacker has breached the computer system of an unnamed defence contractor and stolen 30 gigabytes of data, including information on Australia’s $17 billion Joint Strike Fighter program.

The data breach, which the Australian Government publicly disclosed last week, also includes information about Australia’s $4 billion P-8 surveillance plane project, Collins Class submarines and the warships HMAS Canberra and HMAS Adelaide. The Government has emphasised that the stolen data is commercially sensitive but not classified.

The announcement coincides with the release of the Australian Cyber Security Centre’s 2017 Threat Report, available here, which reveals that the hack is among 734 cyber incidents affecting private sector systems of national interest and critical infrastructure providers.

SEC wants to collect more information – but can they protect it?

Oct 02 2017

By Cameron Abbott and Olivia Coburn

The United States Securities and Exchange Commission (SEC) is facing scrutiny on its handling of a data breach that occurred in 2016 – but was only publicly disclosed on 20 September 2017.

Hackers accessed information on corporate filings intended for investors, which would be used for insider trading.

Archive:October 2017