More and more Australians caught up in Medibank breach
The Medibank breach saga has taken another twist with the news that individuals who requested a quote from the health insurer have also had their data exposed. The revelation comes as three law firms announce they are joining forces to pursue a “landmark” complaint against the company.
The October 2022 breach saw 9.7 million Medibank customers’ personal data leaked online. The hackers, who are believed to be a Russian-based group, exposed some of the data on the dark web and demanded a ransom, which Medibank refused to pay. The criminals then dumped what is thought to be the remainder of the data online at the end of November.
Yet the breach’s repercussions show little sign of slowing. Medibank’s budget brand, ahm, has now announced that non-members have also been affected. Their website warns: “If you ever requested a quote from us and we took some of your information, you will have been affected by the cyber event”, and offers links to anti-scam advice. Meanwhile, three law firms have joined forces to seek compensation for affected customers. They claim that "tens of thousands" of people have already registered for the lawsuit.
Former PM among millions hit by colossal Twitter hack
A hack of Twitter has exposed the data of over 200 million people, including former Prime Minister Scott Morrison and TV presenter Piers Morgan, whose hacked account posted abusive messages about Queen Elizabeth II and singer Ed Sheeran. Researchers warned that the victims would be at risk of scams.
The breach took place in late 2022, with the hacker demanding a $300,000 ransom for the 235 million stolen email addresses. The attacker claimed that the data also included some phone numbers. Hackers could use the details in phishing scams or to try to reset victims’ email addresses.
Twitter, which has suffered a rough ride since its takeover by billionaire investor Elon Musk, has admitted it was previously breached in August 2022 via an API vulnerability, and may face GDPR and Federal Trade Commission penalties. Anyone who fears they may have been affected has been advised to change their passwords and turn on multi-factor authentication (MFA), while organisations should ensure their employees understand the risks associated with social media.
Are Gen Z cybersecurity’s weakest link?
Younger people may be seen as “digital natives” who usually take the lead on new tech, but a new survey reveals a worrying blind spot: cybersecurity. Gen Z rated cybersecurity as a low risk to business, and proved worse than any other generation at identifying key cyberattack vectors.
The Council of Small Business Organisations Australia (COSBOA) survey found that “zoomers” were less likely than boomers, gen X or millenials to be able to identify malware, identity theft, phishing, trojan horse attacks or ransomware. The generation (born between 1997 and 2012 according to most researchers) are the most familiar with social media but seem to have a blind spot for cyber threats. The overall picture is also worrying, with only 21% of small business owners confident in their ability to fight and recover from a cyber threat.
Smaller organisations are often hit by hackers because of their less sophisticated defences, and the survey is a reminder that businesses can’t assume staff have basic security knowledge. Yet the growing awareness among older generations may point to the success of workspace cyber awareness training, which gen Z may not yet have been exposed to. Training should be tailored to your industry and workforce and must be repeated frequently to ensure knowledge sinks in, and stays up to date.
Ransomware group leaks fire service attack data on dark web
The Vice Society ransomware group has claimed responsibility for an attack on Fire Rescue Victoria, posting data that it claims to have stolen on the dark web. The incident has led to IT outages that are now in their second month, with some day-to-day processes still being managed offline.
The attack, in December 2022, is believed to have accessed employee data. On 11 January, Fire Rescue Victoria announced that “the personal information of current and former employees, individual contractors and secondees of FRV and the former Metropolitan Fire and Emergency Services Board (as well as job applicants and other individuals) may have been accessed or stolen by the criminals”.
Vice Society emerged in 2021, initially targeting educational institutions with extortionware attacks. Since then, the group has begun to use a new hybrid encryption scheme and has broadened its targets, also claiming an attack on San Francisco’s Bay Area Rapid Transit this month. FRV is contacting affected parties. Attacks on critical infrastructure and services are likely to ramp up as criminals seek new targets and state-linked groups seek to undermine other nations – organisations must be on their guard.
Thousands of staff caught up in QUT breach
A cyberattack has stolen the personal data of around 2,500 staff and 67 students at Queensland University of Technology (QUT). Vice-chancellor Margaret Sheil said that files stolen included some personal data that "could assist in identity theft".
The December 22 attack caused campus machines to print out large numbers of ransomware demands. The notes, apparently from ex-Conti members Royal Ransomware, offered to decrypt and restore the files for a “modest royalty”. The university has said it is not aware of any data being exposed, and that it was communicating directly with the staff and students who had been affected.
Australia’s education sector is worth $135.5 billion and is the fourth most targeted in the world. Thanks to regular student churn, sometimes outdated systems and an increase in personal device use, the sector has serious vulnerabilities. Awareness training, increased use of MFA and threat intelligence can all help educational institutions fight back.
Dark web database with 14 million logins discovered
A dark web forum of over 14 million usernames and passwords has been found by Australian researchers. Around 100,000 of the logins are for government and agency portals, raising fears of a serious threat to official websites.
The group behind the hack offered to share the database, which they are believed to have been building since 2020, with other forum users. The stolen credentials appear to have been used to access websites around the world. It’s likely that the government logins show employees using their email address to register for third-party sites, which means the passwords may not form part of their government credentials.
The data is still being analysed, but is likely to be part of a massive criminal data collection project. With many individuals using the same passwords across multiple platforms, there is a risk to government agencies, and the data could also be used for widespread scams. Basic measures to protect your personal data from being compromised or leveraged include watching out for suspicious messages, using MFA, ensuring software is up to date and checking privacy settings on social media.