This month in security: April 2021

Nine Entertainment targeted by cyberattack 

Live broadcasts from Sydney and their corporate systems were affected in the wake of a sophisticated ransomware attack. 

Perspective 
The attack on Nine has all the hallmarks of ransomware, except demands for any actual ransom. The details of the attack are still under investigation, but the evidence so far suggests a well-funded and well-organised group was behind the hack, possibly even backed by a nation-state. This cyberattack may potentially be the largest on an Australian media company to date. Nine has asked the Australian Signals Directorate, state and federal police as well as other external experts for help in the investigation. 

US government prioritises power grid cybersecurity 

The Biden administration is coordinating with the infrastructure industry to protect the U.S. power grid from hackers. 

Perspective 
The government is in the process of putting together a plan to improve the cybersecurity of the US power grid, which could prompt widespread changes in standards and regulations. This initiative is just one part of a holistic strategy to improve the cyber resilience of the country’s critical infrastructure. As attacks on infrastructure become more frequent and more sophisticated, governments around the world are realising that they need to act fast before a major cyberattack brings down the whole grid.  

APRA emphasises the need for stronger cybersecurity across the broader banking ecosystem

The regulator is pushing for big changes in cybersecurity for banks, superannuation firms, fintechs and other financial institutions. 

Perspective 
The Australian Prudential Regulation Authority (APRA) is pushing banks and the financial ecosystem at large to focus on their cybersecurity measures. At the 2021 AFR Banking Summit, APRA chair Wayne Byres said that while “no APRA-regulated bank, insurer or superannuation fund has suffered a material cyber breach yet … it’s only a matter of time until an incident occurs.” The fact is that our financial system is already being targeted. In January this year, the Australian Securities and Investments Commission and the Reserve Bank of New Zealand were both affected by cyberattacks, and as more hackers turn their attention towards the finance sector, the threat is only going to get bigger.

User data of 500+ million LinkedIn and Facebook users scraped and leaked online

Experts urge users to secure accounts and passwords in wake of another data breach. 

Perspective 
Personal data from more than 500 million LinkedIn users and over 7 million Facebook users has been posted for sale online in yet another incident of threat actors scraping data from public profiles and illicitly selling it online. The leaked data sets include IDs, full names, professional titles, email addresses, phone numbers and other personally identifiable information (PII). Scraping is a common tactic used by hackers to collect publicly available information from the internet. Experts strongly recommend that users regularly change their passwords, set up multifactor authentication and make sure their privacy settings on these platforms are properly configured.

Federal Group's casino pokies hit by cyberattack in Tasmania

The Tasmanian casino operator confirmed it suffered a ransomware attack that affected its pokies machines and hotel bookings systems. 

Perspective 
The attack seems to have been contained, with the Federal Group investigating if historic credit card details stored in the hotel booking system were compromised while they restore the affected electronic gaming systems. Cash-based or financially complex organisations like casinos make attractive targets for hackers, since many such organisations use legacy or multi-generational technologies that offer a variety of potential security gaps for hackers to exploit. 

Hackers turn to trendy collaboration apps to spread malware 

Hackers are using collaboration apps like Discord and Slack to serve up malware to unsuspecting users. 

Perspective 
Of course, the platforms themselves haven’t been hacked. Hackers are using the implicit trust users have of these platforms to share links to malware or fake websites. Since the pandemic, the way these apps are used has also changed, with many people using them for work and for socialising. Both system admins and users also have an implicit trust in them, so may be more casual about clicking on a link their friends or colleagues have shared. Hackers have picked up on this and are playing their trade on these new channels.