Global hack hits multiple Australian companies, with 16,000 Tasmanian documents leaked
Companies around the world have been hit by a mass ransomware attack by Russian-linked group Clop. Tasmanian education department documents and Rio Tinto payroll data have appeared in a dark-web dumps by the hacker group, with many other organisations believed to have been affected.
The attack, which exploited the GoAnywhere MFT file transfer service, is believed to have taken place in late January or February. Ransomware-as-a-Service (RaaS) gang Clop announced in mid-February that it had exploited a zero-day vulnerability in the software. While Fortra, which publishes GoAnywhere MFT, quickly patched the vulnerability, Clop claims it has already compromised the data of 130 companies.
Not all the alleged victims have been identified, but the Tasmanian government confirmed that 16,000 education department documents, including schoolchildren’s personal information, had been released. Meanwhile, global mining group Rio Tinto announced that the data of current and former employees could have been exposed, and casino giant Crown Resorts said it suffered a breach after using the service. Other victims around the world include the City of Toronto and Hitachi Energy. The attack is a stark reminder of the risks that third-parties can bring to your customer data.
Meriton employees and guests hit by cyberattack
Property and hotel giant Meriton has suffered a serious cyberattack. The breach includes birth certificates and bank details, with information about employees – including salary, tax and disciplinary data – making up the lion’s share of the information. Hotel guest contract details may also have been accessed.
The property developer and construction company, which has built around 80,000 apartments across Australia, warned almost 2,000 staff that their data is at risk. Meriton said that the incident had compromised 35.6 gigabytes of data and had been carried out by an as-yet unidentified third party. “We have been working closely alongside leading cybersecurity and forensic IT professionals and taking all available steps to protect against future risk to data and prevent recurrence,” said a spokesperson.
The incident is the latest in a wave of breaches that began in September, when telecoms giant Optus announced a cyberattack. Our eBook, Securing Australia’s Cyber Future, unpacks the damage and the risks – along with the best ways for companies to fight back.
Scams soared 80% in the last year
The Australian Competition and Consumer Commission (ACCC)’s latest report shows that scams grew more damaging than ever in 2022. Total losses rose to $3.1 billion, an increase of 80% year on year, while the average loss from a scam was up 50% at $20,000.
The ACCC’s statistics cover the whole of 2022, and only covers reported losses. It estimates that around a third of losses go unreported, making the real-world cost of scams even higher. Most scams were text-based (33%), with phone (29%) and email (22%) not far behind. Internet and social media-based scams were less common, but at 6%, they still add up to a combined $150 million.
“The losses are increasing,” says ACCC Deputy Chair Catriona Lowe, “because scams are harder to spot, and anyone can be caught”. Yet while the increasing sophistication of some scanners – including the use of carefully spoofed websites and text messages – is a cause for concern, the ACC also finds grounds for optimism. It hopes the new National Anti-Scams Centre will share expertise and disrupt criminals. But training in good cyber hygiene remains the necessary to ensure individuals can protect their data – and that your employees can safeguard yours.
‘Technical issue’ blamed as Service NSW announces data exposure
A website update is believed to have exposed the data of 3700 customers. A spokesperson for the NSW government agency said the issue was not a "data breach". The compromised information could include drivers’ licence details, vehicle registration, mobile numbers and the names of children.
The breach occurred for 90 minutes during an update to the “My Services” dashboard on the NSW website in late March. “Unfortunately, the update resulted in some customers’ information being visible to other customers who were logged in to the website between 1.20pm and 2.54pm,” explained NSW CEO Greg Wells said. Around 4000 customers are believed to have been affected, and all of them have already been contracted by the agency.
Breaches are often the result of simple error rather than hacking. Good data management and robust processes should be the norm across different departments and be reinforced by frequent awareness training.
Google warns Australian users of urgent security fixes
Having issued no zero-day security threat warnings for the first quarter of 2023, Google has now released two back-to-back. Both warn some Chrome users in Australia about bugs in the browser, which means that the security fixes should be installed urgently.
Google has not yet supplied exact details about the risks of the vulnerabilities for fear of alerting hackers. However, the first update, issued in late March, includes one bug that is believed to open access to saved passwords, while another allows out-of-bounds memory access to mice, touchscreens and other human-interface devices. The second update resolves several bugs, including one in the wild: an integer overflow in Google’s graphics engine, Skia, that compromises security.
Chrome users should update their browser immediately. Zero Day attacks on Google’s applications have actually declined since 2021 – here’s hoping that trend continues.