Garrett O’Hara is the Chief Field Technologist, APAC at Mimecast having joined in 2015 with the opening of the Sydney office, leading the growth and development of the local team. With over 20 years of experience across development, UI/UX, technology communication, training development and mentoring, Garrett now works to help organisations understand and manage their cyber resilience strategies and is a regular industry commentator on the cyber security landscape, data assurance approaches and business continuity.
Missile unit and domestic violence shelters affected by NSW data beach
The addresses of half a million organisations have been leaked in a breach of the New South Wales government’s QR code data. The leak covers 566,318 locations in the state and beyond, including correctional facilities, critical infrastructure, crisis accommodation centres for women and a missile maintenance unit.
The addresses were collected when organisations registered as COVID-safe and received a QR code to manage staff and customer check-ins. The datasets were discovered on a government website by a security specialist in September, and the breach was referred to the privacy commissioner, who determined that it was not a privacy beach. It was eventually made public by NSW Premier Dominic Perrottet. The NSW Department of Customer Service said fewer than 1 percent of locations were classed as sensitive. There was significant concern over the use of QR codes in the run-up to the breach, and NSW has now discontinued use of the data. States including NSW have upped cyber spending in recent years, and setting baseline standards across the board will help build cyber resilience in the face of growing threats.
Adelaide couple jailed after hacking small business payrolls across Australia
A couple from Adelaide have been jailed for a hacking scheme that netted them over $1.15 million over the course of at least 18 months. Emily Jane Walker and Jason Bran Lees targeted the payroll systems of small businesses and not-for-profits, spending much of the proceeds on drugs.
The pair scammed at least 23 organisations, including a charity for disadvantaged Indigenous Australians. The funds were diverted to fraudulent accounts that the couple had set up with stolen identification. Police found a spreadsheet listing the contact details, passwords and banking information of thousands of people. The arrests are a reminder that cybercriminals don’t just go after the big guns. Judge Joanne Tracey noted that the victims were “easy targets” who might have found it “too burdensome to have better cyber security in place”. Scams such as Business Email Compromise (BEC) are a growing threat to charities, while members of the public might be surprised at how much data they leak. Basic cyber hygiene can make a real difference to your safety – and keep the likes of Walker and Lees at bay.
NZ Uniforms hit by ransomware gang
Ransomware gang Conti has attacked Wellington-based retailer New Zealand uniforms. The gang announced earlier this month that it had stolen information from the company. Chief executive David Bunnell said that while NZ Uniforms’ systems were impacted, they were “fully operational again within 48 hours”.
Ransomware-as-a-Service group Conti evolved from the Wizard Spider gang. The group attacks Windows systems and increasingly relies on extortion – threatening to publish confidential data if the ransom is not paid. NZ uniforms has notified the Office of the Privacy Commissioner (a legal requirement since December 2020) and said that no ransom has yet been demanded. High-profile ransomware attacks are on the rise in New Zealand. While paying ransoms is legal, it is discouraged by the government. Intelligent threat monitoring, anti-phishing measures and regular back-ups can all help limit the threat from ransomware.
Microsoft to disable Office macros by default
Microsoft is moving to block Visual Basic Application (VBA) macros by default in five programs across its Office suite. The macros can currently be enabled by clicking an “enable content” button. Users will instead be directed to an article explaining the risks associated with macros, and the steps needed to unblock a single file.
Macros are instructions that can execute regularly performed tasks, but they’re also a serious vulnerability. They can be used to deliver malware such as the emotet botnet, and safeguarding them is an integral part of cybersecurity frameworks such as the Australian Cyber Security Centre (ACSC)’s Essential Eight. The change, which is likely to take place in April, should limit the Windows attack surface and is a welcome (and some might say overdue) shift from Microsoft.
Russian ransomware on the rise as politically motivated attacks grow
A joint review of cyber-extortion from Australia, the US and the UK has found a rise in attacks from Russian gangs, noting that “the criminal business model of ransomware is now well established” and that gangs were diversifying, with some even offering victims “a 24/7 help centre”.
The review recorded a rise in “sophisticated, high-impact ransomware incidents” from Russia and other former Soviet states. In the US, cyberattackers appear to be moving from “big-game hunting” (in which large organisations are targeted) to hit a wider range of targets, although this pattern has not as yet been repeated in Australia or the UK. The report comes as fears of politically motivated cyberattacks grow. In January, anti-government hackers targeted the Belarusian railway system, while commentators believe the conflict in Ukraine could prompt a surge in ransomware attacks around the world. Cyberspace is now part of the battlefield, and organisations without a balanced cybersecurity policy risk becoming collateral damage.