Security News

The Australian Federal Police has pointed to Russia as the location of the attackers who breached local health insurer Medibank, accessed almost ten million customer records, and in recent days dumped some customer data onto the dark web. The release of customer data - some it containing intimate details of health services customers accessed using their insurance - came after Medibank refused to pay a ransom to secure the data on grounds that doing so would not guarantee customers' safety.

After suffering two large, and embarrassing, data breaches in recent weeks, the Australian government increased the fine for serious data breaches from $2.2 million to a minimum of $50 million. The problem is one of incentives, and Australia has now increased the incentive for companies to secure the personal data or their users and customers.

Australian authorities have asked the United States Federal Bureau of Investigation to assist with investigations into the data breach at local telco Optus. Attorney general Mark Dreyfus yesterday revealed the FBI was asked to help identify the entities involved in the attack, which saw Optus leak data describing over ten million account holders.

An Australian man was charged for developing and selling the Imminent Monitor remote access trojan, used to spy on victims' devices remotely. Yesterday, the Australian Federal Police announced that they had charged an Australian man, age 24, for developing and selling the Imminent Monitor software.

A previously undocumented Chinese-speaking advanced persistent threat actor dubbed Aoqin Dragon has been linked to a string of espionage-oriented attacks aimed at government, education, and telecom entities chiefly in Southeast Asia and Australia dating as far back as 2013. This involved leveraging old and unpatched security vulnerabilities, with the decoy documents enticing targets into opening the files.

The Australian Competition & Consumer Commission is raising awareness about a spike in money recovery scams. The agency warns in an alert today that reports of money recovery scams this year have increased in Australia by 725% compared to the same period in 2021.

Ransomware attacks are proliferating as criminals turn to gangs providing turnkey post-compromise services, Britain's National Cyber Security Centre has warned. The warning comes hot on the heels of several high-profile attacks against oil distribution companies and also businesses that operate ports in the West - though today's note insists there was a move by criminals away from "Big game hunting" against US targets.

The United Kingdom and Australia have signed a Cyber and Critical Technology Partnership that will, among other things, transport criminals to a harsh penal regime on the other side of the world. What we do know is that the two nations have pledged to "Increase deterrence by raising the costs for hostile state activity in cyberspace - including through strategic co-ordination of our cyber sanctions regimes." That's code for both nations adopting the same deterrents and punishments for online malfeasance so that malfeasants can't shop jurisdictions to find more lenient penalties.

Australia's government has announced it will compel social media companies to reveal the identities of users who post material considered defamatory. Just how social media companies will be made to identify users was not explained, nor has a bill been posted that would shed light on how the law would operate - but an "Exposure draft" of the law was promised "In the coming week" ahead of a consultation process.

Cybersecurity agencies from Australia, the U.K., and the U.S. on Wednesday released a joint advisory warning of active exploitation of Fortinet and Microsoft Exchange ProxyShell vulnerabilities by Iranian state-sponsored actors to gain initial access to vulnerable systems for follow-on activities, including data exfiltration and ransomware. The threat actor is believed to have leveraged multiple Fortinet FortiOS vulnerabilities dating back to March 2021 as well as a remote code execution flaw affecting Microsoft Exchange Servers since at least October 2021, according to the U.S. Cybersecurity and Infrastructure Security Agency, the Federal Bureau of Investigation, the Australian Cyber Security Centre, and the U.K.'s National Cyber Security Centre.