This month in security: August 2021
Accenture hit by LockBit gang ransomware attack
The global professional services company said they had fully restored affected systems and no harm was done in the wake of a LockBit ransomware attack.
A ransomware cartel known as the LockBit gang listed Accenture on its dark web blog after stealing files from the multinationals’ internal network. Lockbit then threatened to leak the files, which did not appear to include any sensitive information. Accenture downplayed the attack in an emailed statement assuring clients that there was no impact on operations or on clients’ systems. Any successful cyberattack has the potential to cause bad publicity for Accenture and impact their global network, which generated US$44.3 billion in revenue in 2020.
Australian android users scammed by Flubot malware
Thousands of Australian android users have been scammed into installing malware known as Flubot, giving criminals access to credit card details, text messages and more.
Scamwatch received nearly 4,000 reports of the Flubot scam between 4th and 20th August. The Flubot scam starts when android users receive a scam text that says they have a missed call or new voicemail. Clicking on the link takes them to a website which appears to be from a trusted brand such as Telstra, and invites users to install software on their phone to hear the message. Doing so installs the malware, providing the criminals access to credit card details and other personal information on the phone. iPhone users may also receive the scam text, but the malware will only work on Android phones. The scam appears to have originated in Europe and is spreading like wildfire across Australian networks.
Australian organisations are the most likely to pay ransoms
Australian organisations are the most willing in the world to pay a ransom according to an IDC report.
IDC’s survey reveals that 60% of Australian companies would be willing to pay a ransom, well ahead of 49% of companies in Brazil and Singapore. Australian organisations have recently seen a 200% increase in reported ransomware attacks, costing the economy an estimated $1 billion. Australian organisations’ willingness to pay ransoms is likely to further increase the number of attacks. Another IDC study found that 20% of organisations that paid a ransom following an attack retrieve nothing in return from cybercriminals.
U.S. State Department hit by cyberattack, no details released
The U.S. Department of Defense Cyber Command notified the U.S. State Department of a “potential serious breach” in early August.
The origin, scope, and timing of the attack is unclear, but sources claim that “the department’s continued work to evacuate Americans and allied refugees in Afghanistan has not been impacted by the cyberattack”. A State Department spokesperson told CNBC the department continuously takes steps to ensure information is protected, and that the nature of the cyberattack cannot be discussed for security reasons.
New Zealand DOC search and rescue base hit by ransomware attack
New Zealand’s Department of Conservation has reported a ransomware attack that took place at the search and rescue base at Mount Cook.
The attackers encrypted information relating to DOC staff and information belonging to people who had been rescued in the area across 11 different operations. The attack affected five devices, all of which were isolated and sent to forensic analysis specialists. The attack appears to have been limited to the standalone search and rescue network, which has no connection to the wider DOC corporate network and IT systems.
Japanese cryptocurrency exchange hit by hackers
Liquid Global revealed it was hit by hackers who managed to get away with almost $100 million in cryptocurrencies.
Liquid shared that it is actively tracing the movement of the stolen cryptocurrencies and working with other exchanges to freeze and recover the assets. The group has already published the wallet addresses used by the hacker, along with the details of the funds, and is working to have the assets frozen and blacklisted. According to some estimates, the value of the stolen cryptocurrencies and coins could be upward of $97 million.