We have collated all of the key cyber media reports and industry news from November, in one place, so you don’t have to…
The past month has been a significant one, with the release of the Australian Cyber Security Strategy 2023 – 2030. A significant milestone in Australia’s cyber journey. Now that the dust has settled, jump in and watch our “industry briefing”. We had some 700 plus register for this event, such is the interest in the Strategy.
This month also saw the release of ASIC’s Cyber Pulse Survey and the ASD’s Annual Threat Report. Each of those can be accessed through the links below. In further industry news, the ACSC updated the Essential Eight Maturity Model (a set of technical requirements that are becoming a baseline for many businesses). The Government also appointed standalone Privacy and Freedom of Information Commissioners, and introduced new legislation in the Senate to strengthen and expand Australia’s Digital ID System.
In the breach space, we have seen a steady stream of incidents throughout the month, along with further updates on the MOVEit data breach and various articles looking at the tactics of Black Cat and LockBit.
In regulatory news, the OAIC is now demonstrating an intention to move into enforcement in relation to breach response itself (in addition to APP 11) with proceedings initiated in relation to the breach that impacted Australian Clinical Labs. This is the first time we’ve seen this and it illustrates a renewed focus on the notification process.
Finally, in HSF news, we were fortunate enough to be invited to speak at the annual AFR CFO Summit. Cam Whittfield was interviewed on stage by Michael Pelly. The interview looked at the role of the lawyer in breach response and the CFO’s role in cyber investment decision making.
Contents
Australian Cyber Security Strategy 2023-2030: Industry Briefing
In association with Secureworks, we brought together some of our cyber security leaders to participate in a one-hour industry webinar. Our guests included:
- Dr Derek Bopping, First Assistant Director General, Australian Signals Directorate;
- Anne Templeman-Jones, Non-Executive Director at CBA, NSW Treasury Corporation Pty Ltd and the Cyber Security Cooperative Research Centre; and
- Alex Tilley, Head of Threat Intelligence at Secureworks.
To watch the webinar, please click the button below:
AFR CFO Live Summit
Following the Australian Financial Review inaugural Cyber Summit in September, Cameron Whittfield was invited to speak at the Financial Review’s fifth annual CFO Live Summit. The discussion was wide ranging, but did focus on CFO investment decision making in relation to cyber.
Australia
2023-2030 Australian Cyber Security Strategy
Department of Home Affairs – 22 November 2023
On 22 November, the Australian Government released the 2023-2030 Australian Cyber Security Strategy. The Strategy outlines three key phases in the uplift of Australia’s cyber maturity and discusses the six ‘cyber shields’ which provide additional layers of defence to mitigate against evolving threats. If you only read one document in relation to the Strategy, read the Action Plan found here.
Strengthening Australia’s Digital ID System
Attorney-General’s Department – 30 November 2023
The Government has introduced new legislation in the Senate on 30 November to strengthen and expand Australia’s Digital ID System. Digital ID allows people to verify their ID when interacting online without having to repeatedly provide copies of their most sensitive documents, such as passports, birth certificates and driver licences. The Government is investing $145.5 million to support the Digital ID system and to implement independent regulation and oversight of the system. See the Hon Mark Dreyfus KC MP media release (30 November). Government boosts Digital ID funding by $145.5m
Freedom of Information Commissioner and Privacy Commissioner appointments
Attroney-General’s portfolio – 27 November 2023
The Albanese Government delivered on an election commitment to fully restore the Office of the Australian Information Commissioner (OAIC) with the appointment of standalone Privacy and Freedom of Information (FOI) Commissioners. Elizabeth Tydd has been appointed as the FOI Commissioner for a five-year term. Carly Kind will commence as the Privacy Commissioner on 26 February 2024, while Angeline Falk, the Australian Information Commissioner will continue as Privacy Commissioner until that time. This move will see the OAIC have a standalone FOI Commissioner, Privacy Commissioner, and Information Commissioner for the first time since 2015.
NSW government launches Mandatory Notification of Data Breach Scheme
Cyberdaily.au – 13 November 2023
This article examines the NSW Government’s new Mandatory Notification of Data Breach (MNDB) Scheme which became effective on 28 November as part of amendments to the Privacy and Personal Information Protection Act 1998 (PPIP Act). Public sector agencies bound by the PPIP Act are now required to notify the Privacy Commissioner and affected individuals of data breaches involving personal or health information likely to result in serious harm.
Queensland passes mandatory data breach notice laws
InnovationAus.com – 29 November 2023
This article outlines the Queensland government’s introduction of a mandatory data breach notification scheme for public sector entities. Queensland is the second state to legislate such a scheme which is near identical to that of New South Wales. Under the scheme, state and local government entities will be required to notify affected individuals and the Office of the Information Commissioner Queensland of eligible data breaches.
ACSC updates Essential Eight Maturity Model for 2023
Cyberdaily.au – 27 November 2023
This article looks at updates to the ACSC’s Essential Eight Maturity Model to meet the evolving cyber landscape and assist organisations in better defending themselves from threat actors. The most significant change now requires a 48-hour response timeframe to address vulnerabilities in online services, and requires organisations scan their systems for high-risk software at least weekly rather than fortnightly.
OAIC commences Federal Court proceedings against Australian Clinical Labs Limited
Office of the Australian Information Commissioner – 3 November 2023
The Australian Information Commissioner has commenced civil penalty proceedings in the Federal Court against Australian Clinical Labs Limited (ACL) resulting from an investigation of its privacy practices. The investigation arose as a result of a February 2022 data breach of ACL’s Medlab Pathology business that was notified to the Office of the Australian Information Commissioner (OAIC) on 10 July 2022. The OAIC’s investigation commenced in December 2022. Also see: OAIC alleges Australian Clinical Labs hack resulted from lacklustre security measures, Australian Clinical Labs to face court over 2022 data breach (Cyberdaily.au) See also the Australian article (3 November).
Banks to uplift technology under new anti-scam accord
ITNews – 27 November 2023
This article outlines how Australian banks will begin work on a new $100 million “confirmation of payee” system designed to deliver stronger protection levels for customers against scams and fraud. The system enables a payer to verify the payee account is authentic and belonging to the true account owner prior to authorising payment. It acts as the centrepiece of the banks’ new “Scam-Safe Accord” that includes six priority initiatives to make banking safer and more reliable for Australian consumers.
The ransomware ban is ‘inevitable’ but won’t become reality for at least 2 years
Cyberdaily.au – 24 November 2023
This article details the Federal Government’s plan to put a ban on ransomware payments, though Minister for Home Affairs and Cyber Security Clare O’Neil explained that such a prohibition will not be in effect for at least two years. O’Neil added that now is “clearly not the right time” as more groundwork needs to be laid to ensure that companies experiencing a ransomware attack have proper support and resources to deal with their breach. See also ITNews article (23 November).
Industry responds to the 2023-2030 Australian Cyber Security Strategy
Cyberdaily.au – 23 November 2023
This article discusses several responses from industry leaders to the 2023-2030 Australian Cyber Security Strategy. Whilst the Strategy has yielded considerable support, it is not without criticism. Specifically, it remains unclear how the Government will allocate its $587 million funding. There also remains questions around the roll-out of free cyber initiatives for small businesses, and how the Government will track and communicate progress of the Strategy to the wider community.
Australia’s watered-down cybersecurity regime is laughable
AFR – 23 November 2023
This article explores criticisms of the Federal Government’s Australian Cyber Security Strategy 2023-2030, with claims that the regime essentially relies on voluntary best efforts to address cyber attacks. The article also provides that early initiatives to bring greater accountability to digital vendors and corporate data holders were missing from the Strategy, while proposals to create specific corporate cyber obligations for directors were similarly absent.
Australia sets whole-of-government zero trust target
ITNews – 22 November 2023
This article reports on the Federal Government’s target to have a “zero trust culture” within the Australian public service by 20230 to protect data and digital assets. Under the revised Australian Cyber Security Strategy 2023-2030, the Government has committed to holding itself to the same standard it imposes on industry, with a focus on uplifts in identity verification and privileged access management.
Federal government bolsters cyber security support for SMBs with $41.6m investment
Cyberdaily.au – 21 November 2023
This article explores the Albanese Government’s plans to reinforce the cybersecurity capabilities of small and medium businesses as part of the 2023-2030 Australian Cyber Security Strategy. In a joint announcement, the Government confirmed their investment of $41.6 million to aid small and medium businesses, with $7.2 million going towards the establishment of a “voluntary cyber health-check program”. See also The Australian article (17 November).
Interview: CrowdStrike’s APAC CTO Fabio Fratucello – how generative AI combats the cyber skills gap
Cyberdaily.au – 21 November 2023
This interview with Fabio Fratucello, CrowdStrike’s APAC CTO, discusses how generative AI may help to mitigate against a cyber skills shortage. Fratucello gives several examples of the practical utility of AI, and likewise unpacks the role of the Australian Government in progressing AI developments.
Home Affairs’ new Cyber Incident Review Board protects and investigates breached organisations
Cyberdaily.au – 20 November 2023
This article details the introduction of a Cyber Incident Review Board who will conduct investigations into major cyber attacks in an effort to gain a deeper understanding of how to defend Australia from threat actors. Home Affairs and Cyber Security Minister Clare O’Neil explained that the Board will run “no-fault investigations” to collect information, and impacted businesses will not be prosecuted for breaches suffered.
TPG says SOCI reform could result in unnecessary bureaucracy
Cyberdaily.au – 15 November 2023
This article examines TPG’s claims that telcos being classed as critical infrastructure under the Security of Critical Infrastructure Act could result in unnecessary regulatory pressure, rather than encouraging accountability. Home Affairs and Cyber Security Minister Clare O’Neil announced the potential amendment to legislation which, if passed, would require telcos to meet obligations such having risks management plans in place. See also Cyberdaily.au article (14 November).
Govt pursuing cyber safe harbour to spur data sharing
InnovationAus.com – 15 November 2023
This article unpacks the Federal Government’s plans to pursue safe harbour laws that temporarily shield companies from liability during a cyber-attack in an effort to improve information sharing with Australia’s cyber regulators. It follows reports made by the Australian Signals Directorate (ASD) that the ability of businesses to recover from cyber-attacks are being impeded by lawyers who are too concerned with future regulatory actions from the government. See also AFR article (15 November) and ITNews article (15 November).
Businesses face cyber ransom reporting scheme
InnovationAus.com – 13 November 2023
This article details the Albanese government’s plans to introduce a mandatory ransomware reporting scheme for businesses, ruling out an outright ban on the payment of ransom demands. This comes weeks after the Federal Government formally pledged not to pay cyber ransom demands at the Counter Ransomware Initiative (CRI) summit in Washington DC.
Directors more pessimistic in second half
Australian Institute of Company Directors – 8 November 2023
This article explores the decline in director confidence in Australia’s business conditions and the state of the national economy, with cyber-crime remaining the number one issue keeping directors awake at night. This is the third consecutive negative result for the Director Sentiment Index (DSI) which has dropped significantly since the first half of the year.
Zimperium launches Australia’s first sovereign-hosted MTD capabilities
ITBrief.com.au – 8 November 2023
This article discusses how Zimperium has launched Australia’s first sovereign-hosted mobile threat defence (MTD) capability. This move enables agencies and key infrastructure assets to readily integrate the MTD capabilities into their overall defences, promoting early detection of mobile breaches and securing critical data. It also coincides with Microsoft’s announcement of a $5 billion investment into building-out Australia’s cyber defence shield, with nine new data centres to be constructed in the coming years. See also the Australian article (7 November).
APRA puts financial sector on notice to lift standards over its cyber security
The Australian – 4 November 2023
This article details takeaways from a speech given by APRA chairman John Lonsdale to industry representatives, with Mr Lonsdale stating that the regulator is concerned about resiliency across the financial sector and the capability for companies to respond to financial shocks and cyber breaches. See also the Investment Magazine article (3 November).
ABC – 1 November 2023
This article reports on the Federal Government’s first review into the dangers faced by Australia’s critical infrastructure. The review found that foreign intelligence services are targeting disgruntled employees as recruitment tools, and also highlights how the growing trend of working from home has made insider threats more difficult to detect.
Blurring tech boundaries a cyber risk, says CISC – Security
IT News – 1 November 2023
The article discusses findings from the Cyber and Infrastructure Security Centre’s first annual risk assessment. The report warns that the convergence of operational technology and IT, along with IoT rollouts, is increasing risks to critical infrastructure. See also Critical Infrastructure Annual Risk Review and Cyberdaily.au article (1 November).
Emerging Threats to Financial Stability – New Challenges for the Next Decade
RBA – 31 October 2023
This article details a speech given to the Australian Finance Industry Association Conference by Brad Jones, Assistant Governor (Financial System) at the Reserve Bank of Australia. Jones explored emerging operational risks to the financial sector posed by cyber security, the cloud and AI.
Australia hosts joint cyber warfare training operations with the US
Cyberdaily.au – 30 October 2023
This article discusses how cyber experts from the US and the Australian Defence Force have partnered to launch cyber warfare training operations. The training aims to strengthen the partnership between the US and Australia, while bolstering cyber capabilities of experts and national defences.
International
NIST Says Federal Agencies Struggling to Achieve Zero Trust
Data Breach Today – 30 November 2023
This article explores statements made by National Institute of Standards and Technology (NIST) representatives that claim most US agencies are struggling to grapple with the preliminary step of determining what information exists on their systems and identifying a complete inventory of devices operation on their networks. US federal agencies have less than a year to show they can fulfil basic requirements of zero trust architecture after President Joe Biden signed an executive order in May 2021.
UK cyber watchdog releases international guidelines for AI development
Cyberdaily.au – 28 November 2023
This article details new guidelines released by the UK’s National Cyber Security Centre on AI development. The guidelines are divided between four stages – secure design, secure development, secure deployment, and secure operation and maintenance – each reflecting a different phase of an AI tool’s life cycle.
EU mulls wider scope for cyber security certification scheme
ITNews – 27 November 2023
This article discusses how the EU is considering broadening the scope of their proposed cybersecurity labelling rules that commits to establishing cybersecurity measures for cloud services providers. The proposal currently contains provisions that require US tech giants like Microsoft and Google to set-up a joint venture with an EU-based company to qualify for the EU cybersecurity label; however, widening the scope of the scheme would capture banks and airlines according to the latest draft of the rules.
European Commission Failing to Tackle Spyware, Lawmakers Say
Data Breach Today – 24 November 2023
This article provides insights into a recent resolution passed by European lawmakers which has slammed the EU’s executive branch’s inaction to prevent spyware abuse. The European Parliament in March 2022 pledged to investigate commercial spyware, yet lawmakers in June called on the European Commission to introduce tighter spyware export controls to permit commercial spyware’s only in exceptional cases. Lawmakers set a deadline of 30 November for the executive to introduce legislation that enshrines those recommendations, but no such laws have been ratified.
NCSC announces New Standard for Indicators of Compromise
Infosecurity Magazine – 20 November 2023
This article explains how the UK’s National Cyber Security Centre has revealed details of its first RFC standards body, the Internet Engineering Task Force (IETF), that manages indicators of compromise (IoCs). RFCs are reference documents which contain technical specifications and notes for the technical foundations of the internet and are designed to observe patterns and artefacts associated with a cyber attacker. See also ITNews article (21 November).
BlackCat Gang Tattles to SEC About Victim Not Disclosing Breach
Data Breach Today – 16 November 2023
This article reports that the BlackCat ransomware group informed US federal regulators that one of their victims, MeridianLink, did not disclose a cyberattack they suffered within four business days as required by the Securities and Exchange Commission. BlackCat listed MeridianLink on its data leak site and threatened to leak stolen data unless a ransom was paid within 24 hours. See also Security Week article (16 November).
EU Cyber Resilience Act could constrict supply chains, says Siemens
Cyberdaily.au – 7 November 2023
This article explores new proposed EU regulations for targeting cyber security risks which would require manufacturers of internet-connected devices to screen their products for vulnerabilities. Several multinational conglomerates such as Siemens and Ericsson have responded to the proposed legislation, claiming that it could constrict supply chains. See also Teiss article (6 November).
The emerging threat of Microsoft Teams phishing
Teiss – 7 November 2023
This article examines research conducted by Teiss into Microsoft Teams phishing campaigns, with an increase in organised cybercrime groups adopting this method of exploitation. The process for the threat actor involves low-level social media scraping to determine key members of an organisation, with hackers creating Teams accounts to impersonate those individuals and disguise themselves within the business’ systems.
40+ nation global alliance agrees to not pay hackers ransomware payments
Cyberdaily.au – 1 November 2023
This article details how the International Counter Ransomware Initiative, a coalition of over 40 nations led by the US, has announced its commitment to not pay ransoms to cybercriminals. Australia is among the countries that have joined this global effort, with the pledge aimed at protecting government agencies from being targeted by hackers. See also Counter Ransomware Initiative (homeaffairs.gov.au).
Cybercrime and violent crime are converging
World Economic Forum – 31 October 2023
This article reports on how the increased number of cyber-attacks in recent years have led to violent criminal consequences, with the UN citing that at least 220,000 people have been trafficked in Southeast Asia and forced to run online scams. Evidence suggests that cyber criminals are exploiting poor job opportunities to coerce victims into working as online fraudsters, mainly from Myanmar and Cambodia, but also from African and Latin American nations.
Industry responds to the White House’s AI executive order
Cyberdaily.au – 31 October 2023
This article explores different industry responses to the Biden administration’s newly announced executive order on the use of artificial intelligence that requires federal agencies to issue standards and guidance to police how AI is applied and leveraged.
UN appoints AI global advisory council
Cyberdaily.au – 27 October 2023
This article examines the UN’s appointment of an AI global advisory council which will report on the benefits and risks that AI creates, as well as the implications faced by its adopters moving forward.
The Commonwealth Cyber Security Posture in 2023
Australian Signals Directorate – 16 November 2023
The ASD has published its Commonwealth Cyber Security Posture in 2023 report. The report informs the Parliament on its implementation of cyber measures across the Federal Government for the 2022-23 financial year. Key findings from the report include:
- the proportion of government entities that reached Overall Maturity Level 2 across the Essential Eight mitigation strategies has improved, with an increase to 25% of entities up from 19% in the previous financial year;
- an increase in entities reported as having an incident response plan in place, up to 82% of entities in 2023 as compared to 79% in 2022; and
- the percentage of entities reporting cyber security incidents to the ASD declined in the 2022-23 financial year, with only 42% reporting in 2023 as compared to 51% in 2022.
ASD Cyber Threat Report 2022-2023
Australian Signals Directorate – 14 November 2023
The ASD has published its Annual Cyber Threat Report for 2022-23. The report demonstrates the ongoing persistent threat that cyber espionage campaigns pose to Australia and essential national services. Notably, almost 94,000 cybercrime reports were received by the ASD, representing a 23% increase from the prior year. Other key findings from the report include:
- the average cost of cybercrime per report increased by 14% from last year;
- the top 3 cybercrime types for businesses were email compromise, business email compromise (BEC) fraud, and online banking fraud; and
- 10% of all incidents responded to by the ASD included ransomware.
ASIC Spotlight on cyber: Findings and insights from the cyber pulse survey 2023
ASIC – 13 November 2023
ASIC has published a report which outlines key findings from their Cyber Pulse Survey 2023. The report highlights important cyber trends, identifies areas for improvement to mitigate against threats, and outlines industry-best standards and practices with practical examples. Key findings from the survey include:
- phishing, ransomware and business email compromise are considered the top cybersecurity threat to organisations;
- supply chain risk management, data security, consequence management, and adoption of cybersecurity standards are the top areas for improvement for businesses;
- 33% of surveyed organisations do not have a cyber incident response plan in place; and
- 20% of surveyed businesses have not adopted a cybersecurity standard.
The State of Ransomware in Healthcare 2023 – Australian Cyber Security Magazine
Australian Cybersecurity Magazine – 2 November 2023
Sophos has released a report based on a survey of 233 IT and cybersecurity professionals across 14 countries working in the healthcare sector. Amongst those organisations surveyed, cybercriminals successfully encrypted data in nearly 75% of ransomware attacks. The report also addresses the root cause of attacks, data recovery and the propensity to pay ransoms. It also recommends best practices to help defend against cyberattacks. See also The State of Ransomware in Healthcare 2023 (10 August).
Australia
Certis Security Australia suffers email breach
ITNews – 30 November 2023
This article reports that Certis Security Australia has suffered a breach of its email systems, with the personal information of some employees and partners having been accessed by an unknown third party. The accessed data includes names addresses, dates of birth and tax file numbers, with Certis indicating the system compromise was consistent with a “possible ransomware threat executed by a phishing email”.
NDIA data breach claimed to impact 11,000 “records”
ITNews – 29 November 2023
This article reports that a NDIA staffer who was arrested and charged following an investigation into an insider leak of recipients’ data shared an estimated 11,000 “records” with at least one service provider associated with the scheme. While Minister for the NDIA Bill Shorten noted that this was “not a cyber breach” of the agency, he did confirm that the types of information disclosed included full names, date of birth, gender and addresses. See also ITNews article (29 November).
LockBit ransomware gang claims hack on Queensland-based Q Automotive Group
Cyberdaily.au – 29 November 2023
This article provides that the LockBit ransomware gang has hacked the Q Automatic Group after positing tranches of data on its leak site. The first swathe of data was uploaded on 21 November, with subsequent batches of information being posted in the following days. The data included links to either download or torrent a nearly 50-gigabyte compressive folder, with information including lease agreements, redundancy payouts, and training details for many of Q Automatic Group’s employees.
Government investigates Optus outage after hundreds unable to access 000
Cyberdaily.au – 28 November 2023
This article explores the Federal Government’s announcement that it will review and investigate Optus’ recent outage following reports that it prevented some individuals from contacting emergency services. According to Optus, 228 individuals were unable to contact Triple Zero, and the investigation will evaluate how the outage affected the system, and what would need to change to ensure it is fully operational.
Report: 3m Australians impacted by scams this sales season
Cyberdaily.au – 27 November 2023
This article reports that one in three Australian who shopped online for Black Friday and Cyber Monday deals were targeted by some form of shopping scam. According to survey results from NordVPN, 33% of all Australians experienced online scams during the last 12 months which represents a 7% increase over the last year.
Optus appeals decision exposing Deloitte report to class action glare
Lawyerly – 27 November 2023
This article details Optus’ appeal to a Federal Court ruling that could result in the release of a forensic report by Deloitte into last year’s data breach. Optus is seeking to prevent Slater & Gordon from receiving the report, with former CEO Kelly Bayer Rosmarin explaining during a Senate inquiry earlier this month that the report could raise national security concerns given that it “contains a forensic investigation into our cyber defences” and is “highly sensitive” in nature. See also AFR article (28 November).
Australian Federal Police assists in arrest of Malaysian phishing operator
Cyberdaily.au – 27 November 2023
This article outlines the AFP’s involvement in a joint operation with Royal Malaysia Police and the FBI to take down a phishing operation targeting Australia’s MyGov website. A Malaysian national in Borneo was arrested as part of the operation who was responsible for selling “phishing kits” that targeted MyGov.
Patient information stolen from a Glenelg-based GP clinic through a cyber attack
The Advertiser – 25 November 2023
This article reports that a Glenelg-based GP has emailed its patients advising them that their personal details have been accessed by a threat actor. A hacker group named BianLian has claimed responsibility for the attack, with the practice confirming the group accessed patients’ names, ages, dates of birth, Medicare card number and pension card numbers.
Fury as Victorian pathology patients’ medical records exposed on dark web
Herald Sun – 2 November 2023
This article details frustrations from patients of specialist pathology service TissuPath for its lack of communication after they were notified of a data breach in August. TissuPath had its client records exfiltrated after a third party IT supplier was hacked, allowing cybercriminals to access pathology request forms which were scanned between 2011 and 2020.
International
US Sanctions North Korean Cyber Unit After Satellite Launch
Data Breach Today – 30 November 2023
This article reports that the US and its foreign partners have hit the Kimsuky Cyberespionage Unit with sanctions for carrying out missile-related technology procurement efforts. Kimsuky is known for its social engineering campaigns against targets and entities it suspects hold intelligence on geopolitical events. North Korean state-run media have claimed that their reconnaissance mission used satellite to take detailed photos of the White House, the Pentagon and American military bases. See also Data Breach Today article (29 November).
OKTA Says Hacker Stole Every Customer Support User’s Details
Data Breach Today – 29 November 2023
This article details Okta’s confirmation that the attacker behind its September data breach exfiltrated more data than first believed, including details of all Okta’s users of its primary customer support systems. Okta initially announced in early November that attackers stole sensitive data belonging to 134 customers but has since confirmed that much more data has been taking including a complete list of customer support system users’ usernames and contact details.
UK cyber attack shuts down hundreds of UK realtors and lawyers
Cyberdaily.au – 28 November 2023
This article provides details of a successful hack against legal IT firm CTS which has caused disruption to hundreds of estate agents and law firms, leading to shutdowns across both industries.
Police Bust Suspected Ransomware Group Ringleader in Ukraine
Data Breach Today – 28 November 2023
This article details that Ukrainian police have arrested a cohort of cybercriminals in the Ukraine who they allege launched ransomware attacks against several organisations based across more than 70 countries. It is reported that the group has been linked to attacks that have affected over 1,800 victims and have demanded ransom payoffs that total at least several hundreds of millions of dollars.
Teiss – 28 November 2023
This article outlines that Vanderbilt University Medical Centre (VUMC) was hacked by the Meow ransomware group after the cybercriminals added VUMC to its list of victims on its data leak site. The nature and extent of the breach remains unclear, though Meow has made the stolen data available for download and has promised the “company will be hacked again”.
Rhysida ransomware group lists British Library data for sale
Cyberdaily.au – 24 November 2023
This article confirms that data belonging to the British Library customer data has been offered for sale on the dark web following a major outage they suffered last month. The Rhysida ransomware group posted images to its leak site with sample data, including passports and employment documents.
Hacktivists leak data belonging to US nuclear research lab
Cyberdaily.au – 22 November 2023
This article reports on the breach of a US nuclear laboratory by the SiegedSec hacktivist group who has posted stolen data on its leak site. SiegedSec claims they successfully accessed “hundreds of thousands of user, employee and citizen data” including names, email addresses and dates of birth.
Report Details Aftermath of ICBC LockBit Ransomware Attack
Data Breach Today – 21 November 2023
This article provides findings from new reports that reveal the fallout from a ransomware attack that targeted the Industrial and Commercial Bank of China (ICBC) earlier in November. In an investors service cyber report, it was suggested the attack caused trade settlement issues that partially disrupted the market in the US Treasury investments.
California’s City of Long Beach declares a state of emergency to respond to a major cyber attack
Teiss – 20 November 2023
This article explores the City of Long Beach’s announcement that it suffered a significant security incident which forced officials to take network systems offline and announce a state of emergency. The City has stated that some systems will remain non-operational for several days pending an investigation into the incident.
Samsung hack exposes personal information of UK customers
Cyberdaily.au – 17 November 2023
This article confirms that Samsung has been impacted by a cyber attack, resulting in the personal data of some of its UK customers being exposed. Samsung has stated the attack was caused by an unauthorised user accessing the company’s systems through a vulnerability in a third-party application.
Chess.com faces second data leak as threat actors target over 476,000 users
Teiss – 13 November 2023
This article provides insights into the data breach which impacted Chess.com after threat actors exploited the platform’s application programming interface feature to extract publicly available user data. Over 476,000 users were affected with their information leaked on several breach forums.
BlackCat ransomware group says it stole 35TB of sensitive data from Henry Schein’s network
Teiss – 8 November 2023
This article examines BlackCat’s hack of Henry Schein, a leading U.S. healthcare solutions provider. The cyber-attack impacted facets of Henry Schein’s manufacturing and distribution business, with the healthcare provider taking parts of its internal network offline to limit the spread of the malware. Henry Schein later confirmed that the breach compromised customers’ financial information. See also Teiss article (17 November).
LockBit group claims major ransomware attack on Mexico City’s Querétaro Intercontinental Airport
Teiss – 7 November 2023
This article confirms that the LockBit ransomware group has claimed responsibility for a major cyber-attack on the Querétaro Intercontinental Airport, one of Mexico’s busiest airports. LockBit issued a ransom demand with a deadline of 27 November and claimed it had exfiltrated “tremendous amounts of sensitive data”. This came five days after LockBit successfully targeted Boeing and Shimano in a cybersecurity breach.
Shimano faces threat of massive data breach by LockBit ransomware group
Teiss – 6 November 2023
This article discusses a significant data breach that affected Shimano, a global manufacturer of cycling components, with the LockBit ransomware group claiming responsibility. LockBit issued a ransom deadline which threatened to release confidential data including factory inspection results and financial documents unless demands were met. Shimano decided not to pay the ransom, and LockBit published confidential data to its leak site. See also Cycling Weekly article (24 November).
Boeing says ‘cyber incident’ hit parts business
Reuters – 2 November 2023
This article reports on Boeing’s cybersecurity breach by the ransomware group LockBit. The cybercriminals targeted Boeing’s parts and distribution business under its Global Services division, with Boeing currently investigating the incident and coordinating a response with law enforcement and regulatory authorities.
Over 632k US defence and justice department emails exposed in MOVEit hack
Cyberdaily.au – 31 October 2023
This article confirmed that over 632,000 US defence and justice department emails were exposed almost five months after the MOVEit hack caused by the Russia-based Clop ransomware group.
BlackCat ransomware group claims major cyber attack on LBA Hospitality
Teiss – 30 October 2023
This article explores how the BlackCat ransomware group has claimed responsibility for successfully infiltrating LBA Hospitality, one of America’s largest hospitality management groups, and stealing up to 200GB of confidential data. The hacker group claimed that it exfiltrated “highly confidential” data from the company’s main server and gave LBA three days to pay the ransom demand to prevent publication of the stolen data.
Gen Digital confirms data breach; personal data of CCleaner users stolen
Teiss – 30 October 2023
This article provides that Gen Digital, a multinational software company that owns brands like Avast, has confirmed they suffered a data breach in May which resulted in the theft of personal information belonging to its customers. The hackers responsible for the breach exploited a vulnerability in the MOVEit file transfer tool, with stolen data including contact information and names.
Southern Illinois University says MOVEit Transfer breach impacted over 38k staff and students
Teiss – 27 October 2023
This article confirms that Southern Illinois University suffered a data breach as a result of the Clop ransomware group exploiting a zero-day vulnerability in the MOVEit Transfer web application. Files which contained the personal information of staff and students were compromised, with impacted data including names, personal identifiers and Social Security Numbers.
Note: The articles above are a selection of cyber related media reports during the month of September 2023. The linked articles are provided for convenience. The headlines, summaries and articles themselves do not represent the views or opinions of HSF.