• Bradley Sing

    Bradley Sing is currently Technical Consultant at Mimecast where he has been since November 2016. Bradley has been working in the technology industry for almost four years and draws on his previous experience to help align customer business needs with the technical solutions that Mimecast provides, which ranges from product demonstrations to help documenting processes and aspects of products. Prior to his role at Mimecast, Bradley worked across the web hosting & domain name industry in Australia, working for Melbourne-based web hosting startup Hosting Australia and previously Melbourne IT Group.

    Comments:0

    Add comment
Content

Queensland water supplier breach went undetected for nine months

Sunwater, Queensland’s largest regional water supplier, suffered a cyber breach that began in August 2020 and did not end till May this year. The hackers gained access via an online content management system, but Sunwater has said that no customer data was exposed during the breach, which has now been secured.

Perspective

The attackers targeted an older, more vulnerable version of Sunwater’s system, planting files that redirected visitor traffic to an online video platform. The announcement emerged during an investigation by Queensland's Audit Office that also flagged cybersecurity vulnerabilities in five other water authorities. The audit notes that, while measures have been taken to plug the gaps, further action is required to avoid cybersecurity breaches. The effect of cyberattacks on critical infrastructure such as water supplies has been increasingly concerning in recent years. While the breach’s immediate impact seems to have been minimal, the next attack upon the industry might be more damaging, with customer data and control systems at risk from malicious attackers.

New Zealand’s annual threat report shows cyber attacks up 15%

The annual National Cyber Security Centre (NCSC) Cyber Threat Report shows a sharp increase in cybercrime in NZ. The report records 404 incidents affecting nationally significant organisations this year, a rise of 15% on 2019–20. State-sponsored hackers were linked to 28% of the incidents.

Perspective

The incidents noted were only a small proportion of the total number affecting New Zealand, but the NCSC’s focus on “nationally significant organisations” reflects a concern that crucial services are being shut down by cybercrime. The report follows hot on the heels of high-profile Distributed Denial of Service (DDoS) attacks that hit banks and the postal service in September. We’re written about what key industries such as healthcare and energy can do to combat cyber threats, and while the dangers are growing, the right cybersecurity strategy can repel most hackers – the NCSC estimate that they prevented $119 million in harm to New Zealand’s nationally significant organisations this year.

Payroll attack hits the wages of thousands of Aussie workers

A cyberattack on Frontier Software has left around 330 Australian employers without automated payroll. The company’s cloud-based systems were encrypted by ransomware, although no demand for money has yet been made.

Perspective

Employers such as Herbert Smith Freehills and Ramsay Health Care, which host Frontier on their own servers, have not been impacted, but those that use cloud services have suffered severe disruption. The hotel and casino owner Federal Group made $250 advance payments to hundreds of staff after regular payments were delayed. Frontier announced that it expected to restore functionality “in a staged process over the coming days”. Ransomware is a growing threat and, as well as looking to their own defences, organisations should carefully assess the ability of any cloud partner to resist and respond to attacks.

NSW elections face cyber risks as commissioner finds cybersecurity gaps

New South Wales’ electoral commission won’t meet the state’s own cybersecurity standards by the 4 December local government elections. Electoral Commissioner John Schmidt said he had called for higher funding to improve security, but there was still a real danger that a cyberattack could hit voting.

Perspective

Schmidt had asked for $22 million from Digital NSW in his last funding request. “If there was a state actor who, for whatever reason, decided to target any organisation in NSW,” he explained, “there would be a limitation to how much that could be withstood.” Electronic voting is being used for the first time in council elections and is expected to be popular due to the pandemic. State government cyber programs have been affected by budgetary constraints in the past, with many relying on ageing systems that leave them open to attack. With foreign governments linked to high-profile cases of election meddling around the world, election cybersecurity is a growing concern. Customer Service Minister Victor Dominello noted that a recent report put the NSW government second only to the federal government in cyber-readiness.

The world’s most dangerous malware is back

Less than a year after an international campaign crippled its operations, the infamous Emotet malware has returned. Frequently described as the “world’s most dangerous malware”, Emotet spreads via emails with titles such as “Re: Missing Wallet” or “tax invoice”. Once it has access to a device, it can provide an open door for other types of malware.

Perspective

Emotet’s re-emergence will frustrate the work of agencies such as Europol, who attacked Emotet’s infrastructure in January, seriously limiting its ability to cause damage. The revived malware botnet is now being run by the sophisticated criminal group Wizard Spider, and has begun multiple spamming campaigns, using reply-chain emails to trick users into clicking on links. Emotet attacks aren’t a new threat and doesn’t necessarily require a change in focus for security teams, but basic cyber hygiene, monitoring spoofing and ensuring staff know how to avoid clicking dangerous links are all key measures to maintain cybersecurity.

Social media giants could be fined $10 million for privacy breaches

Social media services and other large online platforms could soon face fines of up to $10 million if they do not safeguard Australians’ personal data. The legislation comes as part of a raft of measures designed to protect the public’s privacy as digital platforms collect more and more user data.

Perspective

The proposals will create an online privacy code for social media and other large online platforms operating in Australia, regardless of where they are headquartered. The platforms will be required to be more transparent about the data they use and share, and individuals will be able to prevent their personal information being used for marketing. Related measures will make parental consent for under-16s mandatory on social platforms. Companies will also be liable for fines if they do not take down defamatory material within 48 hours of receiving a notice from the eSafety commissioner. The moves come as Australia, like many other countries, recalibrates its laws to deal with today’s digital giants and reduce privacy breaches. We recommend everyone keep close tabs on their personal data and passwords. These steps can help parents talk to their children about online safety and privacy.

Technical Consultant, Mimecast

Bradley Sing is currently Technical Consultant at Mimecast where he has been since November 2016. Bradley has been working in the technology industry for almost four years and draws on his previous experience to help align customer business needs with the technical solutions that Mimecast provides, which ranges from product demonstrations to help documenting processes and aspects of products. Prior to his role at Mimecast, Bradley worked across the web hosting & domain name industry in Australia, working for Melbourne-based web hosting startup Hosting Australia and previously Melbourne IT Group.

Stay safe and secure with latest information and news on threats.
User Name
Bradley Sing