This month in security: May 2021
US Colonial Pipeline hit by ransomware attack, infrastructure disrupted
The largest fuel conduit system in the US was attacked by cybercriminal group Darkside, disrupting fuel supply to millions.
The ransomware attack on Colonial Pipeline, which transports 45 per cent of oil consumed on the east coast of the United States, is a huge wake up call for governments and infrastructure organisations. Endless queues of motorists lined up across countless fuel stations, while the price of fuel skyrocketed and US President Joe Biden announced a temporary state of emergency. While Colonial Pipeline had regained control and had resumed operations, they reportedly paid almost $US5 million to have their data released. From hospitals, schools, municipal governments and transport infrastructure, virtually every sector has suffered major breakdowns due to ransomware attacks in the past year. And in the absence of any mandated cybersecurity framework, it’s up to each individual organisation to implement appropriate security measures before they become the next target.
Telstra service provider infiltrated in massive ransomware attack
The hackers claim to have compromised ‘tens of thousands’ of SIM cards and are threatening to release confidential documents unless their demands are met.
The victim is a Telstra dealer that supplies phone numbers and cloud storage services on behalf of the telecom giant. At this time, it appears that no Telstra systems were breached. The hackers uploaded some of the stolen data to the dark web, parts of which appeared to show customer phone numbers and addresses. The incident is still being investigated, and it’s unclear whether the victim will give in to the demands, but at this point, the hackers haven’t left them much choice.
Real estate listings portal Domain infiltrated and exploited by scammers
Hackers have gained access to Domain’s administrative systems and are scamming people who made rental property enquiries.
Domain is warning users to be careful when trying to secure rental properties on its website after an unauthorised third party accessed personal information and started demanding deposits from unsuspecting renters. The scammers are emailing house hunters and asking them to pay a ‘deposit’ to secure a rental property via a fake website. While no one seems to have fallen for the scam yet, Domain quickly took steps to fix the problem and are continuining to investigate. We flagged the lack of cybersecurity maturity in the real estate sector before, and the problem is only going to grow bigger in the coming years.
Hackers offer to help Irish health service recover from cyberattack
The Conti ransomware group stole data and demanded $20m to restore services after the attack, but also gifted the health service a tool to undo the damage.
The Irish Department of Health said it had to shut down its IT systems after a ransomware attack, causing disruptions to outpatient services. In an unexpected turnaround, the hackers have gifted them with tool to help them resume services. The Irish government is testing the tool and insists it did not, and would not, be paying the hackers. Conti, the group behind the attack, is still threatening to publish or sell data it has stolen unless a ransom is paid. Looks like even hackers can have a heart sometimes. Just as long as it doesn’t hurt their bottom line.
Parliament House targeted by 'brute force' cyberattack
The federal parliament has endured another cyberattack, just two years after cyber espionage incident by a sophisticated state actor.
President of the Senate Scott Ryan told a hearing that the "malicious activity" lasted just under 24 hours. He noted that the attack was unsuccessful and Department of Parliamentary Services networks were not compromised. This incident follows in the wake of a cyberattack on the NSW Labor Party where confidential documents were leaked online, including people’s salaries. It’s clear that all state and federal government agencies are at risk of malicious cyber activity, and those risks are growing in volume and sophistication every day.
Hacker group threatens Victorian high school
The Newcomb Secondary College in Victoria has been targeted by hackers, with the criminals threatening to release private information.
The hackers posted their ultimatum to school officials on the dark web, threatening to leak documents if they refused to cooperate. The hackers published excerpts of the documents they stole, including school assignments, teachers’ planning materials and one that appeared to bear the name of a student, and gave the school a deadline to respond. The school is working closely with cybersecurity specialists to form a response. Cybercriminals do not discriminate between targets, and believe everyone is fair game. The education sector is particularly at high-risk, given their relatively modest levels of cybersecurity and technology.