Author: Crystal Hewett

Commonwealth Bank Indonesian subsidiary hacked, 162m Users’ data compromised

PT Bank Commonwealth (PTCB), the Indonesian subsidiary of the Commonwealth Bank of Australia (CBA), has announced it has suffered a major cyber security attack.

The criminals who claim to be behind the attack said they have obtained data from 162 million users.

The cyber attack occurred when unauthorised parties accessed a web-based software application used for project management, according to an announcement from CBA on behalf of PTBC.

Despite the incident PT Bank Commonwealth “continue to operate as normal”, the statement said.

CBA has said its own systems are separate to those accessed by the hackers, “Commonwealth Bank of Australia’s systems are segregated from PTBC’s systems,”

“We are working closely with PTBC and supporting their efforts in this matter.”

This is the newest Australian owned business to suffer a major data breach in a string of similar incidents across the country.

The severity of these recent attacks have been an opportunity for criminal groups, leaving Australia to be seen a soft target for cyber crime.

Do you know the security score of your key service providers? How safe is the data your organisation collects from its customers? Are you aware of the new laws around data breaches?

Acurus helps companies start to build Cyber Security resilience by aligning to the ACSC Essential 8 as a starting point. We then help companies build out sophisticated and mature IT security capabilities and standards. 

Contact us below to speak with our cyber security experts and start the journey to protect your company today.

Contact



    Attacks against governments jumped 95% in last half of 2022

    Attacks against governments jumped 95% in last half of 2022

    The number of attacks targeting the government sector increased by 95 per cent in the second half of 2022, a new report has found.

    The report by AI-based cyber security vendor CloudSek found India, the US, Indonesia, and China accounted for 40 per cent of the total reported cyber security incidents in the government sector.

    Rapid digitisation and the shift to remote work during the pandemic broadened the attack surface of government entities leading to an increase in attacks worldwide.

    Government agencies are at a higher risk because of the huge amounts of individual data they collect and store. During an attack this information can be accessed and later sold on the dark web.

    The most common types of attacks included hacktivist activity – hacking for political purposes – accounting for about nine per cent of the reported incidents in the government sector. Along with ransomware groups, which accounted for six per cent of the total incidents reported.

    CloudSek noted to prevent future attacks a zero-trust model needs to be adopted by government agencies, assuming that the user identities or the network itself may already be compromised, proactively verifying the authenticity of user activity.

    The report also found the most common threat actors of 2022 were KelvinSecurity and AgainstTheWest, the two groups were also most prominent in 2021.

    KelvinSecurity uses targeted fuzzing and exploits common vulnerabilities to target victims. The group publicly shares information such as new exploits, targets, and databases on cybercrime forums.

    AgainstTheWest started operations in October 2021 and identifies itself as APT49 or BlueHornet. It is focused on exfiltrating region-specific data and selling it on the dark web.

    Do you know your Cyber Security capabilities, and your level of risk? Do you have a clear plan on how to improve your capabilities? Would you know what do to do if you had a cyber security incident? 

    If you are concerned about cyber threats and don’t understand what your level of risk is, request a free assessment to start your journey on protecting your company, employees and customers below. 

    Contact



      Hackers abuse legitimate remote monitoring and management tools in attacks

      Hackers abuse legitimate remote monitoring and management tools in attacks

      Researchers and government agencies warn that threat actors are increasing their use of legitimate remote monitoring and management (RMM) tools to enable financial scams.

      Researchers from Cisco Talos reported this week that one particular commercial RMM tool called Syncro was observed in a third of the incident response cases the company was engaged in during the fourth quarter of 2022.

      RMM tools are commonly used by managed service providers (MSPs) and IT help desks so their presence on an organisation’s network and systems might not raise suspicion.

      In a number of the attacks discovered, threat actors sent help-desk-themed phishing emails to employees on both their government-issued and personal email addresses.

      The email link led to a website that prompted an executable download. If run, this file connected to a second domain controlled by the attackers and downloaded RMM tools such as ScreenConnect (now ConnectWise Control) and AnyDesk in self-contained portable executable format.

      Malicious operators then instructed victims through the RMM software to open their bank account in the browser and used their access to modify the bank statement to show a larger-than-normal refund was issued to the victim’s account.

      Cisco Talos reported nearly 40 per cent of engagements this quarter featured phishing emails used as a means to establish initial access, followed by user execution of a malicious document or link.

      The lack of multi-factor authentication (MFA) remains one of the biggest weaknesses for enterprise networks. In almost 30 per cent of incidents investigated by Talos, MFA was either completely missing or was enabled only for a few critical services and accounts.

      How secure is the RMM tool your company uses? Are you using MFA and passphrases to protect your accounts and devices? Would you be able to recognise a financial phishing attempt from a threat actor?

      If you are concerned about the security of your RMM or need help understanding your level of risk, request a free assessment to start your journey on protecting your company, employees and customers below. 

      Contact



        Microsoft will stop selling Windows 10 licences in a few days

        Microsoft will stop selling Windows 10 licences in a few days

        Bad news for anyone wanting to build a PC with Windows 10, with Microsoft announcing it will stop directly selling Windows 10 licences by the end of the month.

        Microsoft will halt digital downloads of Windows 10 on the 31st of January 2023, according to notices posted to the Windows 10 Home, Pro, and Workstation pages on Microsoft’s site.

        Microsoft’s decision means that only existing stores at third-party retailers will be able to sell Windows 10 licences.

        The elimination of the Windows 10 licence also means that Windows 11 will be the only operating system that Microsoft will allow you to buy from them.

        Microsoft’s Windows 10 Home product page says Windows 10 will remain supported with security updates that help protect your PC from viruses, spyware, and other malware until October 14, 2025.

        The news of Windows 10’s end-of-sale closely follows the actual end of Windows 7, 8, and 8.1, as Microsoft stopped providing updates for those operating systems on January 10. There are still plenty people using pre-10 versions, which are now left open to bugs and cyberattacks.

        Is your PC Windows licence in need of an update? Could your system be outdated and now at risk of cyber threats?

        If you need to update your current operating system, Acurus will continue to sell Windows 10 licences along with newer versions as well.

        Contact



          Big telcos’ NBN market share drops as challenger RSP brands find favour with consumers

          Australia’s biggest telecommunications providers are experiencing falls in market share as challenger RSPs close the gap.

          In the quarter that ended in September, big players in the National Broadband Network (NBN) market saw their shares decrease by over 123,000 residential services.

          According to the Australian Competition and Consumer Commission (ACCC), Telstra, TPG, Optus and Vocus combined market share dropped by 1.6 percentage points to 85.8 per cent, with Telstra experiencing the largest fall in market share, down 0.6 percentage points to 42.7 per cent. 

          Superloop and Aussie Broadband had the largest increase amongst smaller providers with their market share increasing 0.3 percentage points.

          Other providers gained over 140,000 services in the September quarter, increasing their combined market share to 14.2 per cent, up from 12.6 per cent in the June quarter.

          Acurus joined the Superloop Group earlier this year, with the acquisition announced in June, gaining telecommunications white label capabilities and the Anex platform.

          Anex is a Whitelabel telecommunications platform allowing companies to broaden their service offering to include nbnTM and mobile plans.

          Anex is a platform that helps customers disrupt their own industries, and disrupt their own business, while creating new revenue streams, reducing churn, and improving end user experiences.

          Using the Anex platform, your company can join names such as Office Works  in offering mobile and nbnTM to your customers.

          Superloop CEO Paul Tyler speaking at an investor day event, that Superloop had ambitions to secure a four-to-five percent slice of the fixed market, and help power other challenger brands to similar growth.

          “The internet market in Australia is unnaturally structured,” Tyler said. “All the enablers are there to have a natural level of competition but that hasn’t happened as yet. 

          “We believe that’s going to happen in the fixed internet market as well – substantial growth in the challenger segment, to the point that it’s our belief that the natural level of challenger participation in this market will be in the order of 30 percent,” Tyler said.

          This is being proven in the latest report from ACCC show that the smaller providers increased their combined market share by 1.6 percentage points, which is about double the rate of the previous three quarters.

          Contact us today to discuss using Anex to start your journey adding telecommunication services to diversify your service offering and help retain customers.

          Contact



            15000 iiNet and Westnet business customers exposed in TPG hack

            15000 iiNet and Westnet business customers exposed in TPG hack

            TPG Telecom’s external cyber security adviser Mandiant has uncovered evidence of unauthorised access to a Hosted Exchange service that holds about 15,000 iiNet and Westnet email accounts for business customers.

            According to a statement to shareholders on the Australian Securities Exchange, TPG said primary analysis to date appears the aim of the threat actor was to search for customers’ cryptocurrency and financial information.

            “We apologise unreservedly to the affected iiNet and Westnet Hosted Exchange business customers,” TPG said.

            “We have implemented measures to stop the unauthorised access, further security measures have been put in place and we are in the process of contacting all affected customers on the Hosted Exchange service. We have notified the relevant government authorities,” TPG said.

            “The matter remains under investigation and we will be communicating with directly affected customers as more information becomes available.”

            Do you know the security score of your key service providers? How safe is the data your organisation collects from its customers?

            Acurus helps companies start to build Cyber Security resilience by aligning to the ACSC Essential 8 as a starting point. We then help companies build out sophisticated and mature IT security capabilities and standards. 

            Contact us below to speak with our cyber security experts and start the journey to protect your company today.

            Contact