Managing Threats & Attacks – Page 7

The battle against phishing

Jul 23 2019

By Cameron Abbott, Michelle Aggromito and Jacqueline Patishman

All over the world, organisations and individuals battle phishing. Even in systems with a high degree of security, phishing is still a risk and human failures to spot and deal with phishing can cause the best of security policies and procedures to become undone.

To fight phishing at the source, the UK’s National Cyber Security Centre (NCSC) recently achieved some success in this space through its use of email verification technology to fight phishing attacks. This technology, called ‘Synthetic DMARC’, works by assigning a DMARC record for all domains attempting to pass-off as gov.uk domains, by analysing and vetting non-existing subdomains against DNS records and building on authentication systems of the past.

Major privacy and security breaches confirmed this week: Westpac, the ANU and Princess Polly targeted

Jun 07 2019

By Cameron Abbott, Allison Wallace and Rebecca Gill

It’s been a chilly start to winter for three Australian organisations, who’ve this week reported major privacy and security breaches.

Up to 100,000 Australians’ personal information has been exposed in a hack affecting Westpac Bank. Westpac confirmed on Monday that details of Australian bank customers (not just those of Westpac) were exposed in a cyberattack on real time payments platform PayID. The banking giant says it noted a high volume of PayID lookups in 2019 on a semi-daily basis, which was a result of attackers trying to guess phone numbers, which, if guessed correctly, would give them the name of the account holder to which the number is linked. Despite the hack, Westpac says that no customer bank account details were compromised as a result of this cyberattack. Nevertheless, experts warn that the details accessed could still be used to commit fraud.

Privacy Awareness Week (Online Privacy): credential stuffing attacks are on the rise in Australia

May 14 2019

By Cameron Abbott, Michelle Aggromito and Rebecca Gill

Today’s topic for Privacy Awareness Week is “online privacy”. It is no surprise that online privacy is a key topic of concern for businesses and consumers alike, given recent high-profile privacy breaches. Of particular significance is the issue of credential stuffing, as Australia is now the fifth highest target for credential stuffing attacks according to Akamai’s Credential Stuffing: Attacks and Economies report of April 2019 (Report).

Credential stuffing is a form of cyberattack where account credentials, usually usernames or email addresses and corresponding passwords, are stolen, typically from a previous security breach. The account credential combinations are then used to try and gain access to accounts at other sites via an automated and large-scale web application directed to multiple logins. It relies on individuals using the same password across multiple sites. K&L Gates has previously blogged on a high-profile credential stuffing attack that can be found here.

Privacy Awareness Week (Data Breaches): Study finds majority of Australian businesses are ill-equipped to handle cybersecurity incidents

May 13 2019

By Cameron Abbott, Rob Pulham and Rebecca Gill

It’s Privacy Awareness Week and today’s topic is “data breaches”. With data breaches and responding to cyber attacks becoming an inevitable part of doing business, it’s a timely reminder about the importance of adequately resourcing your IT security areas, and of having comprehensive and well-tested data breach response plans in place, as illustrated by the Fourth Annual Study on The Cyber Resilient Organization (Study), conducted by the Ponemon Institute on behalf of IBM Resilient.

The Study surveyed 3,655 IT and IT security practitioners in 11 countries and regions, including Australia. The results of the Study indicate that a majority of Australian businesses are vulnerable to cyber-attacks due to a lack of skilled personnel and incident response plans.

Scammers are becoming more tech-savvy according to the ACCC’s Targeting Scams report

Apr 30 2019

By Cameron Abbott and Rebecca Gill

Australian businesses and consumers were duped into paying scammers with nearly half a billion dollars in 2018 according to the ACCC’s Targeting Scams: Report of the ACCC on scam activity 2018 (Report). The Report also highlights the use of sophisticated technology by scammers.

According to the Report, the most financially harmful scam affecting Australian businesses was the ‘business email compromise’ (BEC) scam. This involved a scammer gaining access to a business’s entire email or IT system. The scammer would then impersonate the business and send emails to suppliers and customers of the business, advising changes to payment details.

REPORT FINDS MORE THAN HALF OF RANSOMWARE VICTIMS WOULD PAY THE RANSOM

Apr 18 2019

By Cameron Abbott, Rob Pulham and Rebecca Gill

Telstra’s 2019 Security Report has found that majority of the respondents who have been victims of ransomware attacks have paid the attackers to unlock files. Many of these respondents successfully retrieved their data after paying the ransom.

Of the 320 Australian respondents, 51 per cent said that they had paid ransomware attackers to regain access to encrypted files. Further, the Report found that 77 per cent of Australian businesses that had paid a ransom were able to retrieve their data after making the payment. Whilst this was the lowest rate of data retrieval post-payment out of the 13 countries in the survey, 79 per cent of the Australian respondents still said that they would pay the ransom again if they had no back-up files available.

Tourists aren’t the only thing visiting London’s hotspots

Mar 22 2019

By Cameron Abbott and Ella Richards

Over 100 million cyber-attacks have hit London’s top tourist attractions over the past few years, signalling hackers turning their attention to the treasure trove of customer’s personal data and related opportunities for ransomware attacks.

Kew Gardens experienced an incredible 86 million attacks during 2018 and has seen a 438% increase in attacks year-on-year. Personal and financial details of over 100,000 of its members and over 800 staff are highly sought after, with 82 million spyware attempts and 1.6 million information-stealing attempts last financial year alone. Although Kew Gardens have performed admirably in mitigating the attacks, a major server breach in 2017-2018 and an incident involving a compromised email address managed to slip through.

Imperial War Museum was the next highest target; with over 10 million cyber security incidents spread over three years and 8 successful ransomware attacks within that time. The Natural History Museum tallied 875,414 cyber-attacks over three years, of which 26,610 were considered ‘unmitigated’ threats.

Lastly, Tate Gallery (which oversees the Tate Modern Tate Britain Galleries) was subject to 494,709 attacks last year alone, however only four attacks featuring malware and phishing software were successful.

These attacks demonstrate hacker’s increasing focus on personal and financial data, which tourist hotspots and museums collect in enormous volumes on a daily basis. Sheila Flavell (COO of FDM Group) points out that in the wake of these incidents, the UK needs to increase their level of cyber expertise by attracting more people into the tech industry. We agree there are not going to be many unemployed cybersecurity consultants with this sort of scale of activities!

Ransomware attack hits the state of Georgia

Mar 18 2019

By Cameron Abbott and Ella Richards

Jackson County in Georgia has been held ransom after cyber-attackers deployed ransomware that crippled the government’s IT network for 2 weeks. Government officials resorted to coughing up $400,000 in bitcoin to pay the ransom, desperately trying to get out of the offline ‘pen and paper’ situation the attack had left them in. The suspected ransomware, ‘Ryuk’, caught the eye of the authorities at the end of 2018 after it started affecting the printing presses of Tribune Publishing. Due to the highly problematic decryption tool that is provided once the ransom is paid, Ryuk has the frightening capacity to destroy businesses which cannot survive in downtime or do not have restorable backups.

Read further about the incident here: https://www.bankinfosecurity.com/georgia-county-pays-400000-to-ransomware-attackers-a-12159

Ratings agency starting to factor in Cyber risk profile

Mar 08 2019

By Cameron Abbott and Wendy Mansell

A recent report released by Moody’s Investors Services has shed some light on which business sectors are most at risk for cyberattacks.

After assessing 35 broad sectors it was concluded that banks, hospitals, security firms and market infrastructure providers face the highest risk. This was based on levels of vulnerability and the potential impact an attack would have.

The key determinative factor for these sectors is that they all rely strongly on technology and the vital role of confidential information in their operations.

The financial repercussions following a cyberattack in each of these sectors is extremely significant when considering the costs of insurance, penalties, consumer impact, potential litigation costs, R&D and technological impact to name a few.

The financial market is so high risk because of the financial and commercial data it holds and ever increasing fact that its services are being offered digitally, across multiple platforms i.e banking mobile/smart watch apps.

On a similar note because medical records are primarily collected and held in electronic form hospitals are very attractive to hackers given the sensitive nature of the data.

While the industries should not be a shock to the reader, it is important for participants in those industries and for suppliers to those participants to realise the risk profile that attaches to them and have procedures in place reflective of those risk levels. How one manages these risks in now likely to have indirect cost implications when you see ratings agencies like Moody’s assessing these sorts of areas.

Cyber attacks becoming common place: Different industries, similar methods

Feb 24 2019

By Cameron Abbott and Ella Richards

Popular car manufacturer Toyota has been hit by a malicious attack rendering their employees completely unable to access their emails. It is unclear whether any customer or employee data has been accessed, and Toyota is going to extensive efforts to discover the origin of the attack.

Staff who are powering on despite their access restrictions have been told to use face-to-face, phone and text communication until the emailing system is back online. Can you imagine!

Although the central server system is inaccessible, dealerships are continuing to operate normally besides being able to provide customers with the date they’ll receive their exciting new car.

Additionally, Melbourne Heart Group was subject to a cyber attack which completely locked them out of their filing system. 15,000 files were scrambled and held for ransom after a cyber crime syndicate hacked into their server, blocked all access to files and demanded a cryptocurrency payment be made.

Melbourne Heart Group is based at Cabrini Hospital in Malvern, but the separation of their systems ensured that no Cabrini operations were affected. Even though a payment was made to decrypt their servers, information including patient details and sensitive medical records are yet to be recovered.

Payment in these situations is always troubling, dealing with faceless individuals, having to trade in cryptocurrencies in order to chart a course to the fastest resolution.

Catagory:Managing Threats & Attacks