This month in security: September 2020
New Zealand stock exchange shut down in wake of offshore cyberattack
Cash market trading halted after an attack took down the NZX website in a DDoS (Distributed Denial of Service attack). Investigators suspect overseas actors at play.
The GCSB has issued a "be prepared" advisory for all Kiwi businesses on the heels of the cyberattacks on the stock exchange. In November last year, Crown cybersecurity agency Cert NZ put out a warning about Cozy Bear, a Russian hacker group, that may have been targeting NZ financial institutions. NZX confirmed the attack came from outside New Zealand but did not specify where. This incident highlights the risks of our modern tech world: a single, well-placed hacking attack can now disrupt an entire country’s stock exchange, albeit only temporarily in this case.
National Australia Bank experiencing nearly three million cyber threats per day
The bank warned that fraud attempts had increased by more than 78% between May and June.
In the first quarter of this year alone, NAB blocked 197 million cyberattacks, 41,000 of which were attempts to steal customer data. NAB chief executive Ross McEwan said the spike in the ferocity of attacks was “massive”, prompting them to raise their yearly cybersecurity investments by $70 million. The bank has been dealing with threats ranging from dodgy emails and phishing sites to network and application-based attacks on its digital banking platforms. COVID-19 has left a lot of people feeling anxious, and hackers are exploiting every chance they can get to scam both customers and employees out of their confidential information. If you receive any suspicious email from a bank, best to treat it with extreme caution.
ACSC addressed 2266 cybersecurity incidents last year
The Australian Cyber Security Centre responded to almost 2300 cybersecurity incidents last year, including 400+ from Government and critical infrastructure sectors.
The findings were reported in the ‘ACSC annual cyber threat report’ which revealed that the “ACSC responded to 2266 cybersecurity incidents” between July 2019 and June 2020, or around six incidents each day. Together, the federal, state and territory governments reported 803 incidents - the largest proportion of incidents in any sector - while critical infrastructure sectors, including electricity, water, health, communications and education, represented around 35 per cent of reported incidents. We’ve talked about the security risks facing Australia’s infrastructure before, and it looks like it will remain vulnerable for the foreseeable future unless drastic measures are taken.
Hackers claim to have breached the Department of Education, Skills, and Employment (DoE)
The attackers claimed to have hacked the personal details of more than one million students, teachers, and staff from government records.
After investigation and analysis, AusCERT, a non-profit organisation which provides cybersecurity alerting services for the Australian public and private sectors, determined the leaked data had not come from any government agency. In fact, the data set originated from K7Maths, an online service providing school e-learning solutions that was breached last year. AusCERT has urged schools using K7Math to review their cybersecurity measures. The education sector is a prime target for cyberattackers, and the K7Math data is still out in the wild.
54,000 NSW driver licences exposed in data breach
Thousands of scanned NSW driver's licenses were left exposed on an unsecured Amazon server.
The leak contained 108,535 scanned images of the front and back of NSW driver’s licenses, exposing birth dates, home addresses and driver’s license numbers. The server has been secured and the NSW Information and Privacy Commission is investigating the breach. However, the transport and roads agency in New South Wales (TfNSW) denies any liability for the leak, suggesting that an unspecified third-party service may be responsible. Investigations are still in progress.
The world’s first fatality from a cyberattack may have already happened
Servers at University Hospital Düsseldorf were attacked by ransomware, crashing systems and forcing the hospital to turn away emergency patients.
German authorities said that during the attack, a woman in a life-threatening condition had to be sent to another hospital 20 miles away, who did not survive. Prosecutors believe the woman died from delayed treatment caused by the hackers’ actions. Hospitals are a frequent target for cybercriminals, particularly ransomware attacks, because the urgent need to restore services makes it more likely that the hospital will pay the ransom. Germany’s Federal Agency for Security in Information Technology said that the attackers breached the hospital using a hole in Citrix software that was patched last January. Because the hospital failed to update its software, cybercriminals were able to use the flaw to break in and encrypt the data.