This month in security: September 2021
ACSC report shows cybercrime up 13%
The Australian Cyber Security Centre’s Annual Cyber Threat Report shows the increasing danger cyberattackers pose to Australian businesses. It recorded 67,500 cybercrimes in 2020-21, an increase of 13% on the previous year.
The figure equates to one cyberattack per eight minutes. The report also noted the rise of ransomware, with attacks up 15%, and the increasing cost of Business Email Compromise (BEC), with the financial losses from incidents rising 54% year on year. The ACSC also flagged the growing threat to critical infrastructure, including the health service, and the role played by COVID-19 in encouraging remote work – giving cyberattackers more opportunities to exploit weaknesses. With threats rising across the board, encouraging a culture of cyber resilience is a must for all organisations, big and small.
New Zealand banks and services hit by huge DDoS attack
A massive Distributed Denial of Service (DDoS) attack hit businesses in NZ, including names like Kiwibank, Metservice, ANZ and New Zealand Post.
The attack began on 8th September and caused outages on numerous organisations’ websites. Repercussions have lasted over a week, leaving many New Zealanders unable to use internet or phone banking; some bank customers complained they were unable to pay bills. Government agency CERT NZ reassured the public that their data was not at risk. More companies are beginning to host their own data centres in New Zealand, which may help reduce the impact of similar attacks in future.
Victoria launches new cybersecurity strategy
The $50m plan will initially focus on “strengthening security for government online services and communications”.
The new strategy focuses on three missions: delivering government services safely, making the state a secure place to “work, live and learn” and supporting the cyber sector. The plan will create a single Security Operations Centre to manage cybersecurity across government services, and its success will be tracked by Victoria CISO John O'Driscoll. The news comes in the aftermath of two damaging cyberattacks on hospitals, plus audits that have shown vulnerabilities in Victoria’s cybersecurity posture – it’s a promising initiative, and we’re looking forward to the strategy delivering some big wins for cybersecurity at the state level.
Melbourne’s Stonnington council shuts down services after data breach
A cyberattack forced the City of Stonnington to shut down online services, including its ePlanning portal and payments.
The data breach, which the council described as being part of a “global incident”, resulted in services being pulled while the attack was investigated. Stonnington, in Melbourne’s inner southeastern suburbs, reactivated its services a week later, stressing that “ratepayer and customer data is safe”. The response was coordinated with Victoria’s Department of Premier and Cabinet (DPC). Local governments can be vulnerable to cyberattack – which is why using real-time threat intelligence is quickly becoming a necessity, along with the tried-and-trusted measures of engaging user awareness training and mail server protection.
WA Parliament hit by a second cyberattack
The Parliament of Western Australia has suffered two cyberattacks in the last year, but authorities aren’t saying who was responsible.
The WA Parliament’s email network experienced a high-profile attack in March 2021. The ACSC subsequently advised organisations to patch vulnerabilities in Microsoft Exchange, with news organisations flagging overseas hackers as the likely culprit. A representative for the parliament has now confirmed that there has been a second deliberate attack in the last twelve months, but did not name the instigator. A huge 70% of Australian businesses expect to be damaged by an email attack – the risk affects organisations in every sector.
REvil is back
The Russian gang, described as ransomware’s biggest menace, is back in action on the dark web.
The Tor portal used for payment and negotiation by notorious cybercriminals REvil reopened in early September and are reportedly back in business. The gang had shut their site down and disappeared from view in July, shortly after demanding US$70 million from software company Kaseya. Experts had speculated that the group might eventually reappear in a new guise, but instead the ransomware specialists have picked up where they left off – reiterating previous ransom demands and posting evidence of new attacks. Summer in the northern hemisphere is usually a quiet period for ransomware attacks – REvil, sadly, may just have simply have taken the opportunity to have a cool-down period.