This month in security: October 2021

Australia unveils Ransomware Action Plan

The Australian government has announced a new action plan to counter ransomware. The plan would force businesses with a turnover of more than $10 million per year to report ransomware incidents.

Perspective
It also includes a $164.9 million investment for fighting cybercrime, support for the Australian Federal Police (AFP) in combating ransomware, and would introduce new offenses for cybercriminals who engage in extortion, target critical infrastructure or sell stolen data. The move comes as representatives from 31 countries met in Washington, DC to discussion global responses to ransomware. Ransomware is a growing threat – 64% of organisations experienced disruption from ransomware in the last year, with insurers increasingly cautious of the threat. Many experts say cyber currencies are the key to tackling ransomware, and the plan also allows the seizure of currencies used in ransom payments. Australian organisations will need to prepare for the new legislation’s impacts on their processes, and some tech groups have already indicated doubts about the linked Critical Infrastructure Bill. But a large-scale, coordinated response is key to beating the hackers, and that means national – and international action.

RBA says it’s “inevitable” that Australian banks will be breached

The latest financial review from the Reserve Bank of Australia (RBA) lists cyberattacks as an ever-increasing threat, and suggests that “given the very large number of attacks, it seems almost inevitable that at some point the defences of a significant financial institution will be breached”.

Perspective
Cyberattacks on Australia’s financial system have been limited so far, but threats are growing as cyber banking evolves. The RBA notes that major institutions in Australia are well defended, but underlines that a successful breach could have a serious economic impact and threaten consumer confidence, to the point that “significant disruption could threaten financial stability”. With distributed denial of service (DDoS) attacks hitting New Zealand’s stock exchange last year, and ANZ and Kiwibank last month, it’s clear that financial institutions must bolster their defences if they are to ride out the threats.

Hackers strike Macquarie Health Corporation

Hackers claim to have stolen the personal data of over 6700 people from the Australian healthcare firm.

Perspective
Macquarie Health Corporation, which operates 12 private hospitals in Sydney and Melbourne, has confirmed that it suffered an outage after the attack. The hackers claimed to have accessed more than 119,000 files totalling 225 gigabytes, and put data up for sale on the dark web. The incident is believed to have been a ransomware attack on systems running Windows. The healthcare sector in Australia and New Zealand has suffered repeated breaches in recent years. Many organisations are reliant on newly digitised systems, while health data is valuable because it’s packed with personal information that (unlike passwords) can’t be updated to stay ahead of the hackers. Healthcare organisations should view cybersecurity as a serious business concern, and instilling a cybersecure culture throughout – from the boardroom to staff onboarding, and software applications to networked medical devices – is essential.

Service NSW responds to phishing threats with new transfer app

Service NSW has introduced a secure data transfer app to safely send documents to other government agencies in wake of the growing number of cyberattacks.

Perspective
The move comes after a 2020 phishing attack that exposed 103,000 customers’ personal data and stole around 3.8 million documents. The in-house app has now been rolled out to around half the state’s service centres. Before the app’s introduction, staff would frequently send confidential documents to other government agencies by email. That exposed the data to cyberattackers – the cost of the 2020 breach has been estimated at $25 million. NSW has since introduced other cybersecurity measures, such as multi-factor authentication, increased use of DMARC email protocols and the establishment of a 24/7 security operations centre (SOC) in the attack’s aftermath. The shift to a secure, dedicated data transfer tool should lower the risk of future data breaches. Experts advise that government agencies pool knowledge and take a proactive security posture to protect against future attacks.

Twitch suffers data breach, with fears more leaks could follow

Twitch has confirmed it has suffered a major data beach. Hackers gained access “due to an error in a Twitch server configuration change”, said the company.

Perspective
The firm, which is owned by Amazon and specialises in eSports streaming, said neither login nor credit card details were exposed in the breach. However, the attackers have leaked source code for the company’s streaming service as well as an unreleased rival to games network Steam and details of creator payouts. Twitch has asked some users to reset the passwords, and we’d recommend everyone with an account does so, and sets up multi-factor encryption as a matter of course. Worryingly, the initial leak from the Twitch hacking incident was labelled “part one”, suggesting further batches may follow.

Cybersecurity reaches the final frontier

An out-of-this-world agreement was reached this month when two US agencies announced they would work together to ensure cybersecurity in space.

Perspective
The Space Information Sharing and Analysis Center (Space ISAC) and New York Metro InfraGard Members Alliance (NYM-IMA) have agreed to collaborate on education, training and intelligence-sharing. Satellites are crucial to GPS, mobile networks, weather reporting and military surveillance, making satellite cybersecurity a top priority. If cyberattackers exploit these networks, we could be in serious trouble. “The data collected and transmitted in space informs all sectors”, said NY Metro InfraGard Vice President Jennifer Gold. “We must secure the vulnerable technology in space to defend against the most consequential cyber threats.” As more governments, and even private individuals, become involved in space, collaboration and international regulation will become more and more necessary to manage space-age cyber threats.